Key Takeaways from the 2025 GRC Summit, London: AI, Resilience, and Simplicity
- GRC
- 25 June 25
Introduction
Just last week, from June 10-12, MetricStream hosted the first spring summit in London. With more than 250 attendees from 50+ organizations, the event was a powerful gathering of thought leaders and practitioners across risk, compliance, audit, and cybersecurity.
It was three dynamic days of learning, collaboration, and forward-thinking discussions. With the theme "Experience the Power of AI and Resilience", the summit provided a unique platform for industry leaders, practitioners, and innovators to share their experiences and strategies in GRC along with a strong focus on the transformative role of AI.
From visionary keynote sessions to practical workshops and an array of panels with industry leaders as participants, the summit delivered a wealth of actionable insights and inspiration. Attendees left energized by new connections, real-world success stories, and a deeper understanding of how AI-driven solutions can help organizations navigate today’s complex risk landscape while strengthening their overall resilience.
While it is impossible to cover everything from the 3 days, I wanted to share a few highlights and key themes observed during the summit.
For video highlights and presentations, please visit the 2025 GRC Summit London page.
Top 5 Themes that Emerged from the Summit
1. Simplifying GRC for Impact
As global risks become more complex, the call for simplicity increases. Attendees repeatedly stressed the need to eliminate manual, fragmented processes and replace them with streamlined, intelligent, and user-friendly GRC systems and processes.
AI is playing a pivotal role in enabling this shift by automating the tedious, improving accuracy, and helping teams focus on strategic priorities. The goal is clear: make GRC a business enabler, not a burden.
“We’re reimagining how GRC is delivered — infusing intelligence and automation into every layer of our platform and the way we work, to simplify GRC — so it’s not a burden, but a business enabler.”
— Marc Levine, CEO, MetricStream
This theme echoed throughout sessions as speakers emphasized that simplification drives adoption and adoption drives outcomes.
2. AI-First GRC is Reshaping Risk and Compliance
Artificial Intelligence isn’t the future, it’s the now. The buzz around AI was unmistakable, with attendees showing strong interest in practical applications of agentic AI, machine learning, and predictive analytics in risk, compliance, and audit.
From autonomous policy mapping and risk assessments to smart control testing and real-time alerts, organizations are already seeing tangible results from AI integration.
“Reduce the soul-crushing parts of your day to help you focus on high-impact work and expand the canvas of things you can cover exponentially with AI.”
— Gaurav Kapoor, Co-Founder & Vice Chairman, MetricStream
“In a world where risk can evolve in an instant, it's really important that our risk processes can adapt to that as well. AI is acting as another team member... but above it all, you still need to have that element of human review.”
— Ben Rowsell, Head of Enterprise and Operational Risk, Nationwide Building Society
The message was clear: AI empowers, but humans guide. That balance will be key to unlocking its full potential.
3. Resilience is the New Strategic Advantage for Organizations
Resilience is no longer just about recovery. It’s about anticipation, agility, and adaptation. As global disruptions become more frequent, organizations are rethinking resilience as a dynamic capability embedded into strategy, operations, and technology.
Speakers and panelists called for a "resilience-by-design" approach, leveraging AI to detect weak signals, simulate scenarios, and proactively address risk.
“The way to manage risk should be to understand the impact of risk outcomes on your organizational resilience. Fixing it proactively rather than reacting to it is more effective and cost-efficient.”
— Rajeev Bhatnagar, Chief Risk and Compliance Officer, BNY
“What does it actually mean to stay adaptive? We should be thinking about our resiliency abilities as capabilities, things that adapt to the situations that we find ourselves in.”
— Nick Fuller, Global Head of Resilience Risk Management, BNY
Organizations that make resilience part of their DNA, through culture, data, and infrastructure, are building a long-term competitive advantage.
4. Connected GRC is a Must for Enterprise Agility
Siloed risk functions are no match for today’s complex landscape. At the summit, there was broad agreement that GRC must be connected across teams, data, systems, and geographies to provide a unified view of risk and compliance.
Platforms like MetricStream are helping organizations achieve this by enabling interoperability, master data alignment, and process orchestration across risk, compliance, audit, and cyber.
“The boundaries between risk, compliance, and technology have somewhat evaporated. So, there is an expectation that you look at the broader piece.”
— Rob Taylor, Head of Enterprise and Non-Financial Risk, London Stock Exchange Group
Connected GRC is more than just about visibility; it’s about using visibility to make faster, smarter, and more aligned decisions at every level of the organization.
5. Data Integrity Powers Trusted GRC
In a world powered by AI, data quality is everything. Whether it’s feeding risk models, generating audit trails, or informing board-level decisions, AI is only as good as the data it relies on.
The summit highlighted the growing importance of data governance, taxonomy standardization, and master data management as prerequisites for accurate, trustworthy, and scalable GRC programs.
“Risk management is a tool to tell stories—both good and bad. The narrative backed by robust data strengthens risk leaders’ voice on the board.”
— Carolina Poblete Reyes, Global Manager ERM, Glencore
“Risk data shows the risk culture. People will try to hold their data and siloes. Centralization has huge benefits.”
— Wilna Meiring, Managing Executive, Corporate Risk and Security, Vodacom Group
Investing in data quality is no longer optional — it’s a strategic imperative.
Celebrating the Collective Strength of the GRC Community
This year's summit emphasized the transformative impact of cutting-edge AI technologies on the governance, risk, and compliance landscape. AI was central to discussions, underscoring its role in revolutionizing the GRC ecosystem.
IQ-EQ, Zurich Insurance and Nordea’s Customer Success Stories
The London GRC Summit 2025 celebrated the remarkable achievements and innovations within the Governance, Risk, and Compliance community. Among the highlights were insightful case studies from industry leaders like IQ-EQ, Zurich Insurance and Nordea.
These success stories demonstrated how organizations are effectively navigating the complex landscape of risk and regulation, leveraging cutting-edge strategies and technologies to drive measurable outcomes. Attendees were greatly inspired by the practical applications and transformative impact shared by these trailblazers, setting a benchmark for others in the field while driving vital conversations.
“Try and follow the 10 golden rules to make your GRC implementation a success. High impact and high scalability are our mantra for AI innovations and adoption.”
— Fabien Robichon, Head of Compliance Analytics and Innovation, Zurich Insurance“Banking is about risk management. It's all about making the right decisions at the right time with the right information.”
— Jacob Holmehave, Head of Group Risk Office, Nordea“The secret to success in implementing any system is to stick as close to the system as you possibly can. We go with as few customizations and configurations as we can, and we remodel our processes to what MetricStream offers."
— Simon Wallis, Global Head of Risk & Assurance, IQ-EQCelebrating Excellence: GRC Journey Awards
This year's GRC Summit was also significant for marking a record number of recipients at the GRC Journey Awards. These awards showcased dedication and innovation within the GRC community, highlighting those who have excelled in implementing effective governance and risk strategies. The recognition provided encouragement and motivation to all attendees, underscoring the industry's collaborative efforts to enhance compliance and risk management practices.
We congratulate all the winners!
Building Resilient Connections: Networking in the Age of AI
For the first time ever, the summit spanned 2.5 days offering ample networking opportunities, fostering connections and collaborations among attendees. From formal sessions to informal gatherings, participants had the chance to exchange ideas, share experiences, and build relationships with peers, industry leaders, and experts. These interactions expanded professional networks and created a vibrant environment for collaboration and knowledge sharing.
Advancing GRC Maturity: Workshops on AI, Resilience, and the Future of GRC
The summit featured a series of workshops aimed at enhancing GRC maturity, facilitated by renowned experts. A special thank you to the GRC Pundit, Michael Rasmussen, GRC 20/20 Research, LLC, for his session on "Risk and Resilience by Design: Building the Future-Proof Enterprise" and Elena Pykhova, The Op Risk Company Limited, for her insights on "The Current State and The Future of Operational Risk Management." These workshops offered deep dives into crucial topics, equipping attendees with practical skills and strategies to strengthen their GRC frameworks and adapt to evolving challenges.
Next Stop: Vegas
Our London summit may be over, but the journey continues. We’re excited to announce that the next summit will take place this November in Las Vegas! It will be another extraordinary summit, so join us as we continue to shape the future of intelligent, connected, and resilient GRC.
Secure your spot today!
To catch up on the key discussions from the London summit: Register to access the session videos.
