Governance, Risk & Compliance (GRC) 2.0: The Future of Organizational Excellence Starts Now

The Significance of GRC: Navigating Risk and Compliance in Banking

Governance, Risk, and Compliance (GRC) is a comprehensive approach that unifies various organizational functions, such as governance, compliance, risk management, audit, performance management, and ethics. This framework, rooted in rules, facilitates the efficient management of avoidable risks by integrating activities across governance, compliance and risk management domains. GRC prioritizes the effectiveness of controls and takes a holistic view, akin to the Enterprise Risk Management (ERM) approach. By integrating these different components, GRC strives to establish a strong basis for effectively managing and reducing risks across the entire organization.

The Relevance of GRC in the Current Moment

In the fast-paced world of banking, stakeholders are demanding more transparency, accountability, and outstanding performance from companies. Meeting these expectations is no walk in the park, as organizations must navigate an ever-changing regulatory landscape that adds complexity to compliance efforts.

The growing number of third-party relationships and the associated risks have become a significant challenge for management. Ignoring these risks can have dire consequences, even putting the very existence of a business in

jeopardy. In this complex environment, adopting efficient Governance, Risk, and Compliance (GRC) practices has become crucial for sustainable business growth. As the stakes continue to rise, organizations must approach these challenges with extreme care to ensure long-term success and stakeholder satisfaction. Robust GRC frameworks help companies streamline operations, strengthen their risk management capabilities, and optimize performance. These practices involve a comprehensive approach that integrates governance, risk assessment, and compliance activities, empowering businesses to navigate the intricate landscape with confidence and resilience.

Balancing Responsible Innovation and Risk: The Role of Banking-as-a-Service in Community Banks

Banking-as-a-Service (BaaS) presents lucrative opportunities for community banks, driving revenue, deposits, and customer growth. However, it also brings compliance burdens and risks. To navigate this landscape, community banks should establish vendor risk management policies that address BaaS concerns, ensuring internal oversight. By investing in personnel and compliance systems early on, banks can enhance their ability to manage oversight and regulatory functions. Pathward Financial, a major BaaS player, emphasizes the importance of robust legal and regulatory compliance management for responsible innovation. Banks must understand their ultimate responsibility in regulatory and compliance matters, actively managing and overseeing BaaS partnerships to mitigate risks. According to the Bank Director ‘Insights Report: The Secret to Success in Banking-as-a-Service’,  dated April 12, 2023, “Banking-as-a-Service isn’t new, although technology has made it easier for institutions to build out this business line. Sioux Falls, South Dakota-based Pathward N.A., a subsidiary of $6.7 billion Pathward Financial, has been in this space for about two decades. The bank sees its legal and regulatory compliance management system as a “core strength” fueling its innovation with partners, says Lauren Brecht, senior vice president and managing counsel of credit and tax solutions at the bank.”

Considerations in Assessing Evolving GRC Talent Strength: Perspective through the Lens of a Risk SME

As both traditional and progressive community banks (and their perspective Fintech partners) come to terms with the realities facing them through the inevitable impact of Governance, Risk, and Compliance evolutions, bank leadership must take immediate pause to assess current talent bench strength and organizational structure around GRC.  This process requires a full commitment from executive leadership, the Board of Directors, and key stakeholders leading initiatives within the different buckets within GRC.  Taking a step back to examine current state, and building in regular re-assessment periods for regular review, banks can ensure they are dedicating the needed time, research, and investments into a sound operating structure surrounding GRC initiatives.

In speaking with an emerging Risk leader within the BaaS banking landscape, Janine Jakubauskas, Chief Risk Officer of BankProv in Amesbury, Massachusetts provides initial steps and advice to consider in conducting this internal reflection.

Who within a bank should help create and draft an ideal GRC org structure?

A Bank’s CRO should be the driver of creating this ideal GRC org structure. They should be able to evaluate an institution and its risk profile, and then build a commensurate structure.  The Risk managers underneath them should also play a vital role and be empowered to provide input. Of course, there also needs to be buy in and awareness by the Bank’s CEO and Board of Directors/ Board Risk Committee. It’s a joint effort to develop a strong risk culture and related org structure to support that. Partnering with your executive team and directors will help ensure strategic alignment between Risk and the Bank’s businesses.

What are the key trends in GRC and what are some notable shifts you have seen in light of the current banking climate?

Risk used to be seen as a regulatory exercise but as several negative events have unfolded over the years, the financial industry is starting to truly understand and see the value in having strong risk management practices. Risk departments are playing an increasingly critical role within Banks and with expanded responsibility to serve as a review and challenge function, advisor, and fierce protector of the bank’s strategic objectives. Being a protector of the Bank’s strategic objectives doesn’t mean you just approve and say yes to everything. It means your department is effectively able to carry out its risk responsibilities to keep the Bank sound from potential threats (internal or external).  In order to do this, you need GRC talent that are able to make risk-based decisions because ultimately the Bank needs to be able to make money and take on some level of measured risk to operate.  

In recent memory, when there is a major news event at a bank or bank failure, the first department people think of is Risk. If Risk departments aren’t important, why are they blamed for bank failures so broadly in the media? These points demonstrate how much has shifted culturally in the way GRC is viewed. Now I wouldn’t just solely blame a risk department for a bank’s failure but the point is just to show how important the public now views risk management if they think an entire entity will fail without a strong or effective program.

In conclusion, community banks seeking to benefit from embracing BaaS, or more traditional banking institutions must proceed cautiously in this new age of hyper-regulated oversight. By implementing robust third-party risk management policies, investing in qualified personnel, and establishing compliance systems in advance, these banks can embrace responsible innovation while safeguarding their operations. Only by maintaining diligent oversight and managing potential risks can community banks thrive in the evolving landscape of banking.


Travillian’s Banking and FinTech Practice provides Search and Talent Advisory services to depository institutions across the country. Established in 1998, the firm has built a unique platform that touches every corner of the industry. To learn more, click here, or get in touch below!

Patrick Cooney, Search Consultant – Banking & Fintech
(845) 597-8627 | pcooney@travilliangroup.com

Related Posts

Board Insights Series Part V: A Panel Discussion on Strategic Board Talent and Expertise

Join us for a compelling discussion hosted by Indra Elangovan, Travillian’s Head of Strategic Advisory, on bank board expertise, featuring a panel of experts sharing their perspectives on regulatory dynamics,…

Read more

The Future of Cross-Border Transactions: Faster, Cheaper, and Revolutionized by CBDCs

In his Travillian Next debut, Dimitris Malisianos, Principal, Banking & Fintech Search at Travillian, engages with two recognized influencers and advocates of payments, innovation, and fintech: Jason Mikula, Publisher of…

Read more

The Fight for Fintechs & BaaS Banks in DC: A Conversation with Phil Goldfeder

The turmoil in the banking system over the past month will certainly lead to new legislation & regulatory oversight. It is crucial to have advocates in Washington D.C. to ensure…

Read more

Is Your Bank’s Risk & Compliance Talent Focusing on the Right Things: A Conversation with Coastal Financial Corporation’s Curt Queyrouze & Andrew Stines

Risk and Compliance has always been a critical function for community banks, especially so today when tech-forward banks are involved in complicated BaaS and embedded finance partnerships with fintechs and…

Read more

If You Build It, They Will Come: Iowa Bank Wins Over Fintech Rancher and Risk Maestro

Travillian Tech-Forward Bank Index Profile I The Zac Brown Band sings about everybody being in the “same boat, fishing in the same hole.” In that case, Reinbeck, Iowa-based Lincoln Savings…

Read more

Steven Hunter, Director of Strategic Risk Modeling at South State Bank, talks to Brian Love of Travillian NEXT

Travillian NEXT proudly hosts an emerging leader, South State Bank’s Director of Strategic Risk Modeling, Steven Hunter. By way of their massive merger with CenterState Bank earlier this year, Steven is at the epicenter of…

Read more