(Part 1): Navigating the Governance, Risk and Compliance (GRC) Landscape

Insights Home

Joshua Wick

Global Head, Risk & Compliance

Wick’s leadership was pivotal during his tenure as the head of global risk and compliance at HCL. His strategic management and guidance successfully transformed teams, enabling efficient and compliant lending operations across various banking products. Under his leadership, the team at HCL achieved a 40% increase in efficiency and a 20% reduction in compliance-related issues.

Previously, as an Industry Subject Matter Expert at PwC Risk and Assurance Financial Services, Wick offered executive consulting services to the bank, with a specific focus on implementing the company’s enterprise risk management framework. He successfully led the implementation of a new risk management framework, resulting in a 30% reduction in operational risk. His comprehensive approach raised the bar for risk management in the industry and instilled confidence in his clients.

Before joining Hitachi Digital Services, Wick held senior positions at large-scale financial institutions shaping his notable career trajectory.

Read Bio +

June 4, 2024

Governance, Risk and Compliance is a complex and evolving landscape for U.S. financial institutions. Nobody can argue the reasons for needing strong Governance, Risk and Compliance (GRC) mandates; financial institutions need to invest in robust GRC programs to mitigate risks, protect their reputations, and avoid costly penalties. In this perspective, the first in a series of three, we’ll discuss how the GRC landscape is fast changing by adopting the use of several new technologies that are now increasingly within reach.

Non-compliance can be costly: regulators are actively enforcing rules and U.S. financial institutions have faced significant fines and regulatory actions due to GRC failures, as the examples below illustrate.

Penalties for Non-Compliance:

Anti-Money Laundering (AML) and Know Your Customer (KYC) Deficiencies: A leading Tier 1 bank was fined $97.8 million in 2023 by the U.S. Federal Reserve and the Office of Foreign Assets Control (OFAC) for AML violations.
Consumer Protection Violations: A Tier 1 bank received a record $3.7 billion fine in 2022 from the Consumer Financial Protection Bureau (CFPB) for illegal activity across several product lines.
Market Manipulation and Fraud: Another Tier 1 bank was fined $920 million in 2020 for manipulating precious metals and treasury markets.

Problems with noncompliance don’t stop at fines, either. Additional GRC management challenges include:

Regulatory Overload: The sheer volume of regulations from multiple jurisdictions is overwhelming. Staying up with the changes and ensuring compliance is a constant challenge.
Operational risk: Failures in internal controls and processes, leading to financial losses or regulatory violations.
Cybersecurity: The vast attack surface caused by modern technologies poses new threats, chances for fraud, and human errors, all of which pose significant risks to financial institutions’ operations and reputations.
Third-party risk: Inadequate oversight of vendors and partners, exposing institutions to compliance risks.
Environmental, Social, and Governance (ESG) factors: Increasing scrutiny on environmental impact, social responsibility, and corporate governance practices.

The of non-compliance for financial institutions is estimated to be 2.71 times higher than the cost of compliance, according to the Ponemon Institute. And according to PwC, 60% of financial institutions report that they have experienced a cyber-attack in the past year.

Technology helps:

The Banking, Financial Services and Insurance (BFS) industry has been quick to adopt evolving technologies that eases the pain. A new generation of technologies, processes and best practices are here to lighten the load, such as with artificial intelligence (AI) and cyber resilience. For example, AI can automate repetitive tasks, freeing your team to focus on strategic initiatives and proactive risk management. Cyber resiliency best practices that include threat modeling, penetration testing, and incident response planning help ensure management stay in constant control of their security strategies.

Using technologies like AI in GRC helps in other ways, too, such as:

             Task Efficiencies: Compliance tasks can be incredibly time-consuming. AI automates repetitive processes like data collection, reporting, and even basic control assessments. This frees your team to concentrate on strategic initiatives and proactive risk management. Further, the prevalence and ease of adopting IoT helps integrate, contextualize and analyze data from multiple sources and formats, leading to automated analyses of vast and continuously available data in near real time.
             Data-Driven Decisions: Regulations are often complex and subjective and, hence, open to interpretation. AI can analyze your specific data to pinpoint areas where compliance might be unclear. AI can help provide immutable records and reliable proof points, empowering you to make informed choices with confidence and avoid unnecessary risks.
             Continuous Learning: The regulatory environment is constantly changing. But with AI, your GRC system becomes a self-learning entity. It can continuously monitor and automatically analyze new regulations and update your compliance framework, ensuring you’re always one step ahead.

The results speak for themselves. JPMorgan Chase uses AI to monitor regulatory changes across 120,000 websites, significantly reducing the time spent on manual reviews. Similarly, Bank of America has implemented AI-powered chatbots to manage customer queries related to regulatory compliance, freeing up human resources for more complex tasks.

Hitachi Digital Services’ GRC Practice:

With such high stakes, it’s important to partner with someone that has the experience, depth, and expertise to help you navigate the waves. The right partner should be able to help you:

Streamline compliance: Automate regulatory change tracking, policy management, and compliance reporting to reduce manual effort and ensure adherence to regulations.
Identify and mitigate risks: Proactively identify, assess, and manage risks across the enterprise to protect assets, reputation, and customer trust.
Enhance decision-making: Gain real-time insights into GRC data to make informed decisions and optimize business performance.
Strengthen cybersecurity: Implement robust security measures to protect sensitive financial data and mitigate cyber threats.
Improve operational efficiency: Automate GRC processes to reduce costs, improve efficiency, and free up resources to focus on core business activities.

At Hitachi, we have a long history of helping customers worldwide navigate the GRC landscape. In one example, a large U.S. bank implemented our GRC platform to automate their Dodd-Frank compliance reporting, reducing manual effort by 50% and ensuring timely and accurate reporting to regulators. In another, a regional credit union used our platform to identify and mitigate a potential third-party risk, preventing a significant data breach and reputational damage.

Next Steps:

Hitachi Digital Services can help you transform your compliance strategy from a reactive struggle to a proactive journey of continuous improvement using advanced technologies, frameworks, and processes, including AI. In the second perspective in this series, we’ll dive in the details of how proven, industry-hardened AI/ML modeling and advanced analytics, digital modernization advisory and implementation services, IoT accelerators and solutions and edge-to-any-cloud data migration, modernization and management capabilities, helps in specific ways. Contact us to explore how we can help you on your journey to achieving your business priorities or visit this page to learn more, and stay tuned for part two of this three-part series, coming soon.

By Joshua Wick, Global Head of Risk and Compliance, Hitachi Digital Services

Connect with me on LinkedIn.