GRC Trends in the UK Capital: Key Themes at the 2023 London GRC Summit

6 min read


On October 15 and 16, 2023, over 175+ governance, risk, and compliance leaders from over 20 countries gathered at the Royal Garden Hotel in London for the standout event of the season: The GRC Summit. Over the course of two days, MetricStream had the honor of hosting some of the foremost experts in the field of GRC, featuring more than 40+ speakers who generously shared their best practices, real-world case studies, and valuable insights on the key areas to focus and priorities for leaders. We also had the pleasure of networking with peers and celebrating the achievements of the 2023 GRC Journey Awards winners. 

I had the unique privilege of immersing myself in the insightful content and connecting with several inspiring leaders face-to-face. I'm excited to recap some of the most memorable moments and prevalent themes I encountered during the event. For those interested in viewing video highlights and accessing the presentations, I encourage you to explore the 2023 GRC Summit site.

Connecting the Dots: An Urgent GRC Imperative

A central theme was the pressing need to ‘connect the dots.’ Several significant events, including the recent airline disruptions, banking crises, climate issues, and breakdowns in state intelligence, demonstrate a common thread of multiple risks converging simultaneously. More important to note is that organizations have to deal with risks increasing in volume and velocity. This calls for risk, compliance, and governance leaders to not only ‘connect the dots’ but also address these risks with a connected GRC strategy. Critical to pursuing a connected strategy are simplicity, automation, and predictive capabilities, only possible by leveraging continuous control monitoring, cognitive capabilities including AI-centric workflows, and leveraging cloud technologies for faster, easier, and more secure GRC programs. 

Gaurav Kapoor, co-CEO and co-Founder, MetricStream, best summarized it when he said. “The 'Connected GRC’ strategy underpinned by a 'Cloud', 'Continuous,’ and 'Cognitive' approach is non-negotiable for organizations to navigate an incessantly changing threat, regulatory, and opportunity landscape.”

AI and Hyper-Automation: The New Hot Topic

A trending theme that emerged in nearly every conversation was the potential of artificial intelligence (AI) and automation to enhance efficiency in GRC. Almost all sessions discussed some element of AI – the possibilities to automate, predict, make recommendations, and remediate, as well as the potential risks and rewards. Top discussion points included:

  • Leveraging AI to comprehensively analyze, oversee, and extract valuable insights from the extensive volumes of GRC and control data 
  • Deploying AI to automate processes like control monitoring, third-party risk evaluation, and the creation of a common view of risks across the enterprise 
  • Leveraging AI to enhance data breach detection and, conversely, prepare for malicious actors who are currently exploiting AI technology 
  • GRC for AI: regulatory measures on the horizon for AI, how to ethically use AI, and how to mitigate the risks brought on by AI

The discussions around AI were exciting and spanned a diverse array of topics. Some quotes that stuck out on the topic were: 

”2023 began with grand plans of being the ‘year of efficiency.’ In all reality, it’s become the year of AI answering the question of how can we possibly do more with less? The next challenge we face, regardless of the industry, is how to leverage AI and how to control the risks associated with it,” said Prasad Sabbineni, co-CEO, MetricStream. 

“The problem with AI is it is a very credible liar,” cautioned Toby Billington, Managing Director - ICG Business Risk and Controls leadership team, Citi, as he spoke about the complexities of AI. 

“We believe in the need to incorporate AI but need to assess what types will help us,” said Azizi Bin Md Ali, Chief Compliance Officer, Petroliam Nasional Berhad (PETRONAS), as he spoke about the importance of AI and automation in managing risk. 

Risk Management: Lead with Resilience

Several discussions centered around the importance of resilience in risk management as a crucial strategic priority to ensure business continuity. As a proactive approach, operational resilience is an upgrade that moves operational risk management from passive to active. Furthermore, as interconnected risks due to climate change, cyber breaches, and economic instability continue to dominate the risk landscape, leading with resilience is what will help organizations bounce back quickly if/when impacted. 

Jacqui McDonald, CIO Group Finance, RFT Technology, Barclays, underscored the criticality when she said, “It is critical to ask yourself the question- Do you have enough resiliency in your organization to recover?” Chandrra Sekhaar, Chief Audit Executive (EMEA) - SMF 5, Mizuho, reiterated the importance of technology to build resilience. “Many people talk about technology as the future, but it is equally important today. Innovation, technology, and digitalization is now.”

DORA: An Important Regulatory Priority

With the Digital Operational Resilience Act (DORA), the new EU regulation that aims to strengthen the IT security of financial entities such as banks, insurance companies, and investment firms, entering into force this year, cyber operational resilience was a much-discussed topic. By introducing uniform and harmonized governing principles for the management of cyber risks, DORA aims to ensure that the financial sector in Europe can stay resilient in the event of operational disruptions. The regulation will apply as of 17 January 2025. 

Panelists deliberated several strategies for cyber risk management, including the importance of continuous control monitoring, control rationalization, and cyber risk quantification. Gavin Grounds, CEO & co-founder, Mercury Risk and Compliance, spoke extensively about how cyber risk quantification today is a “pre-requisite for success, (especially) with ever-increasing risks and an unlimited number of scenarios to be tested.” 

The Power of the GRC Community

By bringing the best minds in GRC, the Summit offered a collaborative space for experts and professionals to connect, share success stories, and celebrate GRC excellence. Here’s how we celebrated the power of this community. 

  • Customer Success Stories: Representatives from Nordea, dnata, Mediolanum International Funds, Nationwide Building Society, and Siemens Energy took us through their innovative strategies and continuous improvement that helped them build proactive approaches to audit, enterprise risk management, compliance, cyber risk management, and third-party risk management.
    The presentation of their accomplishments provided key learnings for their peers. For example, Jacob Holmehave, Head of Group Risk Office, Nordea, stressed that “strong governance with clear senior stakeholder commitment” is an important catalyst to the success of the GRC program. At the same time, David Story, VP - Health, Safety, Security & Environment, dnata, explained in detail how they “navigated the large user base training by establishing SMEs and champions.” 
  • GRC Journey Awards: Outstanding GRC program leaders, visionaries, practice leaders, and partners who championed GRC programs, achieved superior business performance, and created high-value impact through GRC were awarded in four categories: GRC Journey Awards, GRC Visionary Awards, GRC Practice Leader Awards, and GRC Partner Awards. Congratulations to the winners! 

    Check out our 2023 GRC Journey Award Winners.
  • Peer-to-Peer Networking: The Summit also served as a dynamic networking platform, promoting collective growth and nurturing innovation. Experts readily shared their problem-solving approaches and committed to continued support. Challenges were openly discussed, and best practices were exchanged. The entire atmosphere was supercharged, and I personally enjoyed the stimulating conversations!

The 2023 GRC Summit was more than just an event; it was a testament to the strength of the GRC community, its commitment to driving the field of GRC forward, and to utilizing the ‘power of connections’ to help organizations thrive on risk. 

Missed attending the Summit? Watch the videos of the sessions and download the presentations.

Interested to learn more about how you can transform your GRC program to successfully manage, embrace, and ultimately thrive on risk? Request a demo now.


Simrin Jhangiani Associate Director, Marketing at MetricStream

Simrin Jhangiani is the Product Marketing Lead for MetricStream’s ESGRC product. As a former NYU student with a minor in Corporate Social Responsibility, Simrin is passionate about helping businesses make risk-aware business decisions around ESG. Simrin has an extensive business and marketing background having worked as a strategy consultant at KPMG and being a business owner of a sustainable fashion brand. She has lived on 3 different continents, and has travelled to over 50+ countries around the world, resulting in a comprehensive understanding of why ESG is important on a global scale. She believes that ESG is fundamental to the growth of businesses in the present day and is ardent about bringing awareness of the ever-changing regulations around Environmental, Social, and Governance.