The three elements of GRC play the following roles in a company.
Governance
Governance captures a company’s overall system of rules, regulations, practices, and guidelines to operate, control and manage its business. Governance sets the tone of the behaviour, culture, ethos, and regulatory structure that helps a company reach a healthy balance between all its major stakeholders—from the wide society to its employees, board of directors, and shareholders.
Risk or Risk management
This is the process of identifying potential vulnerabilities and threats to a financial institution and acting to mitigate or prevent them from materialising. There are various types of risks within financial institutions covering Enterprise, Strategic, Market, Liquidity, Credit, Financial, Operational, Cyber and many more.
Compliance
Compliance ensures abiding by applicable rules and regulations, either external by law or internal company policies, to safeguard a company and its employees to conduct business legally and ethically. They are designed to ensure that misconduct or violations can be detected, prevented, or resolved early, ahead of any serious consequences such as criminal prosecution, fines, or severe damage to a company’s reputation.