The Diligent Risk & Resilience Virtual Summit, held on September 16, brought together industry experts to discuss the latest trends and strategies in risk management and resilience. One of the key speakers at the event was Michael Versace, Risk and Regulatory Markets Lead at Chartis Research. If you missed the live summit, you can still catch Michael's insightful session by watching the recording here.

Q. Can you tell us about your background and what inspired you to focus on GRC and risk management?
A. With a career spanning multiple leadership roles in risk, including stints at PwC, the Federal Reserve Banks and as a two-term chairman for ISO technical committees on Information Security standards in Financial Service, I’ve developed an appreciation of what makes risk management most effective. With the risk universe expanding and becoming more interconnected than ever before, business leaders must recognize enterprise risk as a strategic investment that underpins growth and agility.

Q. What are the top macro and emerging risks that organizations should be preparing for?
A. To stay ahead of the curve, organizations need to focus on building a risk-aware culture from the top down. This means developing a tone from the c-suite that prioritizes risk management, embedding risk-thinking into every line of business and working across departments to create a unified, enterprise-wide capability that’s forward-thinking. By leveraging the latest innovations, including large and small language models, low-code platforms, blockchains and open-source development environments, organizations can optimize many risk management processes and deliver on a value contribution.

Q. What are the most critical skills or strategies that compliance and risk professionals need to develop in order to thrive in their roles today?
A. Compliance and risk professionals need to have excellent communication and consensus-building skills, a deep understanding of the business and its landscape and a willingness to embrace technology. Strong communications and consensus-building skills are often overlooked, but in the end are at the heart of enterprise risk management. In addition, data and analytic skills have become much more critical, as industry leaders are guiding a broader adoption of metrics-based risk management, allowing enterprises, for example, to better understand risks within their business processes, systems and workforce. This trend signals a move toward more sophisticated, evidence-based GRC practices that are responsive to the complexities of today’s business environment.

Q. What advice would you give to risk leaders on navigating regulatory changes and ensuring their organizations remain compliant in a rapidly evolving environment?
A. Risk leaders are advised to stay vigilant and proactive. Both should be pursued with equal effort. This means using innovation to elevate awareness of potential shifts in regulatory temperatures, engaging with regulators and peers to stay informed and develop industry-level response and strategy and having a clear grasp of their compliance obligations and areas of over-compliance. By doing so, they can identify areas to streamline compliance processes, eliminate redundant tasks and continually test measures to ensure they’re operating as effectively as possible. Keep your business, products and services ahead of the regulatory curve.

Q. In your experience, what are some common pitfalls or challenges that organizations face when trying to integrate risk management into their overall business strategy, and how can they overcome these challenges?
A. Let’s face it, many organizations still treat risk management as a box-ticking exercise- a necessary cost of doing business. This approach is not only ineffective, but also a missed opportunity. To truly get the most out of risk management, organizations need to weave it into the fabric of their business strategy. This means investing in the right people and technology to support their risk management efforts. Make it attractive, desirable, specialized, and cool for the next generation of risk managers. Incentivize and reward ‌dedication to risk management practices. I guarantee that doing so will drive real sustained value.

Q. As someone who has analyzed various GRC programs, what are some best practices or lessons learned that you can share with risk leaders looking to enhance their organization’s resilience?
A. As mentioned, best practices ultimately enhance business agility and establish resilience concurrently – one with the other. Best practice starts with a strong tone from the top and expertise across all risk domains, financial and non-financial. Doubling down on data and analytics modeling and visualization using common technical platforms and a strong culture across business line risk managers, compliance and audit that deliver an end-to-end ERM is also crucial best practices. Training and staff rotations among risk functions are also important to maintaining a high degree of knowledge and awareness.

Q. Looking ahead to the future of risk management, what trends or developments do you see shaping the field, and how can organizations prepare for these changes?
A. I’d come back to the top – this is not your father’s GRC – the industry has moved way beyond that as the risk universe expands and risk becomes more interconnected than effort before. Clear examples of this are the growth of digital assets as commodities, payment instruments, stores of value, distributed finance, growth in private credit, the deregulatory trends, new trade agreements and governance around AI and machine learning, to name a few, are going to reshape the landscape. In addition, and maybe just as important, we need to be ready for the next generation of risk managers with human and artificial intelligence combined. I believe organizations need to be more proactive, innovative and adaptable than ever, investing in the right technologies and expertise to address emerging risks. By doing so, they’ll not only be able to mitigate potential threats but also discover new opportunities for growth and success.

Your Data Matters

At our core, transparency is key. We prioritize your privacy by providing clear information about your rights and facilitating their exercise. You're in control, with the option to manage your preferences and the extent of information shared with us and our partners.