Swiss GRC: AI-driven innovation and the future of GRC   

Veronica Martin caught up with Rajeev Dutt, General Manager at Swiss GRC – EMEA and APAC, during GITEX 2024 to discuss the key products and solutions they are showcasing, how Swiss GRC is leveraging AI to enhance their own product portfolio and the upcoming trends in the technology landscape for 2025.  

Can you outline to our readers what your company’s focus and theme is at this year’s GITEX 2024 – and what key products and solutions are you showcasing at your stand?  

Our company specialises in providing powerful and affordable Governance, Risk, and Compliance (GRC) solutions tailored to meet the needs of all organisations. Recognising that medium and smaller enterprises often face high costs for GRC tools, we have developed a solution that is both effective and budget friendly. 

In addition, we’ve ensured full localisation and established data centres right here in the UAE, offering both cloud-based and on-premises hosting options. Our products fully comply with the UAE data protection regulations, giving you peace of mind. Furthermore, understanding the preference of government entities for Arabic language solutions, we have made our GRC products available in Arabic to meet local demands effectively. 

The central theme of GITEX 2024 is AI. Can you provide our readers with a better understanding of how your company is leveraging AI to enhance your own product portfolio that is ultimately designed to deliver better outcomes for your customers? 

AI is the future, and we have already integrated advanced AI functionalities into our GRC product. AI offers significant benefits in governance, risk, and compliance, revolutionising how organisations approach risk management. For example, when conducting a risk assessment, you may identify a risk that is inherent to your business. The challenge then becomes how to effectively mitigate it and determine the right controls.  

With our AI, you can simply ask these questions, and it will provide tailored recommendations on which measures and controls are best suited to address the risk. This enhances decision-making without replacing the human element—AI acts as a powerful assistant, guiding you toward the most effective solutions. 

Moreover, imagine subscribing to a Regulatory content provider offering over 10,000 controls focused on information security and cybersecurity. The sheer volume can be overwhelming. AI steps in here, identifying, cross-mapping, and pinpointing the specific controls that align with standards like ISO, NIST or PCI DSS, helping you select the ones that are most relevant. By simplifying the process and eliminating much of the manual effort, AI ensures you apply the most appropriate controls, making compliance more efficient and streamlined. This is the transformative power of AI that we’ve incorporated into our GRC solutions. 

The opportunities of Generative AI are boundless. However, there are valid ethical and data privacy concerns in relation to Gen AI. How important is it for robust regulations and frameworks to be established in order to safely accelerate the deployment of Gen AI across the enterprise space? 

Generative AI (Gen AI) offers immense benefits, but it also introduces significant risks and threats to industries and individuals. Because Gen AI relies on vast datasets, there is a heightened risk of exposing personal information, which can lead to Inadvertent data leaks or reidentification of anonymized data  exist for e.g. if an insurance company were able to re-identify an individual in a healthcare dataset, they would have access to private medical information they could use to their advantage. 

This underscores the importance of stringent regulations to monitor and mitigate these risks. Without proper oversight, organisations could become vulnerable to data breaches, and personal information could be exploited. 

Data privacy regulations are crucial in this context. The EU’s GDPR sets a strong example, but more local regulations are needed to safeguard sensitive information. The upcoming EU Artificial Intelligence Act aims to prevent misuse by setting clear guidelines. Gen AI systems also pose risks due to biases embedded in the data models they use. These biases can be amplified, leading to unfair or inaccurate outcomes. If unchecked it can lead to unfair or discriminatory outcomes especially when applied in areas such as hiring, lending etc.

As AI models grow more complex, understanding how they make decisions becomes critical. If organisations fail to consider relevant regulations, such as those governing content or intellectual property, they risk significant penalties and fines. The evolving regulatory landscape must keep pace with the rapid development of AI technology to ensure that these risks are effectively addressed and mitigated. 

Outside of AI, what other trends do you see emerging across the technology landscape in 2025? 

I believe that more and more risks are converging into the GRC (Governance, Risk, and Compliance) framework. Previously, we focused primarily on environment, health, and safety. Now, the conversation has expanded to encompass ESG—Environmental, Social, and Governance considerations. As a European company based in Switzerland, compliance with ESG regulations is essential for us. We’re witnessing significant regulatory changes, not just in data privacy and cybersecurity, but also with new laws like the Digital Operational Resiliency Act and EU AI Act 

The scope of risks is broadening across various areas. Cyber risks, for example, are increasingly intertwined with third-party risk management, and these interconnected risks are converging into a unified approach. Regulatory shifts are reflecting this trend, and companies must adapt to manage a more complex risk landscape. Supply chain risk management is another area under scrutiny, especially with the growing cyber threats. It’s clear that organisations need to stay ahead of these evolving risks and ensure compliance across a wide range of regulatory requirements. 

Image Credit: Swiss GRC