DEREK SMITH: Companies must adapt to governance changes


Derek Smith

This year, governance, risk and compliance (GRC) will continue to evolve rapidly, driven by technological advances, evolving regulatory environments and changing economic conditions. Gartner projects $205bn in end-user spending on risk management and cyber security in 2024, an increase of 14.3 percent from 2015. GRC programmes will become ever-more important as the regulatory landscape becomes more complex.

This article examines key trends in GRC for 2024, including technological integration, regulatory changes, risk management strategies and evolving compliance roles.

Technological integration in GRC

Machine learning and artificial intelligence (AI) are increasingly being used in compliance and risk management. As a result of these technologies, companies are able to process large amounts of data to assess risks better and comply with regulations. A number of AI algorithms can, for example, detect financial risks or compliance violations based on data trends and anomalies.

Moreover, the use of blockchain technology in GRC frameworks is also gaining traction. Because blockchain is transparent, immutable and decentralised, it enhances trust in record-keeping and transactional processes. Blockchain can provide a transparent and immutable record of product provenance and handling, which is particularly relevant to supply chain management.

Regulatory changes and compliance

Our regulatory landscape is expected to continue to change rapidly this year. Adapting to new regulations and standards requires agility on the part of companies. The European Union's (EU) General Data Protection Regulation (GDPR) has set a global trend in placing more emphasis on data protection and privacy laws. It is necessary to ensure the correct handling of personal data, so firms must implement robust data protection measures and maintain transparency with data subjects.

In addition, environmental, social and governance (ESG) criteria are becoming more important for compliance with regulatory requirements. For companies impacted by ESG requirements, reports must show financial performance and their impact on the environment and society. As a result of this shift, business practices are becoming more responsible and sustainable.

Risk management strategies

Risk management will continue to be a critical component of GRC in 2024. In contrast to the traditional reactive approach to risk management, there is a trend towards more proactive and predictive approaches. It is possible for companies to identify potential risks before they materialise, and implement strategies to mitigate them by leveraging data analytics and forecasting tools.

Data breaches, ransomware and phishing attacks remain top concerns in cyber security. In order to mitigate cyber risks, companies are investing in advanced cyber security measures, including end-point security, network security and employee training.

The evolving role of compliance

It is becoming increasingly important for compliance to play a strategic role in the business, rather than simply being a regulatory requirement. A key driver of business efficiency and value creation in 2024 will be compliance. It is essential for professionals in this area to understand the business in order to provide strategic advice on navigating regulatory environments and managing risks.

Compliance also requires a more collaborative approach. The responsibility for compliance has shifted from being solely the responsibility of the compliance department to one that is shared by all business units. Integrated business processes ensure that compliance considerations are incorporated into all decisions and processes.


Data protection, ESG criteria, proactive risk management and the strategic role of compliance are key trends shaping the future of GRC. Companies are in need of professionals who can adapt to changing environments, leverage technology advances and integrate compliance into their strategic decision-making systems. GRC is about building resilient, agile and ethically responsible companies in an increasingly complex and interconnected world.

NB: About Derek Smith Jr

Derek Smith Jr. has been a governance, risk and compliance professional for more than 20 years with a record of leadership, innovation and mentorship. He is the author of ‘The Compliance Blueprint’. Mr Smith is a certified anti-money laundering specialist (CAMS), and the assistant vice-president, compliance and money laundering reporting officer for CG Atlantic’s family of companies (a member of the Coralisle Group) for The Bahamas, St Vincent & The Grenadines, St Lucia and Curaçao.


Use the comment form below to begin a discussion about this content.

Sign in to comment