MetricStream announced a significant increase in the adoption of AI-powered Connected GRC strategies by its customers to meet evolving risk and regulatory resilience requirements. This trend is driven by the growing complexity of country-specific and global regulations, as well as the challenges and costs businesses face in maintaining siloed approaches to managing risk, audit, compliance, and business continuity.
Organizations around the world are contending with an escalating volume of new regulations, directives, and guidelines from authorities such as the US Securities and Exchange Commission (SEC), Federal Reserve Board, Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), Consumer Financial Protection Bureau (CFPB), European Union (EU), Prudential Regulatory Authority (UK), Financial Conduct Authority (UK), Australian Prudential Regulatory Authority, Monetary Authority of Singapore, and many more.
A significant focus of these new regulations is building operational resilience in the event of business disruption, such as a data breach or supply chain attack. For example, the EU Digital Operational Resilience Act (DORA) mandates that financial services firms implement comprehensive digital risk management, incident reporting, third-party risk management, information sharing, and digital operational resilience testing.
In the US, the Department of Justice (DOJ) outlines expectations for compliance programs that include risk assessment, policy and procedure management, training, incident reporting, third-party management, and due diligence in mergers and acquisitions (M&A). Additionally, the SEC’s cybersecurity regulations now require public companies to disclose cybersecurity incidents and articulate their cyber risk management strategies.
“Organizations today are grappling with an overwhelming number of regulatory requirements from various authorities, each with its own guidelines and rules, along with the need to prove to regulators that they have robust GRC programs to manage them,” said Manu Gopeendran, SVP of Marketing and Strategy at MetricStream. “Many businesses struggle to decide whether to prioritize certain regulations based on the cost of non-compliance or attempt to comply with all of them. Our customers are addressing these challenges by adopting a Connected GRC approach, powered by AI.”
“MetricStream has enabled organizations to see an integrated, connected view of GRC information, reporting, and processes with a single source of truth from a common information architecture. This improves the organization’s overall visibility into risks across the organization while also eliminating the overhead of managing manual processes as well as the cost of non-integrated siloed solutions” says Michael Rasmussen, the internationally recognized GRC Pundit, GRC 20/20, based on his interviews with MetricStream customers.
Organizations that have embraced Connected GRC and AI have reduced their GRC-related costs by more than 30%, resulting in millions of dollars in savings, resource optimization, and quicker strategic decision-making. By adopting a holistic approach, organizations are gaining real-time visibility into risks, compliance postures, and audit findings, enabling them to remain agile and resilient in an increasingly dynamic environment. Organizations can manage risk and resilience needs effectively and also embrace it as an opportunity, turning challenges into avenues for growth and long-term success.