Search Results

The environmental, social and governance (ESG) world is entering a new era characterized by regulatory compliance, with multiple jurisdictions either adopting or finalizing sustainability reporting regulations. This shift brings both benefits and challenges. On one hand, companies gain standardized rules for aligning their reporting activities. On the other hand, they face the task of setting up efficient and cost friendly ESG reporting programs. The issue lies in leveraging technology to automate reporting compliance processes while ensuring scalability. At Archer, we recognize this challenge. To address it, we have developed ESG Management solution to help companies collect, manage, and report data for regulatory ESG frameworks. Our latest ESG release introduces core capabilities designed to facilitate compliance with regulatory standards, such as CSRD ESRS and IFRS Sustainability Standards. EU CSRD The European Commission (EU)'s adoption of the Delegated Act on European Sustainability Reporting Standards (ESRS) on 31 July 2023 marks a significant milestone. ESRS, mandated by the Corporate Sustainability Reporting Directive (CSRD), applies to over 50,000 organizations globally, on a various scale, from 1 January 2024. Archer's phased release of the ESRS reporting framework aims to support companies in meeting the requirements of this regulation. As part of this journey, companies must conduct a double materiality assessment to identify important disclosure topics from both impact and financial materiality perspectives. Archer's Double Materiality Calculator (DMC), released in September 2023, empowers companies to kickstart their sustainability efforts by identifying most material topics. In our latest ESRS release, we are excited to introduce enhanced capabilities aligned with companies' reporting requirements. These capabilities include the reporting framework for ESRS 1, ESRS 2, Environment (E)1, and Social (S)1, translating complex regulatory requirements into a structured, automated workflow for efficient reporting. Furthermore, Archer's ESG solution enables the collection of diverse set of information, including metrics and disclosures according to ESRS guidelines. Integrating with Archer's existing risk and issue management modules, companies can identify and act upon impacts, risks, and opportunities (IRO) effectively and all from one place. Moreover, companies can in real time track their progress in completing ESRS as they advance through different stages of reporting. In the next upcoming phases, we’ll be releasing the remaining topical ESRS standards across E, S and G.   IFRS Sustainability Standards The International Sustainability Standards Board (ISSB) of the International Financial Reporting Standards (IFRS) Foundation introduced two key sustainability standards, namely IFRS S1 and IFRS S2, in June 2023. IFRS S1 focuses on disclosure requirements that enable companies to effectively communicate sustainability-related risks and opportunities to investors. On the other hand, IFRS S2 outlines specific climate-related disclosures, intended to complement, and be used alongside IFRS S1. While IFRS Sustainability Standards do not constitute a regulatory framework in themselves, their widespread recognition has prompted several countries to express interest in integrating these standards into their national sustainability reporting frameworks. Among these countries are the U.K., Brazil, Canada, Singapore, South Africa, and more, reflecting a global movement towards adopting comprehensive sustainability reporting practices. With the latest capabilities introduced in our ESG Management solution, companies can effectively report based on IFRS S1 and S2. Our dedicated reporting framework enables companies to streamline their IFRS S1 and S2 reporting, enhancing data collection, structuring, analysis, and risk management capabilities. Take Actions Accelerate your ESG regulatory reporting journey with Archer for improved efficiency, seamless integration, and a comprehensive approach. Register to join us on April 19, 2024 for the Free Friday Tech Huddle (FFTH) dedicated to the latest ESG solution release. To learn more and see the latest functionality in action, contact your dedicated sales representative today to discover how Archer can help you to comply with sustainability regulations.

On March 6, 2024, the SEC finalized its much-anticipated climate disclosure rule for public companies.   The final ruling introduces new mandatory reporting requirements and presents a significant shift for public companies, impacting the entire C-Suite (CFOs, CIOs, CSOs, CCO). Here's a breakdown of the key things executives need to know to prepare for these new mandatory disclosures. What the New Rule Requires: Material Climate-Related Risks. Companies must identify and disclose the present and predicted impact of climate change on their business. This includes physical risks (extreme weather, rising sea levels) and transition risks (regulatory changes, carbon pricing). Risk Mitigation Strategies. Outline the actions your company is taking to mitigate or adapt to climate-related risks. This could involve investments in clean energy, supply chain resilience strategies, or climate-resilient infrastructure. Board Oversight and Management Role. Demonstrate how the board oversees climate-related risks and how management integrates these considerations into strategic decision-making. Climate-Related Targets and Goals (if material). If your company has set climate targets (e.g., net-zero emissions by 2050), you'll need to disclose those, as well as any progress made towards achieving them. Financial Statement Impacts. Companies will need to disclose the financial implications of climate change, including capitalized costs associated with severe weather events and potential write-downs of assets affected by climate risks. Action Steps for Your C-Suite: Cross-functional Collaboration. Effective ESG reporting requires collaboration between finance, IT, sustainability, and legal teams. Establish a clear ESG task force with representatives from each department. Data Gathering and Management. Climate disclosures hinge on robust data. Assess your current data collection and aggregation practices. Identify any gaps in your information and manual processes that could hinder the efficient collection of data related to climate risks and opportunities. Standardization and Consistency. Ensure consistent application of ESG metrics across the organization. For metrics and guidance, consider leveraging frameworks like the Sustainability Accounting Standards Board (SASB) or the Task Force on Climate-Related Financial Disclosures (TCFD). Technology Integration. ESG software solutions can significantly improve data collection, reporting, and scenario modeling. Evaluate and implement software that simplifies compliance and streamlines ESG integration into existing workflows and your enterprise risk management platforms. Internal Communication and Training: Educate your team on the new SEC rules and their impact on different departments. Foster a culture of transparency and accountability around ESG practices. How Archer ESG Solutions Can Help: Automated Data Collection. Archer ESG Management can quickly and efficiently gather, aggregate, and analyze ESG data internally and across your supply chain, empowering decision-makers with actionable, accurate, and timely data. Streamlined Reporting. Generate standardized ESG reports that comply with the SEC's new regulations and streamline disclosure processes.  Archer ESG Disclosure Management is a comprehensive solution that addresses the growing demand for transparency in ESG reporting and allows for systematic and efficient capture of climate-related disclosures. Materiality Assessment.  Archer Double Materiality Calculator helps you quickly and easily assess, calculate, and report on double materiality impacts. Pre-configured assessments based on the E.U. ESRS framework allow for the evaluation of impact and financial materiality assessment. Integrate to the ERM Suite.  The Archer platform allows you to connect to governance, risk, and compliance use cases for a holistic and programmatic approach.  This connectivity provides an integrated view that ensures that ESG is not treated in isolation but rather as an integral part of a broader corporate ERM strategy. The Road to Sustainability The SEC's new climate disclosure rules mark a significant step towards greater transparency in corporate sustainability practices. By taking a proactive approach, prioritizing collaboration, and leveraging technology solutions, your organization can comply with regulations and demonstrate leadership in the evolving ESG landscape. Archer’s ESG solution enables organizations to collect and centralize ESG data into a single platform, evaluate the impact of risks and the opportunities on business strategy, understand 3rd party ESG risks, set ESG goals, and produce auditable reporting all from one integrated platform. If you would like to learn more about how Archer ESG Management Solutions can help your organization address the SEC’s latest rule on climate-related disclosures, download the whitepaper, ESG Reporting: From Data to Action.   For more information or if you would like to speak to an Archer ESG expert, you can contact us here.

On March 4, AWS announced plans for a new infrastructure region within the Kingdom of Saudi Arabia in 2026, supporting Saudi Arabia's ambitious Vision 2030 goals, accelerating digital transformation, and promoting a secure and technologically advanced business environment. This strategic move signifies AWS’s commitment to the Middle East and also heralds a new era of integrated risk management for the region with Archer SaaS.   Archer intends to leverage AWS infrastructure in the region as soon as it becomes available, to enable delivery of unparalleled service performance and reliability for Archer SaaS. We understand the critical importance of data residency and security for businesses operating within Saudi Arabia. The planned AWS region in the Kingdom provides an opportunity to revolutionize how organizations operating in Saudi Arabia manage risk, assurance, and resiliency using Archer SaaS.   Archer's integrated risk management platform, powered by AWS, is far more than a mere tool – it's a comprehensive solution crafted to streamline compliance, enrich decision-making, and cultivate a culture of resilience and innovation. By leveraging advanced quantification and AI capabilities, Archer ensures assurance and fortifies enterprise resilience. Our holistic approach assures that organizations meet regulatory compliance and effectively mitigate risks. Archer SaaS paves the way for a more disruption-resistant digital transformation, enhancing resilience across technology, operations, and the extended enterprise.   As part of our continued support and investment in the region, the combination of AWS’s robust infrastructure and Archer's innovative risk management platform will ensure that Saudi businesses remain at the forefront of risk management best practices. Archer is ready to help redefine the landscape of risk management for businesses operating in the Kingdom. We aim to be a key player in enabling organizations to turn risk and compliance into a strategic advantage.   Interested in learning how Archer SaaS can elevate your organization’s risk and compliance management program? Contact us today.

“By 2027, 45% of chief information security officers (CISOs) will expand their remit beyond cybersecurity, due to increasing regulatory pressure and attack surface expansion” per Gartner®. We believe this isn't just an expansion of responsibility; it's a strategic shift towards unified security management, recognizing the interconnectedness of threats and vulnerabilities. But what are the actual benefits for CISOs and their businesses? Let's explore three key advantages:   1. Holistic Risk Mitigation:  Imagine a security siloed in a bunker, unaware of the cracks in the foundation. Traditional, cyber-focused approaches often miss broader vulnerabilities arising from physical security gaps, business continuity vulnerabilities, and even employee error. Unifying IT, physical, and operational security under one umbrella allows CISOs to identify and address holistic risks, preventing cascading failures and minimizing their impact on the business.   Impact:  This proactive approach can significantly reduce overall risk exposure, preventing costly breaches, production downtime, and reputational damage. Businesses benefit from increased resilience, a more agile security posture, and the ability to proactively manage potential crisis scenarios.   2. Streamlined Operations and Reduced Costs: Duplication of effort is a resource drain. Managing separate security tools and processes for each domain is inefficient and expensive. By consolidating under a unified platform, CISOs can streamline operations, optimize resource allocation, and eliminate redundant tasks.   Impact:  This reduces overall security management costs, frees up valuable resources for innovative initiatives, and improves operational efficiency. Teams can collaborate more effectively, share intelligence across domains, and respond to threats faster, boosting overall productivity and security effectiveness.   3. Enhanced Decision-Making and Strategic Alignment: Siloed data leads to siloed insights. Without a holistic view of threats and vulnerabilities across the organization, CISOs struggle to make informed decisions and secure buy-in from key stakeholders. A unified platform provides a single source of truth, enabling data-driven decision-making and strategic alignment with business objectives.   Impact : CISOs gain a deeper view of security risks and can prioritize investments based on business impact. This fosters trust and collaboration with leadership, aligning security initiatives with business goals and creating a culture of proactive risk management across the organization.   According to us, Gartner prediction isn't just a trend; it's a glimpse into the future of effective security management. By embracing a unified approach, CISOs can move beyond firefighting, mitigate holistic risks, streamline operations, and elevate their strategic impact. Businesses reap the rewards of increased resilience, reduced costs, and a more robust security posture, ultimately navigating the ever-evolving threat landscape with confidence.   For a very limited time, we’re offering Archer customers and future Archer customers a complimentary copy of the report “ Gartner’s Top Strategic Predictions for 2024 and Beyond — Living With the Year Everything Changed. ”   This Gartner report offers predictions for trends, challenges, and strategies that will impact risk management in 2024 and beyond. The report covers Gartner insights on the evolving risk management landscape, advancements in technology, regulatory changes, and their consequential impact on business practices. It also provides actionable insights and proven strategies for effective decision-making and risk mitigation in the coming year.   Don't miss the opportunity to leverage Gartner expertise to stay ahead of the curve in 2024 and beyond. Read the report now!     Gartner, [AC1]   Gartner’s Top Strategic Predictions for 2024 and Beyond — Living With the Year Everything Changed, Daryl Plummer, Frances Karamouzis, and 36 more   GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Archer CEO Bill Diaz addressed these three terms in his keynote at Archer Summit 2023. Bill was speaking about the mindset necessary for chief risk officers and risk teams need to adopt for success in today's operating environment.   Coincidentally, I couldn't think of three better words to describe the mindset of the many people that we work with day in and day out, including our customers, our partners, executives and risk professionals working inside organisations that are looking for solutions to improve their programs. We listen and we understand the challenges they face, as well as the opportunities they want to harness.   These terms also reflect the changing appetite for risk technology in the India market. We see organisations across all industries looking for risk technology that demonstrates:   Agility -- the ability to reach multiple audiences and have the solution bend and shape to their needs. Resilience -- risk technology delivered in a resilient manner (i.e. secure and highly available) but that also delivers workloads that enable resilience in the organisation itself (e.g. enterprise risk management, cyber risk management, third party risk management). Foresight -- solutions that fuse global best practices, emerging practices (such as risk quantification and ESG) and emerging technology (such as AI) that also cater to local requirements (such as in-country cloud).   In March 2023, Archer announced  investments it was making in India, including doubling of our local account and solutions consulting team and plans for a new SaaS data center in India.   Today, we’re pleased to launch the newest data center for Archer SaaS in India, which enables us to address the requirements of our customers in the region. SaaS adoption is climbing quickly, with the Indian SaaS ecosystem already the second largest globally. The Indian economy set to become the third largest globally by 2030 and the demand for SaaS based risk technology has never been higher.   Local regulators, including SEBI and the RBI, expect organisations doing business in India to have increasingly robust risk and IT governance programs, while ensuring their critical IT systems are secure and onshore. These capabilities are now must haves. The Archer team in India is proud to enable risk management excellence for many Indian organisations. We are actively working with multiple marquee Indian customers in financial services and IT/IS to already run risk workloads in the cloud and to migrate some on-premises deployed customers to Archer SaaS.   To learn more about Archer SaaS in India, please register your interest here.

Authors : Tahmina Day and Vinod Sreedharan Third-party relationships have evolved, making suppliers integral to core business functions. This deep integration introduces complex risks that demand a strategic approach to third-party risk management (TPRM). Beyond being a compliance task, a well-designed TPRM program becomes a business enabler. It supports confident growth, strengthens partnerships, and offers a competitive advantage through superior risk intelligence. This shift in culture transforms TPRM from a distracting necessity into a significant asset for the organization. Gartner : Organizations are increasingly relying on third parties, including vendors, partners, and service providers, to achieve business objectives, deliver products and services, and boost operational efficiency. Despite the growing risks, many organizations struggle to manage third-party risks effectively. Only 16% of organizations, according to Gartner, believe they effectively manage third-party risks. Source: https://www.gartner.com/en/legal-compliance/trends/third-party-risk-governance-and-technology   Why TPRM Has Become Essential for Business Success Business leaders today face a delicate balancing act: harnessing external partners for growth while protecting the organization from inherent risks. Every new vendor introduces potential vulnerabilities across cybersecurity, compliance, and brand reputation. The real challenge is finding a risk management approach that enables business agility, not one that constrains it. Organizations that succeed in this balance realize that thoughtful risk management strengthens vendor relationships. When suppliers understand your risk priorities as shared objectives, partnerships become more productive, and trust deepens naturally, making TPRM essential for success. Establishing a Centralized Risk-Based TPRM Program Today, TPRM responsibilities are often scattered across departments, such as Procurement, Legal, and IT, which work in isolation using different criteria. This fragmentation leads to critical information falling through the cracks, preventing a complete view of vendor risk. This becomes dangerous when issues arise, as a cybersecurity incident or financial trouble at a supplier may not be discovered until it's too late to prevent disruption. Smart organizations solve this by centralizing TPRM, creating unified processes that give everyone access to the same information. They also tailor evaluation requirements to a vendor’s actual risk level—a critical cloud provider gets a thorough review, while a low-risk office supplier gets basic verification. This proportional approach allocates resources effectively, avoiding unnecessary overhead. The key is maintaining a single, authoritative record for each vendor relationship so that decisions are faster and more consistent across the organization. Verdantix : The market for third-party risk management is undergoing a period of accelerated innovation, driven by a greater focus on business resilience, incoming mandatory regulations, pressure to meet ESG expectations, and unprecedented levels of scrutiny over data quality and reporting. Source: https://www.verdantix.com/client-portal/report/buyer-s-guide-third-party-risk-management-software-2024   Implementing Continuous Risk Monitoring Vendor risk profiles can change overnight due to cybersecurity incidents, financial deterioration, or market disruptions. This requires monitoring that provides early warning signals, not just post-incident notifications. Continuous monitoring integrates real-time data feeds from cyber threat intelligence and regulatory watchlists, creating dynamic risk profiles that reflect current conditions. Smart alert configurations flag significant deviations and trend analytics identify patterns to enable proactive management. This allows organizations to intervene early, addressing emerging issues before they escalate into business disruption. Forrester : Third-party risk management (TPRM) is not keeping up with business reality. As organizations expand their ecosystem of third-party relationships, so must they evolve their strategies to mitigate the risks arising from the interconnectedness of these relationships.  Source: https://www.forrester.com/blogs/the-state-of-third-party-risk-management-2024-dire-hopeful-but-mostly-noseblind/   Integrating TPRM with Enterprise Governance TPRM programs achieve strategic value when they become integral to enterprise decision-making, moving beyond isolated compliance functions. Risk insights should directly inform sourcing, investment, and strategic partnerships. Successful integration requires seamless workflows that connect TPRM with procurement, legal, and enterprise risk management processes. All departments must work from consistent data and shared risk frameworks to ensure coordinated responses to vendor-related challenges. Executive reporting is crucial, providing clear, contextualized vendor risk information that links third-party exposures to business impact metrics. This helps senior leaders understand how risks might affect customer satisfaction, revenue, and brand reputation, enabling more informed decisions. Prioritization should also be based on business impact, ensuring that resources are allocated proportionally to potential consequences. IDC : As risks presented by third-party providers expand to include areas of cybersecurity, operational resiliency, and ethics management, organizations are seeking robust third-party risk management solutions to help automate and improve upon vendor risk management programs. Source: https://my.idc.com/getdoc.jsp?containerId=US48295522   Building a Partnership-Focused Culture While technology is essential for modern TPRM, sustainable success requires a cultural shift toward collaboration. The most effective programs treat vendors as strategic partners who share responsibility for risk outcomes. Open communication a bout risk priorities enables proactive issue resolution, a more effective approach than compliance enforcement. Measuring success through business outcomes, like partnership strengthening and incident reduction, demonstrates clear value to leadership beyond traditional compliance metrics. The Path Forward Third-party risk management is a critical capability for modern organizations. The challenge for leaders is transforming existing processes into strategic advantages. Success requires integrated thinking, continuous improvement, and collaborative partnerships. Organizations that navigate this transformation build resilient operations and position themselves for sustainable growth. Investing in mature TPRM capabilities pays dividends through improved decision-making, stronger vendor relationships, and enhanced competitive advantage in dynamic markets. Ready to transform your TPRM program from compliance burden to strategic advantage? Discover how Archer's third-party governance solutions can centralize your risk management, strengthen vendor partnerships, and drive measurable business value. Learn more about Archer's TPRM capabilities  and contact us for a demo   today.

Day 1 set the stage for Archer Summit 2025 and Day 2 built momentum. From the opening keynote to closing labs, one message was clear: risk and compliance aren’t slowing down—and neither are we.  Beyond new tools and features, what stood out were the best practices and lessons learned our customers and partners shared, with honest stories about what works, what doesn’t, and how progress really gets made.  The Future of Compliance and Risk Management  The product keynote focused on the newly introduced Archer Evolv™ Risk and Archer Evolv Intelligence offerings that round out the Archer Evolv portfolio. These latest Archer Evolv solutions will reshape how organizations approach GRC.  It’s no longer viewed as a back-office requirement. It’s becoming an even bigger driver of trust and stronger decision-making. The discussion made clear that responding to regulatory change and managing risk with speed and clarity is now an expectation at the board level.  Client Perspectives That Resonate  Client-led sessions throughout Day 2 reinforced that message with real-world examples:  Turkcell  showed how centralizing audit work improved oversight and fostered a culture of accountability.  Mass General Brigham  shared a powerful metric—reducing cyber risk assessments from 62 days to 15—the kind of result that proves efficiency doesn’t mean having to cut corners.  Amazon  demonstrated resilience at scale, planning for disruptions as a constant reality rather than a rare events.  BECU  showcased their journey to SaaS and why it was worth it.  Talcott Financial Group’ s session resonated with attendees facing heavily customized legacy systems, sharing how they navigated the upgrade path.  Fifth Third, TD Bank, Corebridge, and Nationwide  highlighted how persistence through complexity pays off when programs become easier to use, adopt, and trust.  A Fresh Look at Third-Party Risk Management  A panel on third-party risk management was another highlight of Day 2. Rather than focusing on technology alone, the discussion emphasized judgment—how to filter vast amounts of intelligence into decisive, actionable steps. The consensus was clear that data is not the destination but rather the starting point.  Innovation in Focus  Even the product sessions felt different today. New dashboards and workflows in Archer NGRX showed how daily tasks can be simplified. A session on Personal Access Tokens demonstrated how small security enhancements can reduce friction while strengthening confidence. In the labs, hands-on work with Smart Assessments and Archer AI Governance provided attendees with firsthand experience in transforming manual tasks into measurable momentum.   Day 2 delivered insights from clients, candor from partners, and innovation from Archer product teams. It all pointed to the same message: progress is no longer theoretical. It’s happening now. And the impact is visible across organizations, teams, and strategies.

There’s something about Chicago. The sweeping skyline, the iconic architecture, the energy of a city that’s constantly reinventing itself. It’s the perfect backdrop for Archer Summit 2025 and this year’s gathering of GRC professionals has officially kicked off. It’s more than just another industry conference. It’s a reunion, a look forward, and a chance to roll up our sleeves together to tackle the future of compliance and risk management.  This year celebrates the 20 th  Archer Summit, and this year feels different. Bigger. Faster. Bolder. Archer has been moving at an unprecedented pace, laser-focused on delivering innovative GRC solutions that help organizations to thrive in today’s uncertain environment. And the announcements we’re sharing this week prove it.  A Future-Focused Archer Summit for GRC Professionals  The conversations happening in Chicago this week are bigger than software releases or technical upgrades. They’re about building sustainable, impactful risk and compliance programs that can withstand the pressures of modern business.   Let’s face it: the risk and compliance landscape has never been more complex. Regulations aren’t slowing down - they’re multiplying and intersecting. Risks aren’t confined to neat categories anymore - they’re cascading across supply chains, geographies, and business units. And GRC isn’t just about checking boxes - it’s about ensuring resilience, protecting brand reputation, and creating confidence in every decision.  That’s the spirit of Archer Summit 2025: taking on these challenges together, with the tools, insights, and community to move forward with confidence.  Innovation on Display: What’s New at Archer Summit 2025  This year, Archer is making some major announcements that reshape the way organizations think about compliance and  risk management. Highlights include:  1. The Introduction of Archer Evolv™ Risk   We’re ushering in the next evolution of enterprise risk management with Archer Evolv Risk - a solution built for organizations that need to manage uncertainty at scale.  Risk management has always been about trade-offs: where to invest, what to prioritize, how to weigh compliance requirements against strategic goals. But too often, risk assessments are qualitative, disconnected, and outdated as soon as they’re complete. Archer Evolv Risk changes that.  With Archer Evolv Risk, you can quantify risks, simulate scenarios, and evaluate the true economic impact of their decisions. Want to understand the ROI of a new control? Want to compare the cost of compliance against the cost of risk exposure? Want to give your board a clear, quantified view of top risks? That’s exactly what Evolv Risk is designed to do.   2. The Introduction of Archer Evolv™ Intelligence   Archer Evolv Intelligence is our next-generation analytics approach, designed to unlock the full power of operational GRC data.   With Archer Evolv Intelligence, we’re bridging the gap between data and action. Imagine being able to surface hidden trends, spot emerging risks, and make decisions with confidence because your analytics engine is continuously learning from your operational data. This isn’t about static dashboards. It’s about an intelligent layer of insight that adapts as your business and the regulatory landscape changes.  In a world where risk management must be proactive, Archer Evolv Intelligence puts GRC teams a step ahead.   Why This Matters for GRC  These announcements are part of a bigger story: the evolution of how organizations approach GRC.  From reactive to proactive: Traditional compliance programs were built to react. New regulation, new process; new risk, new mitigation. But today, organizations that excel are those that stay ahead of change. Our strategy is simple: help clients shift from reactive reporting to proactive insight.  From qualitative to quantitative: Risk management can’t rely solely on heat maps and color codes anymore. Boards, regulators, and investors expect hard numbers—expected loss, value at risk, ROI for controls. Archer Evolv Risk makes those numbers possible without requiring a PhD in statistics.  From siloed to integrated: Risk and compliance don’t live in one department, and neither should your GRC program. Archer’s continued adaptation across the portfolio ensures that whether you’re in compliance, audit, resilience, or third-party management, you’re working with connected data and shared insights.  From compliance-centric to business-centric: At its core, compliance management is about more than avoiding fines. It’s about protecting your organization’s reputation, building resilience, and creating the confidence to innovate. GRC is no longer a back-office function. It’s central to business strategy.     Final Thoughts  If you’re a GRC professional, whether you’re leading risk management at a global enterprise, managing compliance in a highly regulated industry, or just getting your program off the ground, this year’s Archer Summit is driving home several key trends:  Analytics is redefining GRC.  There is a new standard for risk management.  GRC programs are adapting to meet emerging challenges.  The skyline of Chicago at Archer Summit 2025 is a metaphor for what we’re building together—strong foundations, bold structures, and a future that can withstand the test of time.  Here’s to another great Archer Summit. And here’s to the future of compliance and risk management.

While the need for risk management has never been more critical, the challenge goes beyond just managing risks. It requires evolving processes to fuel innovation and business growth. The Archer Platform empowers businesses to manage risk  across the organization through a transformative user experience, intelligent workflows, and real-time insights. Empowering Your Users Archer is built with the user in mind, delivering a truly transformational experience that simplifies the most complex aspects of risk management.  A clean, intuitive UI allows teams to spend less time trying to remember how to do risk management and more time on critical steps, improving the quality and timeliness of information, reducing bottlenecks and improving decision-making processes. Redefining Risk and Compliance Management with Intelligent Workflows Going beyond just making risk management easier, Archer introduces intelligent AI-driven workflows that completely redefine how organizations manage GRC. These workflows are designed to automate repetitive tasks, streamline processes, and provide end-to-end visibility, ensuring that users can respond to risks with better information and with greater precision. Archer workflows transform risk and compliance from being reactive processes to proactive, value-driving activities that fuel growth for your business. Redefining Risk and Compliance Management with Intelligent Workflows Going beyond just making risk management easier, Archer introduces intelligent AI-driven workflows that completely redefine how organizations manage GRC. These workflows are designed to automate repetitive tasks, streamline processes, and provide end-to-end visibility, ensuring that users can respond to risks with better information and with greater precision. Archer workflows transform risk and compliance from being reactive processes to proactive, value-driving activities that fuel growth for your business. Delivering Real-Time Business Insights for Informed Decisions One of the most significant advantages of Archer is delivery of quantifiable business insights that guide users in making informed decisions. In risk management, having financial information to evaluate risks is critical. Archer integrates quantifiable data from across your business, offering a comparable view of risks, compliance status, and potential pitfalls. With these insights at your fingertips, you can identify trends, anticipate challenges, and take measured steps to mitigate risk. Quantifiable insights also provide a clear, actionable picture of the organization’s enterprise risk posture, enabling leadership to make strategic decisions that align with their strategic and operating objectives. Conclusion Archer doesn’t just help organizations manage risk. We help our clients —transform the way they approach GRC to drive business innovation and growth. Through a simplified user experience, intelligent workflows, and real-time insights, Archer empowers users to take control of risk management and make smarter, faster decisions. By integrating risk management seamlessly into your business, Archer ensures that your organization is not only protected from risk but also positioned to thrive in an ever-changing landscape. Interested in learning more about the Next Generation Risk Experience with Archer? Watch the video , check out the website , or contact us.

The United Kingdom is setting the tone in the global corporate governance conversation. Provision 29 of the revised UK Corporate Governance Code 2024 marks a significant development in how boards are expected to assess and disclose the effectiveness of their risk management and internal control arrangements. While applicable only to UK-listed companies, the principles embedded in the provision are already resonating with practitioners, investors, and regulators beyond the country's borders.   Provision 29 requires boards to produce an annual declaration on the effectiveness of material internal controls. These controls extend beyond traditional financial reporting to cover operational processes, compliance activities, and the increasingly important sphere of narrative and non-financial reporting. This breadth reflects the reality that risks are interconnected and that oversight must be equally comprehensive.   Although comparisons to the U.S. Sarbanes-Oxley Act (SOX) are common, there are key differences. Provision 29 remains a principles-based requirement within the UK's "comply or explain" framework. It does not mandate auditor attestation, impose statutory penalties for deficiencies, or prescribe a rigid methodology. Instead, it relies on transparency, investor scrutiny, and reputational accountability to drive compliance. The underlying philosophy is that boards should have flexibility in how they design, operate, and assess controls, provided they can clearly explain their approach and conclusions.   Alignment with Established Risk Management Frameworks One reason the provision is attracting international interest is its compatibility with widely recognized Enterprise Risk Management (ERM) frameworks:   The COSO framework  emphasizes governance structures, strategic integration, and performance monitoring. Provision 29's requirement for a board-level declaration reinforces these principles by making directors explicitly accountable for the adequacy and effectiveness of the control environment.   ISO 31000 , the global standard for risk management, calls for a systematic approach to identifying, analyzing, and mitigating risk. Boards adopting ISO 31000 principles will find they already address many of the processes necessary to meet Provision 29 requirements. Although the "Three Lines of Defense" model  is not referenced explicitly, the approach anticipated under Provision 29 aligns naturally with its logic: operational management as the first line, risk and compliance functions as the second, and independent assurance as the third. This structure provides a coherent evidence base for the annual declaration. For organizations with mature ERM systems, complying with Provision 29 may not require wholesale change. The main adjustment lies in enhancing the integration of control evaluations into board reporting cycles, documenting assurance activities in a way that supports public statements, and ensuring the process is embedded in both culture and practice.   Historical Precedents of UK Regulatory Influence Provision 29 sits within a long tradition of UK regulatory and governance developments whose influence has extended far beyond domestic borders:   ·  The Cadbury Report of 1992  established principles for board responsibilities, audit committees, and the "comply or explain" approach. Its ideas were integrated into the UK's Combined Code and have influenced national governance codes from South Africa's King Reports to Singapore's Code of Corporate Governance, as well as shaping the OECD Principles of Corporate Governance.   ·  The UK's company law framework , particularly as consolidated in the Companies Act 2006, has provided a reference point for many Commonwealth jurisdictions and other countries operating under common law traditions. While individual statutes vary, concepts such as directors' duties, shareholder rights, and disclosure obligations owe much to the UK model.   · The UK Bribery Act 2010  introduced a corporate offense of failure to prevent bribery, applied to both public and private sectors, and included extraterritorial jurisdiction. This uncompromising approach has prompted multinational companies to strengthen their global anti-bribery programs and has been studied by other legislatures considering similar provisions.   ·  The Modern Slavery Act 2015  pioneered mandatory annual reporting on steps taken to prevent forced labor and human trafficking in operations and supply chains. This transparency model has since been adopted in Australia and is reflected in current and forthcoming EU supply-chain due diligence laws.   ·  The Senior Managers and Certification Regime (SMCR) , introduced in UK financial services in 2016, assigned prescribed responsibilities to named individuals and required annual certification of certain roles. Variants of this accountability framework now exist in Hong Kong, Australia, Singapore, and Ireland, reflecting a shared regulatory goal of ensuring personal responsibility in senior roles.   Why Organizations Outside the UK Should Pay Attention Provision 29's influence is not driven by statutory enforcement powers. Instead, it is becoming a reference point because it codifies governance practices that many institutional investors and rating agencies already value. A clear and credible board-level statement on control effectiveness signals organizational maturity, transparency, and a proactive stance toward risk.   For multinational groups, adopting processes that meet or align with Provision 29 offers several advantages. It strengthens investor confidence, facilitates consistent risk oversight across jurisdictions, and prepares the organization for possible adoption of similar rules in other markets. It can also improve internal efficiency by embedding risk evaluation into strategic decision-making rather than treating it as an isolated compliance exercise. Provision 29 is unlikely to become a universal legal requirement in the near term, but its principles are positioned to influence global practice. As boards and executives face increasingly complex risk environments, frameworks that combine flexibility with accountability will be at a premium.   The decision for organizations outside the UK is not simply whether to comply—it is whether to benchmark themselves against an approach that is gaining traction among investors, regulators, and governance professionals as a credible model for integrated risk oversight. Those who adopt its principles early may gain both reputational and operational benefits, while those who wait risk being seen as lagging behind emerging expectations. Take Action: Transform Risk Management Lessons into Practice Ready to explore how Provision 29's principles can strengthen your organization's risk oversight? Download the eBook "6 Risk Management Lessons from Provision 29 of the UK Corporate Governance Code"  to: Explore how the principles of Provision 29 offer globally relevant strategies for strengthening risk and internal control systems Learn how to proactively address third- and fourth-party risk across complex supply chains Discover why treating risk management as a strategic capability, not just a compliance requirement, positions your organization for long-term resilience   In this eBook, you'll find six clear, actionable lessons that help translate the principles of Provision 29 into everyday business practices. Whether you're in the UK or operating globally, these insights can support smarter risk management and a stronger, more resilient organization.

Risk management professionals face unprecedented challenges, as regulatory requirements evolve at breakneck speed and organizations demand more precise, data-driven risk assessments. The latest independent research from Verdantix confirms what many compliance leaders already know – that the right GRC platform can make the difference between reactive firefighting and strategic risk excellence.   Verdantix recently published its comprehensive Verdantix Green Quadrant: GRC Software 2025 report, positioning Archer in the Leaders Quadrant. This recognition comes from rigorous evaluation of 15 leading GRC software providers and covers both platform capabilities and market momentum.   According to the Verdantix report: "Archer demonstrates significant strengths in quantitative risk scoring methodologies, providing organizations with precise, data-driven assessments of risk exposure." Archer achieved a perfect score in regulatory change management and the highest possible rating in Verdantix's evaluation framework. This best-in-class performance stems from Archer’s AI-powered approach to compliance obligations, to enhance accuracy, consistency, and responsiveness across regulatory workflows. Archer also earned strong above-average scores from Verdantix in audit management, data inputs and business intelligence, governance and policy management, and reporting capabilities.   The Verdantix report reveals significant market momentum that aligns with Archer’s strategic direction.   ”Over 65% of participants in the Verdantix 2024 Global Corporate Risk Management survey said they plan to boost their spending on GRC software by at least 10% within the next two years.” It’s clear that organizations are abandoning static, point-in-time risk assessments in favor of dynamic, continuous monitoring capabilities.   The Verdantix report also notes that "firms are prioritizing platforms with well-developed, purpose-built use cases that span the complete risk lifecycle." This shift toward comprehensive solutions reflects growing recognition that fragmented approaches can't keep pace with today's interconnected risk landscape.   The Verdantix report highlights a critical market reality: regulatory expectations are evolving faster than ever, especially in sustainability disclosures, AI governance, data privacy, and financial resilience. Organizations need platforms that can adapt quickly while maintaining the rigorous control environment that auditors and regulators demand.   The recognition from Verdantix validates our commitment to quantitative excellence and AI-powered compliance management. As regulatory complexity continues to increase, organizations need partners who can deliver both sophisticated capabilities and practical implementation approaches. For risk and compliance professionals evaluating their technology strategy, the Verdantix report provides independent confirmation of Archer's leadership position in critical areas that directly impact program success.   Read the report  and contact us   to learn more about how Archer can help you optimize your GRC program.

Organizations are continuing to embed artificial intelligence in business operations, from third-party applications to internally developed tools. As adoption grows, so does the need for oversight. Without a defined approach to AI governance, organizations expose themselves to compliance gaps, reputational damage, and operational failures. Whether you are building AI models in-house or relying on vendor solutions, a consistent governance framework   is essential to identify, manage, and address risk across the enterprise. Internal AI Solutions: More Control, More Risk Enterprise teams are increasingly developing custom AI solutions to accelerate business outcomes, improve operational efficiency, and gain competitive insights. These internal innovations drive significant value but also introduce governance challenges that require proactive management. Without structured oversight, internal AI development can create blind spots in your risk profile. Risks include: Unintended bias that skews results or reinforces inequalities Amplified data quality issues that impact decision-making Compliance gaps when models operate outside established frameworks Lack of visibility into how AI is being built, deployed, and monitored Without effective internal AI governance, organizations cannot: Maintain a clear understanding of how AI is being used Keep accurate AI inventories across business units Ensure alignment with emerging regulatory requirements such as the EU AI Act Building powerful AI systems is only part of the equation. Promoting ethical practices and ensuring responsible use must be central to every AI initiative. Third-Party AI Tools: Accountability Still Falls on You Using vendor software with embedded AI does not eliminate responsibility. Even when development happens outside your organization, you remain accountable for how these tools perform within your environment. Most vendors do not provide full transparency into how their AI models are trained or how outputs are generated. That lack of visibility makes it essential to evaluate external AI tools before and after adoption. Establish a standard set of review criteria that includes: How data is collected, stored, and secured How models are monitored and updated How outputs are explained and validated The EU AI Act reinforces this shared responsibility. While obligations apply to AI developers and providers, organizations are equally accountable for how systems are deployed and used. You may not control how an external model was built, but you are responsible for monitoring its outcomes and ensuring its use complies with regulatory requirements. This is not about avoiding AI. It is about using it responsibly and with a clear understanding of your obligations. AI Governance: From Policy to Program Effective governance cannot be achieved through ad hoc efforts. As AI expands across the enterprise, organizations need a programmatic approach that establishes process, ownership, and accountability. This requires more than a policy. It requires cross-functional engagement, defined roles, and clear responsibilities. The goal of AI governance is to reduce uncertainty. With a program in place, organizations can confidently adopt AI, knowing it is being managed responsibly, ethically, and in compliance with applicable laws and regulations. Learn More Archer and EY have come together to delivery this insightful webcast on ‘ The EU AI Act in Focus: Ecosystem-Wide Strategies for Responsible AI ’. The discussion will explore why AI governance must go beyond just meeting EU AI Act requirements and become a core, sustainable process within organizations. This session will foster important conversations for developing an AI governance strategy that adapts and grows with your organization’s needs. Discover how Archer and EY are helping enterprises use AI responsibly. Watch the webcast here.