Enterprise Operational Risk, Compliance, and Governance Solutions: Towards a Convergence End Game

GRC, ERM, and ORM are overused terms, often confusing bywords which, although important, are muddy as far as what vendor solutions can provide. Celent urges financial institutions to “know thyself” in selecting external solutions.

The market environment, which has given rise to increased governmental, regulatory, and investor activism, continues to exert pressure on financial institutions to exhibit sound governance, operational risk, and compliance practices. In response, coordinated enterprisewide approaches to enterprise risk management / operational risk management (ERM/ORM) will help companies reduce their risk exposure, while the availability of mature and flexible next-generation third party vendor solutions are enabling firms to replace or consolidate in-house tools. While supporting technologies are but one ingredient for success, they remain an important enabler for companies looking to achieve firmwide consistency and move towards convergence of risk practices.

However, at this point in the evolution of the market, vendors and their solutions are still evolving and not uniform in terms of what they cover. The market is still far from a complete, end-to-end governance, operational risk and compliance (GORC) solution.

"Despite the trend towards convergence, there is still a fair degree of diversity in the vendor marketplace," says Cubillas Ding, Celent senior analyst and author of the report. "Not every solution that professes GRC, ERM, and ORM will have a strong fit to what a particular financial services firm looks for,” he continues. “Firms must first articulate a vision for operational risk, compliance, and governance. Only then can they establish clear boundaries and get specific about functional capabilities associated with GORC investments to facilitate upstream/downstream integration with other core processing systems, as well as prioritize what is core and noncore from a cost/benefit perspective."

As part of this research, Celent analyzes 12 vendors and their governance, operational risk, and compliance (GORC) solutions using its ABCD analysis framework to present a comparative view of the vendor marketplace that visually represents four elements: Advanced technology, Breadth of functionality, Customer base, and Depth of client services. Vendors included in this report are: Algorithmics, Avanon (previously RCS), CCH SWORD, Cura, Interexa, Keane Business Risk Management Solutions (BRMS), List Group, Methodware, Oracle Reveleus, OpenPages, Paisley (now part of Thomson Reuters), and SAS Institute.

"In many ways, GORC applications should constitute and be positioned as a dynamic ecosystem that taps into the pulse of what is happening in the organization," Ding says. "Over time, the value of this ecosystem increases as it is embedded and used in day-to-day decision-making, especially when it delivers intelligence about risks nearer to real time. This is not necessarily the case now for most organizations, but pressures to achieve a 'live' view of operating risks are increasing."

This report is the second of a series that provides up-to-date and detailed research and analysis into operational risk and governance practices, emerging supply and demand dynamics in the solution marketplace, and the implications for vendors and firms, especially from a technology and data perspective.