The ORR 20: Compliance software rankings 2011

Download a pdf showing the compliance software tables

The popularity of governance, risk and compliance (GRC) frameworks dropped off slightly during the downturn, while banks shored up their defences and cut budgets to stay afloat. But the concept is once again gaining favour as financial institutions recognise the benefits of having a holistic view of the risks in their organisations.

GRC involves converging all a firm’s information into a ­­single repository that enables ease of access and provides a more unified approach to the risks it is facing. Integrating the separate risk management departments with the compliance department to better govern a financial institution is a tactic that could have helped to avert the financial crisis or, at the very least, enable banks to see what was coming and to better prepare.

This year, in Operational Risk & Regulation’s survey of the compliance software market, respondents were asked to comment specifically on GRC. Some 38% of these confirmed they were already operating on a GRC platform, 7% were in the process of implementing one, and 5% said they were intending to buy a GRC platform in the next 12 months. Even though half of respondents said they would not consider buying a GRC platform at all, this was a strong show of support for a concept that one observer had previously described as “just a way for vendors to sell more software”.

It is not just small firms that are implementing a GRC system. BlackRock, which was profiled in the April issue of this magazine, runs a GRC system from Archer, while Sun Trust has chosen to obtain a system from MetricStream. These are big names and big firms with experts that are fully aware of how much work it takes to implement GRC.

“GRC has reached a point where financial services institutions are increasingly looking at a unified platform – that goes beyond regulatory compliance – to build strong linkages into performance, risk management and capital soundness as a whole for the organisation,” says Senthil Kumar, vice-president of Oracle Financial Services Global Business Unit, which came first in the GRC category and first in the overall compliance software rankings. “There is a discrete change in the buying behaviour we are seeing with our customers. Financial institutions are increasingly looking for differentiated offerings that help them gain a competitive advantage in the market as well as build confidence in their safety and soundness with stakeholders. They are also operating in an environment of increased regulatory scrutiny. Specific drivers for this change in behaviour include the need for risk and finance alignment and the delivery of risk-adjusted information that is pervasive, available on demand and aggregated across the business.”

However, breaking the traditionally siloed nature of a financial institution is difficult. A siloed organisation has individual banks of data that often have different taxonomies and categories, making any combined analysis extremely tricky, if not impossible. It would be an invaluable source to have a platform for all of those different information technology and data systems to plug into, and be accessible in the same format.