This year’s #RISK Europe 2025 brought together the GRC tech community together under one roof. Across the conference, the conversations were driven by one urgent theme: organizations cannot keep pace with today’s risks using yesterday’s systems.
Vendors, regulators and risk teams came together with the same goal in mind. To understand where GRC technology is heading next and how AI will reshape the GRC landscape.
Across the sessions, leaders were blunt about the reality facing their teams:
- Clunky systems.
- Disconnected workflows.
- Rising complexity.
- And an expectation to deliver more with GRC platforms that were never built for today’s pace!
They also outlined what good looks like:
- Intuitive user experience.
- Connected systems.
- Real time intelligence.
- Tech that flexes to how people actually work.
Here are the GRC tech-led themes that stood out from the keynote sessions and the conversations at the CoreStream GRC stand.
1. Redesigning GRC platforms for user experience and prioritizing simplicity
A clear message ran through every tech session. Employees are exhausted. They spend too much time wrestling rigid workflows, static forms and repetitive admin.
Most employees do not live in GRC every day, so if a task takes more than a few minutes, engagement drops. GRC software needs to be simple enough that anyone can complete what they need to do quickly and get back to their real job.
“People do not have time to log into 3 or 4 systems. We need platforms that bridge gaps.”
Jessie Williams, Director of Compliance and Risk at Excello Law.
The panels were clear. GRC must meet people where they already work. That means getting the basics right.
- Policies written in business language, not GRC jargon
- Workflows that reflect how teams operate
- Processes that help people make decisions, not navigate obstacles
- Clean, intuitive design that encourages participation
“No system will compensate for a poor risk culture, but simplicity drives better conversations.“
Catherine Waton, Head of Risk and Internal Audit, Which?
2. GRC tech, AI and orchestration: tools only create value when the foundations are right
A consistent theme from the tech panels was that tools only work when the underlying processes make sense. If the foundations are outdated, even the most advanced platform becomes another layer of admin.
Given the current landscape, AI sat at the center of most discussions. Is AI the cure to our staff’s GRC platform frustrations?
Panelists agreed it can accelerate analysis, automate routine work and surface patterns humans might miss, but only when it sits inside strong governance with clear oversight.
“AI is encouraged, but not without human intervention.”
Douglas Clarence, Chief Compliance Officer for UK & Europe, Citi
Integration also dominated the conversation. Organizations are relying on more vendors than ever, and disconnected modules are becoming a risk in their own right. Teams need systems that talk to each other, share context, and make it easy to act on insight.
This thinking aligns with what GRC 20/20 Research LLC describes as GRC 7.0, the most optimized model for GRC in 2030. Leaders want platforms that are connected, dynamic, contextual and driven by foresight. Static reporting cycles no longer match the pace of risk.
“We need to reinvent the processes we created decades ago.”
Gayle Sparkes, Director of Operational Resilience, NatWest
“If you are always looking back, you crash.”
Michael Rasmussen, Founder, GRC 20/20 Research
Want to hear Michael Rasmussen’s GRC 20/20 expert analysis of our third party risk management solution?
The takeaway was simple. Advancement in technology like AI should support judgment and independent strong systems, not replace them. Technology only works when it is built around real processes, real culture, and the way people actually work day–to-day.
Read more on how CoreStream GRC approaches AI in our co-founder authored paper:
3. From static data to real-time intelligence: the shift leaders are demanding
Static, backward-looking reports are no longer enough. Leaders want intelligence that updates in real time and helps them anticipate risks, not react to them.
Why?
“It’s not new risks, but the interplay of multiple risks that creates complexity.”
Emma Price, UK Enterprise Risk Management Expert and Partner, Deloitte
This shift is already visible.
- Continuous assurance is becoming the baseline under DORA.
- Predictive analytics and horizon scanning are shaping strategy.
- Real time data is replacing manual uploads.
- Boards engage more when insight is dynamic, not historic.
- Organizations are moving from risk registers to resilience-led thinking.
But getting to real-time intelligence requires connected, clean data. Several speakers highlighted:
“The challenge is plugging new tools into legacy systems and truly connecting the data.”
Gayle Sparkes, Director of Operational Resilience, NatWest
How CoreStream GRC helps risk and compliance teams
Our client UNT Health shows what the shift to a dynamic platform with up-to-date reporting dashboards can look like in practice.
They began with spreadsheets and a legacy tool that caused confusion, siloed data, and constant manual chasing. HR had no structured way to manage approvals. Occasional users found the old UX almost impossible to navigate.
“Communications were forgotten about, and it meant lots of chases.”
April Daniel, Director of Compliance Operations, UNT Health
Moving to CoreStream GRC’s integrated platform changed everything.
Disclosures sync automatically. Data is centralized. Reviewers act in real time instead of relying on outdated snapshots. The impact went beyond efficiency. It strengthened culture:
“It gave me faith in my campus. People were being honest. It helped people live the values, not just hang them on a wall.”
Desiree Ramirez, Chief Integrity and Privacy Officer, UNT Health
Want to see the full UNT Health case study to see how real-time intelligence works in practice?
In summary, real-time intelligence is no longer a nice-to-have. It is quickly becoming the expected standard for mature GRC, and the organizations that get there early will move faster, make better decisions and build stronger resilience.
4. Why connected systems outperform standalone tools in modern GRC
One of the strongest messages from the tech panels was that GRC can no longer sit in silos. Standalone tools create duplication, gaps and wasted effort. When risk, compliance, audit and operations work from different systems, no one has the full picture and leaders make decisions with incomplete information.
Integration is now both a regulatory and operational expectation.
A connected GRC ecosystem creates one trusted view of what is happening across the business and gives teams shared context so they can respond to risks faster and with more confidence.
“You can’t underestimate human behavior. The tech only works if it aligns with how people actually operate.”
Lauren de Thibault, Director of Risk, BT Group
Want to see how connected GRC creates real value? Read Part 1 of our #RISK Europe series.
5. Personalizing GRC to the way your business works
GRC only works when it reflects the reality of the organization using it. No two businesses share the same culture, incentives, or risk appetite. A one-size-fits-all framework will always fall flat. Technology must flex the business, not force the business to adapt to the tool.
“Meet people where they work, with policies that make sense to them.”
Jessie Williams, Partner and Head of Regulatory, Excello Law
“Frameworks must be fit for purpose for where the company is.”
Jovita Tam, Business-focused Data and AI Advisor & Attorney (England and NY)
This is why flexibility and personalization sit at the center of modern GRC design. Tools should support judgment, not override it. They should reflect goals, people and ways of working.
“AI can help with automation, but it has to be applied to the reality of that specific organization. Human judgment and decision making are key.”
Paul Cadwallader, SVP of Client Solutions and Client Success, CoreStream GRC
This is why, for many CoreStream GRC clients, this personalization is the turning point. When the platform fits the business, engagement increases, data improves, and teams feel supported rather than overloaded.
“If I go off to another compliance office and they don’t have anything like this in place, I will be suggesting CoreStream GRC. It’s an easy process, for employees and for us. We can log in and very easily do what we need to do. I really do enjoy CoreStream GRC.”
April Daniel, Director of Compliance Operations, UNT Health
CoreStream GRC personalization is not customization for its own sake. Our platform flexes to your way of working so you avoid the rigid, hard-coded modules that slow teams down. When technology fits the business, it becomes an enabler, not a barrier.
Closing thoughts on the future of GRC tech
The direction of travel is clear. GRC teams want platforms that work the way their business works. Simple. Connected. Real time. And built around people, not processes from a decade ago. The organizations that move first will make faster decisions, strengthen resilience, and create a real competitive advantage.
At CoreStream GRC, this is exactly what we build for. Read our recent blogs to learn more.
Want to learn more?
FAQs on GRC tech
GRC technology covers the systems that support governance, risk and compliance activities. In 2025, risk moves too fast for old systems to keep up. Leaders at #RISK Europe highlighted that clunky workflows and disconnected tools slow teams down. Modern GRC tech needs to be simple, connected and able to give real time insight.
Standalone systems create duplication and blind spots. Risk, compliance, audit and operations end up working with different information and decisions get delayed. Connected platforms offer one trusted view across the business, which is now both a regulatory and operational expectation.
AI is helping teams automate low value tasks, analyse large data sets and spot patterns earlier. But experts were clear that AI must sit within strong governance. It should support judgment, not replace it. As Douglas Clarence from Citi put it, “AI is encouraged, but not without human intervention.”
Leaders want up-to-date information so they can anticipate risk instead of reacting to it. With regulations like DORA pushing for continuous assurance, real time dashboards and integrated data are quickly becoming the baseline for mature GRC programmes.
We flex the platform to the way each business already works. Our goal is to remove rigid, hard coded modules and replace them with intuitive workflows that support real people. It is how GRC becomes something teams use, not something they avoid.
