OpRisk Awards 2016
The provision of governance, risk and compliance (GRC) technology to large companies has changed in many ways over the past decade, but one of the most challenging developments is that platforms are no longer used only by a small clique of trained risk experts.
The explosion in new regulation and risk requirements at all levels of the financial services industry means effective GRC platforms now need to be accessible to a much larger pool of users across business functions. This requires vendors to invest as much in user experience as in core functionality.
"Historically, in a typical client environment, a small number of risk managers would use the system daily, so some level of complexity was acceptable. But, in some companies, we now have more than 100,000 users that touch our systems, often only once a year or once a quarter, so they have to be hyper-intuitive," says Luc Brandts, Netherlands-based chief strategy officer at Nasdaq BWise.
Most firms don't want to reinvent the wheel altogether; they just want a best-practice solution that meets requirements and does not necessitate major spend
Luc Brandts, Nasdaq BWise
Co-founded by Brandts in 1994, BWise was acquired by New York-based exchange and technology firm Nasdaq in 2012 and has grown into a leading vendor in the GRC space. While just over 50% of its client base is in financial services, the business also serves a number of other sectors, including manufacturing, telecommunications, automotive, life sciences and technology.
The product set comprises standard GRC components – internal audit, risk management, compliance management, internal control, information security – and can be installed on-site or as a cloud-based platform. Having evolved from a niche European provider into a global player, BWise now delivers its technology in 12 languages, with 24/7 support on all continents.
Usability remains a top priority, and BWise has invested heavily in research and development in recent years. Recognising the pressure faced by many mid-tier firms in meeting regulatory requirements quickly, the business has developed ‘rapid deployment solutions' or RDS – a best-practice implementation model that allows users to be up and running on the platform in weeks rather than months.
"More than half of our implementations are now based on the RDS, because time to comply is often very limited. Most firms don't want to reinvent the wheel altogether; they just want a best-practice solution that meets requirements and does not necessitate major spend," Brandts explains.
If user experience has been one component of BWise's success in recent years, another has been integration. In many large organisations, GRC is arranged in siloes, with multiple functions operating in isolation and a failure to access or analyse data on an enterprise-wide basis. BWise has invested heavily in data management and, by using the same underlying platform to support multiple GRC functions, it encourages more effective data sharing.
"Integration has not historically been a particular strength of the GRC industry, but increased regulatory scrutiny means banks now need to be able to pull data instantly from all different angles. Data management and integration are central to our current strategy, and we have invested a lot lately in building one of the industry's best integration engines," he says.
The week on Risk.net, July 14–20, 2017Receive this by email