GRC Report

Most boards are still flying blind on what actually matters. As Tim Leech argues, governance hasn’t failed for lack of effort; it’s failed because risk reporting is still disconnected from mission-critical objectives. The result is a familiar stack of heat maps and audit findings that look polished but don’t answer the one question directors need to hear: are our most important objectives at risk? This article explores how AI could finally change that, linking risk and performance to objectives in real time and pushing governance toward something far more uncomfortable, and far more useful: decisions. Read More: https://lnkd.in/e4_beHeK #GRC #RiskManagement #AI #CorporateGovernance #ERM #InternalAudit #Boardroom #RiskAndResilience

🌍 My favorite risk conference on the planet is Risk-in conference in Zurich. I was honored to be a keynote at Risk-in conference last year, and I thoroughly enjoyed every moment of it. The depth and breadth of speakers, the quality of conversations, and the global community of risk thought leaders make this event truly stand apart. It is, without question, my favorite risk event. 🎙️ Last year at Risk-!n, I recorded several episodes of the Risk Is Our Business Podcast with risk leaders from around the world. This year, I am excited to return with an even fuller agenda. This year I am . . . 🔹 I will be co-presenting with Stefan Gershater on the Value of Risk Management 🔹 I will be hosting a panel on AI in Compliance: From Experimentation to Defensible Practice Cecilia Garcia Podoley NAVEX 🔹 I will be recording several episodes of both the Risk Is Our Business Podcast and the Hitchhiker's Guide to the GRC Technology Galaxy Podcast Risk-in conference shines because of its content, its intellectual depth, and the extraordinary breadth of risk management perspectives it brings together. It is not just another conference. It is a gathering of serious risk thinkers, practitioners, and innovators from around the world. I hope to see many of you in Zurich. I do have a few passes available, as well as a discount code for registration, so reach out if you are interested. https://www.risk-in.com/ After Risk-in conference, my next favorite risk conference is Corporate Risk Minds in Berlin, which I will be attending in June. For exhibition show floors, #RISK by GRC World Forums Ltd remains my favorite. And the GPRC Summit 2026 in the Middle East and Africa are also outstanding. But for depth of content and breadth of thought leadership, Risk-in conference continues to shine. See you in Zurich! ____________ 🪐 GRC 20/20 Research maps the expanding GRC galaxy — tracking 1,500+ solutions and the professional services around them — helping organizations find the right-fit GRC technologies and strategies. 📡 Follow GRC Report for global news and expert insights on governance, risk management, and compliance. 🎙️ Listen to the Risk Is Our Business Podcast and Hitchhiker's Guide to the GRC Technology Galaxy Podcast #RiskManagement #GRC #Compliance #OperationalRisk #EnterpriseRiskManagement #AIinCompliance #RiskIn #Zurich #RiskIsOurBusiness #GRCGalaxy

Yesterday marked ten years since the adoption of the General Data Protection Regulation, a regulation that quietly reshaped the balance of power in the digital economy. What started as Europe’s effort to bring order to fragmented privacy rules has become the global reference point for how organizations think about data, accountability, and trust. A decade on, GDPR is no longer just a compliance exercise, it’s part of the operating fabric of the internet itself, sitting alongside the Digital Services Act, Digital Markets Act, and AI Act as Europe builds out a broader system for governing the digital world. Read More: https://lnkd.in/eY4xQkuW #GDPR #DataProtection #Privacy #CyberSecurity #AI #DigitalRegulation #Compliance #RiskManagement #GRC

🌍 APRIL GRC INSIGHTS — CURATED THOUGHT LEADERSHIP FROM AROUND THE WORLD GRC Insights brings together the voices shaping the most important conversations in governance, risk management, and compliance. This month’s edition delivers thoughtful analysis on digital twins, third-party risk, quantum threats, AI governance, and how professionals are actually putting AI to work in practice. The full article is linked below. 👇👇👇 Digital Twins in Risk Management: Building the Intelligent Mirror of the Enterprise — Renee Murphy explores how digital twins can give organizations a more intelligent and dynamic reflection of enterprise reality, moving risk management beyond static and retrospective models. From Business Case to Business Change: Making TPRM Value Stick — Michael Rasmussen reflects on why organizations are not struggling to understand the argument for supplier risk management, but are struggling to translate it into lasting business change and measurable value. Do Not Wait for Q-Day: Why the Quantum Threat Is Already Here — Norman J Levine explains why the risks posed by quantum computing are not a distant issue, but a present challenge that requires action now. AI Authorization Is Not AI Accountability — Majid M. examines the gap between formally approving AI governance structures and actually ensuring accountability, oversight, and responsible operational practice. Five Ways GRC Professionals Are Actually Using AI & the One Place I Will Not Put It — Norman J Levine looks at how AI is being used in real GRC work today, while also drawing an important line around where it should not be trusted. 🇨🇭 JOIN US AT Risk-in conference 2026 & Swiss GRC DAY 2026 Two standout events in Switzerland are bringing risk, compliance, and resilience into sharper focus this year. 🎟️ Members of the GRC Report community receive a 20% discount on Risk-!n 2026 badge prices with promotion code: RISKIN26GRC20 🎙️ NEW EPISODES ACROSS THE GRC GALAXY Fresh episodes are now live on the Risk Is Our Business Podcast and the Hitchhiker's Guide to the GRC Technology Galaxy Podcast to the GRC Technology Galaxy Podcast. 👇👇👇 The full GRC Insights article is linked below 👇👇👇 _______________ 🪐 GRC 20/20 Research maps and monitors the ever-expanding GRC galaxy — now tracking 1,500+ solutions and the professional services orbiting them — reach out to GRC 20/20 Research for insight into GRC-related solutions & professional services that best fit your organization's needs 📡 Follow GRC Report for news and expert insights on governance, risk management and compliance around the world 🎙️ Tune into the podcasts → Risk Is Our Business Podcast & Hitchhiker's Guide to the GRC Technology Galaxy Podcast

In this episode of the Risk Is Our Business Podcast, Captain Michael Rasmussen sits down with Michael Erlandsson Jensen at April Coffee Roasters in Copenhagen, a busy café whose ambient hum feels oddly right for a conversation grounded in real-world experience. Michael opens by tracing his path through global risk management, and from there the two find their way into something that doesn't get discussed enough: how differently risk culture actually plays out depending on where you are in the world. The Danish and broader European approach tends to weave risk into everyday business dialogue—collaborative, embedded, almost organic. That's a sharp contrast to the more compliance-first environments Michael has worked in across parts of the Middle East and the U.S., where risk can feel like something done to the business rather than with it. That tension shapes the heart of the conversation. For Michael, good risk management isn't about control or enforcement, it's about facilitation. Helping the business understand its own risks, take ownership of them, and actually talk about them. Bad risk management, by contrast, is disconnected from decisions that matter, buried in process, and more interested in checking boxes than in being useful. They also dig into risk appetite a concept that's often treated as a document to file away and forget. Michael pushes back on that, reframing it as something that should reflect how an organization actually behaves, not just what it says on paper. The real work, he argues, is closing the gap between strategy, risk, and what happens on the ground day to day. It's a grounded, cross-cultural take on GRC and a reminder that the real work of risk doesn't live in frameworks. It lives in conversations.

EU financial supervisors are shifting from planning to execution as cyber risk, digitalization, and geopolitical pressures reshape the risk landscape. A new report highlights how frameworks like DORA are now being operationalized, with oversight of critical third-party providers and new coordination tools to manage systemic cyber threats. At the same time, growing interconnections across crypto, non-bank finance, and global markets are increasing complexity, while sustainable finance and consumer protection efforts continue to evolve, albeit unevenly. Read More: https://lnkd.in/gEiCw6ps #GRC #RiskManagement #CyberResilience #DORA #FinancialRegulation #ThirdPartyRisk #OperationalResilience #ESG #DigitalRisk #FinTech #Compliance #CyberSecurity

🌍 THIS WEEK IN GRC NEWS — FROM AROUND THE WORLD . . . From civil rights enforcement in federal contracting and expanded AML expectations in the UAE to Europe’s emerging AML architecture, operational resilience in New Zealand, AI-driven market complexity, and privacy guidance for everyday AI use, the global GRC landscape continues to evolve rapidly . . . Stay informed with This Week in Governance, Risk Management & Compliance Newsfrom your trusted source GRC Report. This week’s edition is sponsored by Optro. 👇👇👇 The full news edition is linked below 👇👇👇 COMPLIANCE & ETHICS 🇺🇸 IBM reached a $17 million settlement in the first major test of the U.S. Department of Justice’s Civil Rights Fraud Initiative, putting fresh attention on anti-discrimination obligations tied to federal contracts. RISK & RESILIENCE 🇦🇪 The Central Bank of The UAE raised the bar on financial crime controls with expanded AML guidance aimed at strengthening how financial institutions detect and respond to illicit activity. 🇪🇺 Europe’s new anti-money laundering authority, AMLA, is moving to standardize AML risk assessments across the non-financial sector and is inviting early industry input as the framework takes shape. 🇳🇿 New Zealand regulators are turning to industry input to better understand operational resilience across financial sectors and how firms can maintain continuity through disruption. 🇳🇱 The Dutch Authority for the Financial Markets urged strong human oversight as AI drives faster and more complex market behavior, warning that innovation must remain balanced with integrity. IT SECURITY & PRIVACY 🇧🇪 Belgium's Data Protection Authority launched a new AI and privacy series focused on everyday users, reflecting a more practical and public-facing approach to digital regulation. MANAGEMENT DISCUSSIONS by Optro 📘 The AI Oversight Gap examines a stark reality: AI is already embedded across most organizations, but the governance infrastructure to oversee it is not. Drawing on research from more than 800 GRC, audit, and IT leaders, the report shows where governance is breaking down and what organizations need to do to close the gap. 👇👇👇 The full news edition is linked below 👇👇👇 💬 Have a question? Ask GRC 20/20 Research how these developments impact your organization. ________________ 🪐 GRC 20/20 Research maps and monitors the ever-expanding GRC galaxy — now tracking 1,500+ solutions and the professional services orbiting them — reach out to GRC 20/20 Research for insight into GRC-related solutions & professional services that best fit your organization's needs 📡 Follow GRC Report for news and expert insights on governance, risk management and compliance around the world 🎙️ Tune into the podcasts → Risk Is Our Business Podcast & Hitchhiker's Guide to the GRC Technology Galaxy Podcast

Are your teams already using AI in their GRC workflows, potentially without leadership even knowing? Norman J Levine breaks down five ways risk and compliance professionals are actually using AI today, from framework mapping to vendor questionnaire analysis, plus the one place he firmly draws the line. A must-read for anyone navigating the future of GRC. Read More: https://lnkd.in/evJkcCWs #GRC #CyberRisk #Compliance #RiskManagement #AI #ArtificialIntelligence #ThirdPartyRisk #InfoSec #AIGovernance #ResponsibleAI

The UK is taking a scalpel to one of its most consequential accountability regimes. Regulators are moving to streamline the Senior Managers and Certification Regime, cutting duplication, easing certification requirements, and narrowing the most intensive oversight to larger firms. For compliance teams, that means fewer procedural headaches and more focus on what actually matters. But the core principle hasn’t shifted. Accountability still sits squarely with senior leaders. With further reforms on the table, this looks less like a rollback and more like a recalibration of how accountability is delivered in practice. Read More: https://lnkd.in/eixxtZiK #GRC #Compliance #Risk #FinancialServices #SMCR #UKRegulation #Governance #Accountability #RiskManagement #RegulatoryChange

U.S. banking regulators are recalibrating model risk management with a shift toward a more flexible, risk-based framework that better reflects how banks actually use models today, emphasizing tailored oversight, stronger governance, and continuous monitoring across the full lifecycle while stepping away from rigid, prescriptive expectations and formally retiring long-standing guidance. At the same time, the agencies are signaling that this is not the final chapter, with emerging risks tied to generative and agentic AI left for future guidance as the regulatory approach continues to evolve. Read More: https://lnkd.in/eT4BEayy #RiskManagement #ModelRisk #BankingRegulation #GRC #Compliance #ThirdPartyRisk #FinancialServices #RiskAndResilience