Banks Have Passed the ‘Test of Resilience’. But What’s Next in GRC for Banking and Financial Services in North America

3 min read


After the 2008 financial crisis, the COVID-19 pandemic emerged as the most recent ‘test of resilience’ for the banking and financial services (BFS) industry. Thanks to the stringent regulations, the nature of its business, and relevance in the economy, the industry at large has demonstrated resilience towards the many risks that emerged out of the pandemic. Whether it was implementing and supporting employees to work remotely or quickly scaling existing technology systems to serve customers bound by social distancing mandates—BFS companies with robust risk management practices were able to pass the test and bounce back.

Now, as we move forward, regulators and key industry players are shifting their focus on operational resilience in order to respond and not react during future crises. The Deloitte Centre for Financial Services Global Outlook Survey 2020, found that many banks are currently pursuing different initiatives to build efficiency. 47% of banks in North America have decided to implement technology as part of the different actions planned over the next 6-12 months.

BFS Companies in North America Face New GRC challenges

Since the COVID-19 outbreak, the sudden onset of remote and hybrid working models, accelerated digitization efforts, growing adoption of cloud computing, and increased dependence on third-party providers have initiated a new set of GRC challenges.

Key concerns that BFS companies in North America will need to prepare for include the:

  • Expanding cyber threat landscape, owing to large-scale migration to remote work, digital interconnectedness of BFS organizations, cloud concentration, and over-dependency on a single service provider for critical services.
  • Growing complexity of the extended ecosystem, due to the increased dependency on vendors such as payment gateways, core banking systems, trading applications, business consultants and contractors, service providers, and other vendors for day-to-day operations and services.
  • Increasing regulatory pressure, due to the need for BFS companies to comply with a growing number of regulations and standards including Basel III’s risk-weighted capital requirements, the Bank Secrecy Act, Dodd-Frank Act, Foreign Corrupt Practices Act (FCPA), as well as those mandated by the Federal Financial Institutions Examination Council (FFIEC), the Federal Reserve Board, the Securities and Exchange Commission (SEC)), and many others.
  • Emerging and constantly evolving risks, augmented by the fast-changing business landscape with geopolitical power shifts, growing instances of natural calamities, pandemic-driven global economic slowdown, and strategic risks brought on by growing digitization and disruption by FinTech startups.


Read More: What’s Next in GRC for Banking and Financial Services Industry in the Americas

Powering What’s Next in GRC—The Key to Strengthening Operational Resilience

As BFS industry leaders decide on key strategies to strengthen resilience, it is important to note that building resilience should go beyond the traditional approach to risk management. A new approach should include:

  • Accurate understanding of the overall risk profile and appetite through risk quantification
  • Adequate agility to quickly adapt to the evolving risk landscape
  • Amplified ability to minimize the impact of any risk event, recover quickly, and ensure continued business operations in the aftermath

Risk is inherent to any business and if organizations are looking to achieve resilience, they need to build a better response strategy by taking all aspects of GRC into consideration. Since the end goal of implementing a GRC program is to stay resilient when faced with any disruption or risk event, it is vital for BFS companies to be empowered by ‘what’s next’. For BFS companies looking to achieve operational resilience, they will need to consider integrated GRC programs, advanced technologies such as AI/ML, risk quantification & analytics, continuous monitoring, and more.

True to the popular saying, “with crisis comes opportunity”, is the post-pandemic era which offers the perfect opportunity for BFS companies to relook, realign, and reimagine their GRC frameworks for long-term resilience.

Download the eBook to read more about the GRC challenges faced by BFS companies in North America and how you can stay ahead by leveraging what’s next in GRC.

Request a demo to learn more about how the MetricStream Operational Risk Management software can enable you to streamline your operational risk management function—empowering your organization to make risk-intelligent, real-time business decisions while improving business performance and reducing losses.


Sumith Sagar Associate Director, Product Marketing

Sumith Sagar is a proven product marketing professional, specializing in software product positioning, product-led growth marketing, presales and sales enablement. With over 12 years of risk management solutioning experience ranging from Governance, Risk and Compliance (GRC), Commodity Trading & Risk Management (CTRM) and cybersecurity, she has been instrumental in driving BusinessGRC product marketing at MetricStream.