This is the final episode of a five-part podcast series with Tom Fox and the FCPA Compliance Report, highlighting Jeremy Kroll on governance, risk, and compliance (GRC). The series will consider the current GRC landscape, examine at GRC at work, discuss GRC and the investment community, review GRC and K2 Intelligence FIN, and conclude with a look at GRC then and now. 


One of the key mainstays of GRC is something that many compliance professionals are only now coming to realize: proactive compliance is more effective than reactive compliance. With the addition of technology, it is possible to do things not only more quickly and more efficiently, but also in a much more cost-effective manner. In the current landscape, the velocity of available data and the increasingly important role of technology, combined with a multidisciplined approach within organizations to creating governance frameworks and risk management techniques and abilities, makes compliance programs that much more essential.

Yet, in the midst of the coronavirus pandemic, there has been an explosion of third-party risks, many of which have accelerated exponentially. Organizations that have a framework in place to assess, evaluate, and manage these third-party risks will be ahead of the game and—more important—ahead of their competitors. GRC is a business differentiator as it allows compliance to be seen as profit centers rather than simply cost centers of a corporation. 

For example, lawyers, accountants, and members of law enforcement are no longer simply relegated to the cost-center category; they have this opportunity to become a critical component of the business ecosystem. With technology changing at lightning speed, neither companies nor employees can afford to stand still. But just as new risks are evolving and new challenges emerging, there are also new opportunities developing to find solutions to critical problems that were previously unsolvable.

Looking into the future, we begin with the precept that the challenges the public and private sector are facing are largely intertwined. There is a clear need for today’s leaders to have a 360-degree view of their organization’s risk profile. This view is not always linear and certainly is not simply looking at a snapshot in time, but rather involves keeping pace with the ever-shifting needs of the marketplace. Moving ahead, it is going to be increasingly important to leverage different skillsets, embrace innovative—but reliable—technology to help sift through increasingly large data sets, and keep an ear to the ground on key issues that could affect businesses at large.

Moving forward, it will be those risk management professionals who live and breathe the mission every day—compliance and ethics as well as GRC professionals—who will be the ones first identifying the risks and the risk management strategy. This will help organizations to flatten the risk curve, particularly the risk to reputation or to the business as a whole.

GRC—including the outsourcing of compliance, which encompasses training and education—is going to be one of the most exciting areas of growth. For professionals looking to reskill, GRC can be the next step at any part of an individual’s career, as the industry is evolving in real time. 

To listen to the series from the beginning, please click here