Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal

〰️

Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal 〰️

The RiskTech Journal

The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.

Generative AI Is Steering Banks Toward Autonomous IRM—But the Bridge Isn’t Finished Yet
Artificial Intelligence, GenAI, Autonomous IRM, McKinsey Samantha "Sam" Jones Artificial Intelligence, GenAI, Autonomous IRM, McKinsey Samantha "Sam" Jones

Generative AI Is Steering Banks Toward Autonomous IRM—But the Bridge Isn’t Finished Yet

When McKinsey & Company published “How generative AI can help banks manage risk and compliance” in March 2024, it put blue-chip credibility behind a growing consensus: large-language models and related GenAI tools will automate swaths of the three-lines-of-defense and up-end conventional governance, risk, and compliance (GRC) workflows. What McKinsey did not say—but unmistakably implied—is that the old compliance-first paradigm is now on borrowed time. The firm’s use-case catalogue—from virtual regulatory advisors to code-generating “risk bots”—maps neatly onto the early layers of Autonomous Integrated Risk Management (IRM): continuously sensing risk, generating controls, and feeding decision-grade insight back into the business.

Yet the report also reveals a tension. McKinsey still frames GenAI as a helper inside discrete risk silos, guarded by human-in-the-loop checkpoints. Autonomous IRM envisions something bolder: an AI-directed control fabric that dissolves those silos, embeds itself in front-line processes, and—over time—lets the machine take the first swing at routine risk decisions while humans govern the exceptions.

Read More
McKinsey Confirms the Limits of GRC and Points Toward Integration
McKinsey, IRM, GRC Ori Wellington McKinsey, IRM, GRC Ori Wellington

McKinsey Confirms the Limits of GRC and Points Toward Integration

In its May 2025 article Governance, Risk, and Compliance: A New Lens on Best Practices, McKinsey & Company delivers a candid assessment of the widespread shortcomings in today’s governance, risk, and compliance (GRC) functions. Based on survey data from nearly 200 corporate leaders, the article highlights persistent underperformance across all three pillars of GRC and outlines five imperatives for reform. But what McKinsey never quite says—though it clearly suggests—is that the GRC model itself may be past its expiration date.

The findings echo what many in the risk management profession have long understood: legacy GRC frameworks are no longer adequate in a world defined by interconnected risks, real-time decisions, and strategic uncertainty. Below, we examine the key insights from the report and explain how they point—whether intentionally or not—toward Integrated Risk Management (IRM) as the future-facing alternative.

Read More