Risk and Compliance Trends

With the constantly evolving regulatory landscape, and the growing emphasis on corporate social responsibility, risk and compliance management has become increasingly important for businesses.

In 2023, we are seeing a strong focus on ‘Governance, Risk, and Compliance’ (GRC), ‘Enterprise Risk Management’ (ERM), and ‘Environmental, Social, and Governance’ (ESG) considerations.


GRC is a term used to describe the integrated approach to managing a business’s overall governance, risk management, and compliance with its regulatory requirements. In 2023, organisations are continuing to prioritise GRC initiatives to ensure that they comply with laws, regulations, and industry standards while minimising risks to their business operations.

One of the key trends we’re seeing in businesses is the adoption of GRC software platforms. These platforms enable companies to automate and streamline their compliance efforts, reducing the risk of non-compliance and enhancing their ability to identify, assess, and manage risks across their operations.

Another trend in GRC is the increased focus on privacy and data protection. With the growing threat of cyber-attacks and data breaches, it is important to take steps to protect your sensitive customer and employee data.

This includes implementing robust cybersecurity measures, conducting regular security audits, and ensuring compliance with data protection regulations. This year we’ve seen several of our clients creating internal roles tasked with providing independent perspective and advice across the areas of Security Risk Assessments, Cyber Governance, Strategy, and Policy Frameworks.

By integrating GRC into the organisation, you will be more aware of the amount of data and information you have, and know whether it is fully compliant with the ever-changing regulatory landscape.


ERM is a holistic approach to identifying, assessing, and managing risks across your entire organisation. In 2023, companies are continuing to adopt ERM strategies to mitigate risks and improve their overall risk posture.

Like GRC, one of the top trends in ERM is the integration of technology. Advances in technology have made it easier for companies to collect, analyse, and manage data which can be used to identify potential risks and develop mitigation strategies. Companies are increasingly using predictive analytics and machine learning to identify potential risks and make informed decisions about risk management.

From a recruitment perspective, we have seen an increase in demand for risk professionals with strong systems skills, and the ability to use software such as Tableau and Power BI. The available talent pool for this skill set in New Zealand is limited, with a large volume of these professionals in Europe with no immediate plans to return to New Zealand.

Another trend in ERM is the focus on resilience. Possibly sped along after COVID, and more frequent natural disasters, companies are recognising the importance of being able to adapt and respond to unexpected risks and disruptions.

This includes developing robust business continuity plans, investing in disaster recovery capabilities, and conducting regular risk assessments to ensure that you are prepared for potential threats. We are seeing more and more ‘Risk’ roles that include areas such as Business Continuity Management and Incident Response as part of the role’s responsibilities.


ESG considerations are becoming increasingly important for companies. Today, there is an understanding that ESG is a business risk – and smart businesses are taking steps to reduce it.

With the growing threat of climate change, it is important to take steps to reduce your carbon footprint. We are seeing more and more businesses taking real action to mitigate the environmental impact of their operations. This includes investing in renewable energy sources, adopting sustainable business practices, and developing robust environmental management systems.

We are also seeing a focus on the “S” of ESG – the engagement with internal and external stakeholders. There is an increased pressure on businesses to consider conduct and focus on the way they interact with stakeholders. The evolving regulatory landscape is pushing towards more transparency around reporting and due diligence. The Conduct of Financial Institutions (CoFI) legislation is an example of this.

Prioritising initiatives across GRC, ERM, and ESG will help you navigate the rapidly evolving regulatory landscape, mitigate risks, and demonstrate your commitment to corporate social responsibility

For more insights from our Accounting and Finance recruitment specialists download our 2023 Market Insights: https://www.huntercampbell.co.nz/market-insights-downloads/


Back to Insights