The EU’s Digital Operational Resilience Act (DORA) as well as the UK Financial Conduct Authority’s (FCA) standards have set new benchmarks for operational resilience in financial services. However, typical GRC tools fall short in the face of these regulations, in many ways, including:

1. Scenario Testing: DORA encourages comprehensive scenario testing. Standard GRC solutions lack mechanisms to support complex scenario modelling

2. Business Continuity: The FCA requires robust business continuity plans. GRC tools without process simulation capabilities may struggle to validate the effectiveness of such plans

3. Resource Allocation: The FCA calls for adequate resource allocation to ensure resilience. GRC tools typically do not offer insights into operational bottlenecks that affect resource optimisation

4. Network and Information Systems: FCA standards emphasise the security of network and information systems. GRC tools lack the capability to simulate network disruptions and their business impacts

5. Incident Reporting: DORA requires immediate reporting of significant cyber incidents. Traditional GRC tools may lack real-time incident tracking and alerting mechanisms. Or, they might depend on a separate incident tracking system, which presents challenges in integration and notification