The beginning of a new decade inevitably prompts reflection on what has been and what is to come. KPMG Isle of Man’s “30 Voices on 2030” initiative sought perspectives from across the Island’s public and private sectors on how life may change over the next ten years. While participants address the implications for business more generally, which of the ideas have implications for Governance, Risk and Compliance (GRC)?

Several commentators anticipated that the rapid pace of change we have seen in recent years is likely to continue, if not intensify, over the coming decade. While GRC has a reputation for being a conservative discipline within many businesses, it’s clear that dynamism will be required if risk management frameworks and processes are to remain fit for purpose. Keeping abreast of change – both in leading practices within GRC and in the wider business environment in which an organisation operates – will be essential. Regulators and the public at large are demanding higher standards of governance and transparency from the firms they are involved with and this will require innovation to be achieved.

No future-looking article would be complete without considering the role technology will play, and many of our “Voices” picked up on the enormous potential of data to impact everything from customer experience to regulation. The ability to cost-effectively collect and analyse data in ever-greater volumes, in ever-more sophisticated ways and on a continuous basis presents a great opportunity for risk issues to be surfaced and remedied more quickly and efficiently than ever before.

The data opportunity comes with a clear need to be mindful of obligations around data security, personal data privacy and the appropriate use of AI in analysis. The ways in which organisations use data is becoming of greater concern to regulators, customers and other stakeholders following ongoing revelations regarding misuse. Recent calls from Google for regulation on the use of Artificial Intelligence algorithms are a signal that what may currently be a moral imperative will be backed by legal obligations in due course. Businesses that recognise this and proactively seek to put appropriate governance measures in place may well be the ones who become leaders in the future.

The increasing maturity and uptake of distributed ledger technologies – blockchain being the most widely known – will enable organisations to reengineer processes, eliminating or mitigating risks regarding the execution of transactions or compliance with regulatory requirements such that the focus of GRC work shifts towards auditing of the technology and its implementation rather than the transactions or human-led processes that would typically have been the focus in the past.

Technological progress in the automation of processes and analytical tasks also creates a clear need for GRC professionals to become more tech savvy. In the same way as assembly line jobs in manufacturing have been replaced by machine supervision jobs, GRC roles may increasingly involve the training, oversight and interpretation of outcomes from automated systems.

Another way in which the capabilities of existing GRC professionals may be augmented by technology is through the use of “As-a-Service” solutions, where innovative service providers are able to seamlessly deliver their expertise as an integral part of a business’ processes. This is already being seen in areas such as customer onboarding and third party risk management more broadly.

While the shape of Governance, Risk and Compliance will change in the coming decade, it’s importance to organisations will not diminish. The expectations of stakeholders and the public at large are at an all-time high and leaders that recognise this and seize opportunities for improvement will be putting their businesses in the best position to thrive, whatever the twenties have in store.

So are you an ostrich who is keeping their head in the sand, or a giraffe who is looking far into the future? KPMG can support you in taking GRC to the next level whether that be an independent view on your approach, leveraging our data-driven GRC solutions or looking for better ways to manage your Third Party Risk.