Running a business is no mean feat, ask any entrepreneur and he will attest to that with no questions. There are several integral units within a company that need to work smoothly and simultaneously. Think of it as an elaborate ballet - even one dancer skipping a step could derail the team’s performance. Multi-million dollar businesses ride on countless working units that must be in perfect tandem with one another at all times, seamlessly stitched together by a web of compliance measures.

Former US Deputy Attorney General Paul McNulty once remarked “The cost of non-compliance is great. If you thought compliance is expensive, try non-compliance”. According to IDC, the global revenues for governance, risk and compliance (GRC) software is at $11.8 billion. The unpredictable and volatile nature of changes exacerbated by political, social, economic events cannot derail companies, and having sound Governance, Risk and Compliance measures can go a long way in absorbing these systemic upheavals.

We live in a time when the advancement of technologies is probably at its highest, and most pervasive. What is considered a typically conventional business unit like GRC too is keeping up with the times, and is on the fast track to adopting technologies like AI, ML and RPA to manage risks better, and ensure their organisations are compliant with all possible codes.

This exact ambition is what drew Andreas Diggelmann to MetricStream. After spending nearly 25 years at SAS Institute in various roles, most notably as VP of Engineering, Operations and Strategy, he joined MetricStream to lead the India operations as CTO and MD. “A new era was dawning in GRC, and this was a hugely exciting opportunity for me,” he says.

Here are excerpts from the interview with Andreas Diggelmann, CTO and Managing Director for India, MetricStream

On GRC being pervasive and AI helping reach this goal

The core processes in GRC are grounded in three layers – people & business, people who manage the risk, and the people who audit all these activities. So far, the latter two layers have been in focus but the true pervasiveness in GRC was beginning to take shape when the first layer was being prioritized by companies. Today, it is more important than ever to understand and gauge what people need, and provide them solutions accordingly, else its very hard to stay relevant and ahead as a category leader. With this direction being adopted by forward thinking businesses, the need for specialized technology tools is ever more significant.

On the need for an integrated platform and a ‘common taxonomy’

Companies are beginning to understand the importance of integration. There is a cultural change where there is appreciation of the notion of working together and not in siloes. Yet, the task of actually getting entities to build and endorse a common taxonomy, & getting individual business units to agree to one common strategy is not easy. There are too many moving parts to consider, and each unit is driven by their own measure of success so resistance to change is expected. A tremendous amount of passion and patience is needed to make all these units talk to each other and work with each other. Our agile approach is to pick one department, establish our credence and then move on to the next. This builds trust and allows us to understand deeply the significance of every business unit.

On the M7 Platform helping achieve common taxonomy structures

The M7 Integrated Risk Platform enables customers to adopt simple, agile and intelligent approaches to proactively address the changing workforce, risk, regulatory, and cybersecurity landscape. Some of the key features of the M7 platform are Frontline Engagement, Integrated Risk Intelligent Platform by Design, Cyber Risk Quantification and Intelligent Content Libraries.

As part of Frontline Engagement, M7 engages frontline users to flag observations on potential risks, anomalies and deviations, empowering all stakeholders to make better, risk-aware decisions. Additionally, one can also engage in Case and Incident Management, and provides GRC Advisory on relevant risks and regulations, reducing time spent by compliance and risk functions on advisory services.

With an Integrated Risk Platform Intelligent by Design, users can expect seamless predictive intelligence with AI and ML; issue analytics that categorises issues, and identifies similar patterns; and smart policy search that enables the frontline to quickly discover relevant policy information based on intent.

With another entity Compliance.ai, Intelligent Content Libraries are pre-built with a curated list of regulations and updates from 750+ regulatory sources.

On Innovation, Invention and Customer Satisfaction

For me, innovation is about taking a unique idea right to the end and creating value for the stakeholder. The culture of innovation must also factor in the question of – are innovation funnels broad enough for companies to invest in deeply? At MetricStream, we’re constantly finding new ways to deliver solutions to our clients, by investing in Hackathons and Innovation Days with employees. Here on, we choose the strong PoCs and run with it. AI for us is deeply contextual – and a means to help us solve a business use case. While it is important to keep the benchmark of innovation high, it also has to balance out with ground realities of every industry, every type of client – and its upto us to reach a solution that can benefit both. We’re continuously amazed at how far some clients are willing to go to try new things – we once had a Canadian banking client that hired a new department for GRC functions, including marketing analysts to innovation managers as he wanted fresh ideas to pivot the department. A fire in the belly attitude also goes a long way in helping us push boundaries.

On risk management during COVID19 and future plans

Every country, every geography was dealing with COVID19 differently. What we also saw is that more companies were adopting the integrated approach, which isn’t just a response to COVID19 but an indication of a long-term change in business. Last year wasn’t a time to try anything outright radical, but it also gave us a new moat of opportunities to innovate for our clients to just cope and recover, as the first order of things. Hopefully, we’re rooting for data pooling in an anonymized fashion to make risk management more accurate, and this is where AI could be a game changer.