2023 GRC Trends and Predictions

In 2023, organizations worldwide will face increased external pressures on multiple fronts. These outside pressures will vary from new ESG requirements and an uncertain business climate to increased costs, supply chain volatility and regulatory change and perhaps, as recent years have shown us, the completely unexpected.

SAI360’s 2023 Trends and Predictions for GRC include:

1. Increased focus on ESG

Environmental, Social, Governance (ESG) is top of mind for good reason. Not only is it a hot topic, but a broad one as well. You can expect to hear a lot about ESG as shareholders and other stakeholders demand greater transparency. Additionally, regulatory requirements will include mandatory reporting that is specific, auditable and transparent.

We see the year shaping up in terms of ESG in three waves. The first wave will be a reaction to regulation, materiality assessments and stakeholder engagement. The second wave will be meeting reporting requirements. For example, the SEC’s ESG disclosure requirements and EU Corporate Sustainability Reporting Directive will take effect. The third will come in 2024 with high-profile cases of non-compliance, violations and fines handed down from the SEC and the EU Directive. On that subject, we predict that while many companies have started to deploy processes in preparation, others will struggle to collect and aggregate Scope 3 emissions data from the extended enterprise.

Most of the focus from investors and regulators so far has been on the environmental aspect of ESG. However, this is evolving. The German Supply Chain Act imposes a range of “due diligence obligations aimed at reducing human rights risks posed by global supply chains.”

That brings us to the media’s influence on ESG adoption. You will know it from news reports of companies issued fines for greenwashing, having material inaccuracies in the data reported, or failing to disclose. Companies would be wise to invest in a technology platform that can drive audit proof, accurate and meaningful data on emissions data today, and other ESG-centric non-financial reporting in the future.

The coming year will also be when we see more fulsome identification and continuity planning for climate-related risks, which leads us to our next prediction.

2. Escalating threats to business resilience

If Covid-19 provided a business lesson, it is to plan for the unexpected. In 2022 alone, the world emerged from the pandemic and then struggled with inflation, shortages from supply chain disruptions and geopolitical turmoil. Any climate event, a flood, a drought, a winter storm, a heat wave, a tsunami, or a hurricane can impact your company. We also expect a rise in incidences of ransomware and other cyber-events. These events will translate into an increased focus by media and regulators, along with new and revised regulations designed to enhance resilience and support critical infrastructure. In fact, the US federal government will focus on resilience as a key theme, especially for industries identified as critical infrastructure.  Search for Infrastructure Resilience Planning Framework Fact Sheet on cisa.gov 

For a global or mid-sized organization seeking to address and manage these risks, the best approach is to focus on resilience with best practice frameworks, controls and policies. Resilience will help you stay focused on surviving and thriving. Whether it is an IT risk, trouble with a supplier, or an operations disruption, having the right game plan can help you keep your organization thriving and your service to Customers uninterrupted.

3. Likely recession

Many economists are predicting a worldwide recession in 2023. Other economists predict a soft landing. Our advice: leave country and global economics to the experts. Follow the advice in #2 and prepare for the unexpected. Here are five potential developments here or on the horizon:

• Expect a slowdown in hiring. It started with the tech slowdown that occurred first with the US and spread to Europe. A worldwide slowdown could result in cost-cutting, which may include layoffs and cuts in capital spending, marketing and research.
• Look for downward pressures on business prices and business-to-business buying cycles to lengthen. Search for opportunities to operate more efficiently and sell value.
• Harden controls for systems, procedures and processes. This will drive efficiencies, plus get your house in order if storm clouds appear. Also focus on soft controls like employee policies, training and culture. It goes to the importance of employees often being the first line of defense.
• Expect further consolidation and shifting of vendors for reasons such as price, reliability, or to bolster business resilience plans.

4. Heightened pace of regulatory change

2023 will bring regulatory changes to the forefront. In some cases, it will be existing regulations with more active enforcement. Other regulations will be modified to strengthen aspects.

For example, the California Privacy Rights Act (CPRA) was amended to the California Consumer Privacy Act (CCPA) and became effective on January 1, 2023. New rules like SEC’s ESG disclosure requirements will occur in 2023 and for the 16 industries considered by the US Government to be critical infrastructure, new more stringent cyber defenses will be required. The increased pace of regulatory change will put your company’s program to the test this year.

5. Social and regulatory scrutiny

2022 brought a number of headline-capturing enforcements. Wells Fargo was fined $1.7 billion for unethical practices affecting consumers. Meta was fined again, this time $400 million euros for violations of the European Union’s General Data Protection Regulation, better known as GDPR.

Large and mid-sized firms and even individuals can receive major fines. FINRA removed the ceiling on the fines that can levied on large and midsize brokerage firms. McDonald’s CEO, Steve Easterbrook, was forced to repay the company $105 million, one of the largest clawbacks in the history of Corporate America, after his severance package following his departure in an ethics scandal drew criticism. Already in 2023 we see massive destruction of wealth at Tesla and potential SEC action against the once venerated CEO for his historic tweets. Society, shareholders and regulators are not just listening but increasingly they are acting on what they hear.

That completes SAI360’s GRC trends and predictions for 2023. If you are concerned about the year ahead and what the future holds for your company, we have solutions that can help.