The term GRC (Governance, Risk and Compliance) has been around for a while now. Gartner has covered it in one form or another since the early 2000’s. The last decade of regulations – Sarbanes-Oxley, HIPPA, Basel III, Solvency II, regional rules and more – have put unprecedented pressure on corporations, leading to the explosion of GRC solutions. Firms have shifted away from spreadsheets and homegrown solutions to GRC focused software vendors as GRC needs become more complex and involve a wider set of stakeholders.
This market maturation brings the potential for a new wave of M&A consolidation as vendors race to provide more comprehensive products for more sophisticated needs. Many large software vendors are looking toward the next market phase, which includes adding or integrating with large business analytic platforms and scorecarding capabilities, while shifting away from a platform-centric approach to one focused on targeted solutions for specific use cases. With hundreds of GRC solutions in the market currently, we’ve seen forecasts for the global GRC software spending to grow from $15.98 billion in 2015 to $31.77 billion by 2020, at a CAGR of 14.7% from 2015 to 2020.
With strong M&A activity in the space over the last few years you might think the consolidation was close to running its course, but we’re seeing no slowdown in demand for GRC businesses. If anything it’s increasing. Everyone from SAP, to IBM, to EMC, to Oracle, to Wolters Kluwer has a GRC solution yet hundreds of interesting smaller players remain. Our own increased deal flow in this space says as much: Alacra (bought by GTCR/Opus Global), Varden (bought by SS&C), AIM (invested in by Welsh Carson), CounterpartyLink (bought by DTCC), Information Mosaic (bought by Markit), and Aquiline (invested in Fenergo along with Insight Venture Partners).
GRC practices for most companies have become part of everyday life. Organizations today are challenged with managing a rapidly-changing GRC landscape including market volatility, geopolitical crises, wide-spread economic changes, regulatory reforms, and cyber threats. The cost of data governance and management is painful. While increased regulations and risks create many challenges for organizations, it presents an opportunity for investors and acquirers – hence the increased deal flow. GRC companies continue to benefit from multiple sector tailwinds that create an attractive investment and acquisition environment in multiple sub-sectors:
- Businesses see compliance as a core process through which strategic objectives are met
- Investors need more transparency to understand the risks and ensure the return on their investment is protected
- Stakeholders require greater accountability and transparency of risk management activities
- BOD’s, corporate officers, audit committee’s responsibilities are rapidly increasing
More deals to come in this space. Stay tuned in here…