Risk analysis and compliance, essential instruments of corporate governance

By NewsroomNo Comments

Risk analysis and compliance, essential instruments of corporate governance, are beginning to benefit from newer technologies, which provide more visibility on what happens in the company

Brazil truck drivers’ strike, in May, compromised the whole country in terms of supply. The federal government was required to adopt new rules to logistics and fuel sectors. Such measures were extended to several production chains, which is yet another piece of evidence of the volatility and risk all companies are subject to.

This episode was also a reminder to the companies of the importance of safeguarding themselves. It is no coincidence that an increasing number of organizations have been seeking instruments to increase their ability to anticipate external events that may impact them. Such instruments are technologies that may be linked to internal processes, to prevailing laws and regulations, and to governance levels – in other words, GRC.

An acronym to governance, risk, and compliance, GRC is a method that optimizes risk assessment processes and companies’ alignment to corporate policies and sector laws and regulations. GRC emerged in the last decade to enable secure operation to organizations and to provide its managers with resources for decision-making; it is, though, getting to a new stage, in line with the so-called fourth industrial revolution. GRC 4.0 is powered by big data, artificial intelligence (AI), and machine learning, and thus is a winner in range, speed, and integration. It is no longer limited to the analysis on risks and regulatory frameworks; it aims at promoting the systematic integration of corporations.

“We understand GRC as a wide framework that is not limited to its three letters. It’s an intelligent and integrated process of information collection and management and of task performance”, explains Claudinei Elias, the managing director of Nasdaq Bwise for Latin America, a company that is a world leader in GRC solutions, connected to the famous corporate stock exchange tech Nasdaq.


Using technology is no news to GRC – many platforms are based on management software similar to the Enterprise Resource Planning (ERP). Companies, however, usually apply the precepts in a fragmented way. Each sector is in charge of conducting its own surveys. Risk detection and compliance are set aside to unrelated legal areas, barely linked to business strategies, for example. The problem is clear: the creation of assessment silos prevents a continuous flow of information, which causes duplication of efforts and conflicts between sectors, and wastes time. These obstacles affect the companies’ value, impact on their competitiveness, and may result, believe it or not, in even higher risks.

According to a research by Accenture consulting services, carried out this year, in 82 countries, 63% of the companies with sales above USD 100 million are now subject to a moment of “major disruption”. In this changing scenario, it is necessary to stand out for agility and a resilient attitude – and that’s why GRC 4.0 pays off. Incorporating several applications, it contributes to unify all processes, preventing redundancies and delay in decision-making. “The most important benefit is the organization of a unified registration system, as long as you have all your information sources correct”, confirms Khushbu Pratap, a research analyst at Gartner Group.

Big data applications combine mass information storage and high speed access. This enables companies to assemble large amounts of structured data – provided by internal processes and audits, for example – and unstructured contents, such as feedbacks from the office of the ombudsman or from social media.

The search for patterns and the preparation of predictive models based on these heterogeneous pieces of information are, then, enabled by data analytics solutions. Platforms such as SAP’s Hana and Oracle’s Exalytics are able to combine indicators from multiple sources and set patterns of errors and threats. Such tools optimize the definition of main risk information, taking into account motivating factors – among other strengths, consumer behavior, economic trends, and environmental issues.

Learning such patterns, plus the assistance of artificial intelligence and machine learning, the systems of a bank, for example, can detect and even predict frauds in real-time credit card transactions, as they are still being processed. As if it was a continuous audit. “This framework assists in understanding trends and predicting potential losses and impacts, which improves risk measurement”, says Nasdaq Bwise officer Elias.


Banking institutions are beginning to rise as the benchmarks of the new GRC phase. After all, the domestic financial segment has to deal every month with about 3 thousand publications on rules at municipal, state, and federal levels – not to mention internal regulations, filed by entities like the Brazilian Federation of Bank Associations – FEBRABAN. Altogether, this can be up to 15 thousand rules per month, taking into account the interaction with updates to the other sectors. Other than law, banks are among the segments that are the most dependent on risk strategies to estimate profit and loss margins.

In 2012, Banco Votorantim decided to modernize its GRC and adopted a Nasdaq Bwise platform. Among other resources, the solution provides data analytics technologies to automatize operational risk methods. Intersecting information has improved the understanding of the roots of the bank’s operational issues, enabling the creation of new types of procedures.

Model risk management is one of them. This method aims at validating and enhancing algorithms, statistics, and econometric functions applied to the bank’s framework of predictability. “Now we can see the benefits. Planning became more assured, as the managers can access the respective models independently and modify them if necessary”, says Vinicius Oliveira, a model validation specialist at Banco Votorantim.

This process modification applied to the institution shows the impact caused by the new GRC method on organizations’ so-called “second line of defense”. Safeguarding frameworks usually comprise four lines of defense, namely: governance, control processes, internal audit, and external audit. Not only do work optimizations in control process make audit arrangements easier, but they also provide resources to governance. “By providing the business with accurate information, technology improves decision-making and the pursuit of risk reduction”, says the Bwise executive officer.


GRC 4.0 is flexible due to its diversity of resources. This flexibility is important as the framework application must respect particularities of the segment in which the company operates and of its management maturity level. “Determining which technologies to use depends on the corporate governance model, the innovation environment, and the quality of data to make the control instruments effective”, he emphasizes

Implementing a strong GRC with a wide range of functionalities adds complexity to company adjustment. The reason is that alignment with GRC is a journey that demands time and effort, once the company needs to improve its audit and internal regulation mechanisms to calibrate technology. Despite this complexity, though, the wider the GRC scope, the more complete and decisive the information given to decision makers tends to be.

Nasdaq Bwise calls this GRC scope expansion “extended organization”. The purpose of this approach is to align the entire value chain with the company’s strategic principles, including joint ventures and third-party services. It makes sense. According to a survey Deloitte published in May, in Brazil, about 74% of managers believe that third parties will play an increasingly important role in business. The risk related to this type of services became higher as of 2014, with the promulgation of Lei Anticorrupção [Anticorruption Act], which imposes liability on the contracting party for any illegal acts performed by the third party. Since then, the process of monitoring for possible financial and reputation damages has become more vigorous.

Source: HSM Management

SAI Global (ex-Nasdaq BWise) convenes executive officers to discuss Governance, Risk, and Compliance (GRC) trends

By NewsroomNo Comments

Financial, reputational, and operational risks are some of the challenges executive officers need to overcome with precision and timeliness in companies, especially for compliance risks involving a strong need to observe a series of rules and regulations. In this scenario, the operational model of Governance, Risk, and Compliance initiatives is becoming more and more central in the pursuit of greater security related to achieving organizational goals.

In order to discuss new trends in this sector, Nasdaq BWise – world leader in GRC technologies – is promoting a Summit, on April 10, entitled “GRC Estratégico: Uma visão além da conformidade” [Strategic GRC: A Perspective Beyond Compliance], which shall feature Howard Zev, Vice-Chairman of the company for the Americas.

In this event, Howard will share his perspective on the future of GRC. Leaders of different sectors are going to be there as well to share their successful cases, including B3, Porto Seguro, BNP Paribas Cardif, Banco Votorantim, and M. Dias Branco.

“Nowadays, to make Governance, Risk, and Compliance effective, it is essential to rely on intelligent technologies to assist business areas in identifying significant risks in organizations. That’s why, seeking progress in this topic, we want to discuss challenges, exchange experiences, and reflect on innovations in Risk Analytics, Machine Learning, and Artificial Intelligence”, says Claudinei Elias, the Managing Director of Nasdaq BWise Brazil.

The Summit shall address topics of relevance to the market, such as: successful cases, framework models and innovations in Cognitive GRC, the use of Data Analytics, regulatory systems, compliance, and cybersecurity, plus a special panel with international executive officers discussing innovations in the sector.


Summit Nasdaq BWise

Date: April 10, 2018

Place:Casa Traffô – Rua Gomes de Carvalho, 560, São Paulo

Time: 9 a.m. to 6 p.m.

About Nasdaq Bwise

Nasdaq BWise is a world leader in GRC technology (Governance, Risk, and Compliance). Based on high-performance management of business processes, this platform offers solutions to the areas of Risk Management, Internal Control, Internal Audit, Compliance, and Management of Information Security & Policies applicable to several segments.

By using the platform, institutions can also comply with the regulations established by the most important anticorruption laws in the world, such as the FCPA, a North-American Act introduced at the time of Watergate, UK Bribery Act, and the Brazilian Anticorruption Act, effective as of 2013.

Source: Exame magazine

Bravo GRC Head of Innovation and New products talks about the Heroes of Chaos

By NewsroomNo Comments

Bravo GRC, an exclusive BWise partner in Brazil and Latin America – the most complete GRC tool in the market – invests in good quality content to stimulate companies’ awakening to the need of intelligent GRC management. Thiago Labliuk, the company’s Head of Innovation and New Business, has been working to raise awareness, in the market, of meritocracy in practice and the dangers arising from the Heroes of Chaos, professionals whose capacity is directed to a purpose that tends to diverge from the company’s purpose, or, by definition, that is a consequence of inefficiency.

Read More

Meritocracy without governance, results for whom?

By NewsroomNo Comments

I still believe this is one of the main tools to retain talents or to increase teams’ productivity. By definition, this term is related to the organization model and a reward system based on personal merits. Therefore, the background I’d like to be preceding this text regards the way this model is implemented and monitored, and how we can assess the risks it involves, in order to maximize the value added to all elements involved: shareholders, employees, and society.

Read More