Governance, Risk, and Compliance (GRC): definition and tools

GRC, GRC governance, GRC domain or GRC activity: these are major concerns for any organization or company, and especially for banks. How do we define Governance Risk Compliance ? What regulations are relevant to the banking sector? What RegTech solutions can facilitate the process? This page of our glossary intends to answer these questions.

Governance Risk Compliance or GRC: definition

GRC is a concept that can be found in any organization, business or bank. The GRC domain encompasses activities or processes whose implementation enables performance objectives to be achieved, with controlled risk management (Controlled Risk Management, i.e. CRM) and respect for compliance.

Be careful not to confuse this definition of CRM in the context of Risk Management with the CRM (Customer Relationship Management) in the context of client servicing and solutions.

What is a CRM system for CRM strategy?

The complexity of risk and compliance requirements in organizations is driving the need for structured GRC. All data and information relating to a governance, risk and compliance strategy go into a GRC system. Such a system concentrates and streamlines processes. Its functionalities include :

  • governance of the structure ;
  • general strategy and global performance management;
  • regulatory compliance management ;
  • maintenance of internal procedures and policies;
  • risk management.

What is circular 2017/1 Corporate governance – banks?

This circular explains FINMA’s requirements in terms of corporate governance, risk management, internal control systems and internal auditing for banks. It provides definitions of these various concepts.

This text sets out the organizational and governance requirements for :

  • the Board responsible for senior management ;
  • bank management;
  • risk policy, risk management and risk tolerance (development, adoption and documentation) ;
  • the internal control system ;
  • the bank’s internal audit process.

This circular takes account of the principle of proportionality, and therefore applies to all institutions in accordance with mn 1. It therefore applies to all institutions in accordance with mn. 1. As is the case for the small bank regime, FINMA proposes relief for smaller institutions. It may also request stricter requirements in certain cases.

What is a GRC consultant?

The term GRC is also used in the consulting professions, either within an organization or as a service provider. The Governance, Risk and Compliance professional, for example, works to improve the security of IT systems and reduce cybersecurity risks. Such a consultant helps design and implement internal procedures, practices and policies. The aim is to increase regulatory compliance, reduce risks and optimize overall performance and efficiency.

What is a CRM solution for an organization?

Solutions, tools or applications to optimize the Governance Risk Compliance process include, for example :

  • risk identification and management ;
  • information security management systems ;
  • business process modeling ;
  • monitoring and improving the structure’s internal controls;
  • processes to ensure business continuity ;
  • managing third-party risks and threats.

Why is e-Reg a useful GRC solution for Swiss banks?

Given the definition of the governance, risk and compliance process, it is naturally of interest to some RegTech players. At easyReg, we’re dedicated to optimizing and simplifying banking regulation. e-Reg, our RegTech platform, is a GRC solution to the regulatory challenges faced by financial services players.

e-Reg helps banking institutions and consulting firms achieve optimal compliance with FINMA and international prudential requirements. Our RegTech solution facilitates the management of regulatory change. It makes regulatory monitoring more effective, with greater anticipation and better integration into the strategy of governance bodies.

👉To discover other definitions around RegTech, we suggest you return to the table of contents of our glossary.

👉If you’d like to find out more about easyReg, take a look at our RegTech solution.