May 22, 2018

Thomson Reuters Report Reveals Risk & Compliance Staff Expect to See Significant Benefits from Artificial Intelligence (AI) and Distributed Ledger Technologies

Report on ‘Achieving Integrated GRC in an Interconnected Digital Age’ highlights challenges and opportunities faced by compliance officers

  • Big data, AI, machine learning, distributed ledger technology – blockchain – expected to bring measurable increases in efficiency
  • Many compliance officers face adaptation challenges in moving toward the future
  • Risk operations hampered by inflexible technology, struggle to develop agile capabilities

NEW YORK/LONDON Building on its commitment to help connect and empower the global financial and corporate communities by providing actionable insights and proprietary solutions that add greater value, Thomson Reuters recently commissioned Celent to conduct independent market research on integrated Governance, Risk and Compliance (GRC). The findings have been published in the report titled, “Achieving Integrated GRC in an Interconnected Digital Age.”

According to the report, key factors impacting risk and compliance executives include the need and expectation of real benefits from digital technologies, such as big data, artificial intelligence (AI) and machine learning, as well as distributed ledger technology (blockchain) to bring measurable increases in efficiency to risk management operations. At the same time, many firms are facing challenges in moving toward the future.  At a fundamental level, the report indicates that risk operations are having difficulty developing agile capabilities and continue to be hampered by inflexible technology.

Thomson Reuters commissioned the independent survey to better understand the impact of these challenges and opportunities, as risk and compliance executives increasingly face intense, enterprise-wide regulatory scrutiny around strong governance and sound internal controls. Celent undertook in-depth interviews with approximately 30 Tier 1 financial institutions across North America, Western Europe and parts of developed Asia. Most of these were structurally significant financial institutions with assets exceeding US $100 billion. Key findings of the survey include a strategic wish-list of requirements for a fit-for-purpose, integrated risk ecosystem. These requirements fall into five key areas:

  • Information & data congruence: Applications employed to capture and report information for various risk assessments and controls management activities, such as risk control self-assessments (RCSAs), key risk indicators (KRIs), risk appetite parameters and loss events. These should be connected, aligned and congruent with a firm’s taxonomy and framework
  • Adaptability: Flexible, business-user centric capabilities to respond to evolving requirements, without the need for protracted cycles of IT development, coding and testing
  • Rich visualization, usability and collaboration: Next-generation platforms should possess the ability to quickly analyse, chart and exchange operational and risk-related insights based on modern and intuitive user interfaces
  • Dynamic, event-centric and timely: Ability to support multiple modes of operation, including triggering by events and operating in near-real time to monitor and report on the state of affairs in a firm’s risk profile in a dynamic manner.
  • Open and seamless co-existence: Platform should be open and extensible enough to connect and co-exist with other non-risk IT applications (HR, sales, security) using modular, flexible interfacing mechanisms.

“There is no denying that risk and compliances professionals are calling for a personalized, integrated risk ecosystem.  Our research found that there remain many gaps in risk visibility as organizations rely on fragmented data, processes, and tools to inform risk decision making. Without effective risk management in place, it is challenging to effectively contrast risk with reward across divisions within a global organization,” said Gareth Evans, managing director, Enterprise Risk Management at Thomson Reuters. “The industry challenge and opportunity is to help ensure that risk and compliance professionals are better equipped with advanced technology to support an integrated solution designed to bring measurable increases in efficiency to risk management operations.”

“As regulatory scrutiny and cost pressures intensify, risk and compliance professionals will need to adapt quickly to advanced technology that could adversely impact their overall business models,” said Cubillas Ding, Research Director at Celent. “A next-generation risk infrastructure should therefore be modular and agile, where data and information are congruent across different risk activities with strong reporting capabilities.”        

Data in the Thomson Reuters 2018 report on “Achieving Integrated GRC in an Interconnected Digital Age” is based on a survey whereby Celent undertook in-depth interviews with leading financial institutions globally to better understand the challenges facing risk and compliance executives, as well as the technology improvements that are needed to support an integrated GRC paradigm to overcome these issues. Most of the institutions surveyed were structurally significant financial institutions with assets of more than US $100 billion. The report was commissioned by Thomson Reuters; however, the analysis and conclusions are Celent’s alone, and Thomson Reuters had no editorial control over report contents.

Thomson Reuters Risk Management is designed to provide a holistic approach to risk management, helping enable teams to track various forms of risk across their organization, using a single solution that assists in fostering better-informed decision making and optimizing risk management. The Risk Management solution is intended to work around individual organizational needs and be highly configurable, molding itself to meet specific requirements. A flexible assessment engine uses dynamic building blocks that take into account the unique methodology of each individual customer and powerful data mapping capabilities to draw on many sources of data when completing the assessment. A full history of a customer’s risk profile is tracked and is reportable through an integrated reporting engine. 

Thomson Reuters formally launched the Connected Risk platform in Q1 2017. Connected Risk is designed to allow customers and partners to leverage exiting and workable technology or to tailor an array of solutions to meet both the varied needs of the risk community. Deployment can be accelerated through use of configurable out-of-the-box solutions that Thomson Reuters has developed using input from customers and advisory firms for the most popular risk use cases. Solutions released recently include Model Risk Management, which helps institutions to demonstrate a real-time understanding of their model risk landscape, and Audit Management, which enables firms to better assess risks and increase the efficiency of the auditing process. Other solutions include 2017 SIIA CODiE Award-winning Regulatory Change Management (RCM), also nominated as a 2018 SIIA CODIE AWARD finalist, which informs and manages regulatory change processes and is integrated with our Regulatory Intelligence feed. Connected Risk is also the winner of the 2018 RegTech Award for Best Solution for Managing Operational Risk, and is nominated a 2018 SIIA CODIE AWARD finalist.  

Thomson Reuters

Thomson Reuters is the world’s leading source of news and information for professional markets. Our customers rely on us to deliver the intelligence, technology and expertise they need to find trusted answers. The business has operated in more than 100 countries for more than 100 years. Thomson Reuters shares are listed on the Toronto and New York Stock Exchanges. For more information, visit