Workforce Planning: The Foundation of Effective GRC Programs

Workforce Planning: The Foundation of Effective GRC Programs

Amid increasingly complex regulations and rising stakeholder pressures, financial institutions require robust governance, risk management, and compliance (GRC) frameworks centred on accountability, ethics, and transparency. However, even the most finely tuned GRC programs ultimately rely on skilled talent to execute the controls and oversight guarding against misconduct. This article will examine how integrated workforce planning enables institutions to build GRC teams equipped to meet these rising ethical expectations and regulatory demands.

What is Workforce Planning?

Workforce planning is an integrated strategy addressing an organisation’s talent needs to achieve its objectives. It involves understanding workforce priorities, gaps, capabilities, and risks both currently and projected into the future based on corporate strategy. Workforce planning enables insightful talent decision-making.

For GRC teams, workforce planning facilitates hiring, developing and organising the right compliance, audit, ethics, and operational risk talent. It aligns critical oversight functions with enterprise goals related to product innovation, growth, efficiency, and sustainable risk culture.

What are the 6 Key Stages of Workforce Planning?

Effective GRC workforce planning follows six core stages:

  1. Set workforce objectives: Identify required competencies, skills, roles and responsibilities across lines of defence to address known and anticipated regulatory issues. Consider location strategies and diversity aims.
  2. Assess current state: Take stock of existing oversight personnel—their skills, engagement levels, strengths and development needs relative to goals. Analyse dependencies and gaps.
  3. Scan external landscape: Research talent availability, competition, upcoming regulations and market trends influencing oversight needs to inform recruiting and mobility.
  4. Model future scenarios: Project supply and demand to gain insight into hiring, upskilling and redeployment imperatives 2-5 years out based on corporate strategy iterations.
  5. Implement initiatives: Execute recruiting, learning programs, job rotations, assessments, and other initiatives addressing identified talent and skill priorities and gaps.
  6. Monitor and revisit: Continually evaluate program effectiveness, iterate on approach as required and keep aligned to business objectives.

Regulations Driving Talent Focus

GRC workforce development is essential because to significant current and upcoming requirements, particularly in regulated areas like the finance sector. Only organisations that consciously select GRC talent through careful workforce planning will remain effective as regulations multiply. Among the important rules are:

  1. Senior Managers and Certification Regime (SMCR): pertaining to the UK financial services industry, SMCR sets guidelines for the accountability and duty of those holding senior positions. It affects how businesses organise and design their GRC personnel.
  2. Financial Services and Markets Act 2000 (FSMA): This law affects the governance, risk, and compliance departments of financial services companies by providing guidelines.
  3. Financial Conduct Authority (FCA) Regulations: The FCA establishes particular rules and directives for financial organisations, including GRC roles and duties.
  4. The GDPR, or General Data Protection Regulation: GDPR affects workforce planning for GRC experts, particularly with regard to data protection and privacy compliance, and is applicable to firms that handle personal data.
  5. The Modern Slavery Act of 2015 mandates that businesses consider the possibility of modern slavery in their supply networks and operations. GRC specialists could be involved in making sure this rule is followed.
  6. Data Protection Act 2018: This complements GDPR and outlines specific provisions related to the processing of personal data. GRC workforce planning needs to align with data protection requirements.
  7. Equality Act 2010: GRC professionals need to consider diversity and equality in workforce planning to comply with regulations prohibiting discrimination on various grounds.
  8. Basel III: Relevant for financial institutions, Basel III establishes international regulatory standards for banking. GRC workforce planning may be influenced by compliance with Basel III requirements.
  9. ISO 19600 – Compliance Management Systems: While not a legal regulation, adherence to ISO standards, such as ISO 19600 for compliance management, can guide GRC workforce planning practices.

Internal Talent Development Programmes

Institutions seeking GRC excellence cannot solely recruit their way to aptitude. They must also develop internal high potentials through training and exposure. Tactics include:

  • documenting clear oversight career paths to motivate talent;
  • offering mentorships between seasoned and emerging personnel;
  • conducting cross-training rotations into oversight functions;
  • providing continuous learning incentives like conferences and certifications; and
  • running simulation exercises allowing application of knowledge.

By coupling external hiring guided by workforce planning with robust internal advancement programs, financial sector players reinforce ethical culture while unlocking innovation.


In summary, the complex environment of contemporary finance necessitates strategically designed Governance, Risk, and Compliance (GRC) workforces created using data-driven talent planning. Identifying skills shortages, comprehending supply chain dynamics, and investigating related opportunities are critical actions for companies looking to reduce risks and avoid oversight shortcomings. Workforce planning emerges as the cornerstone for sustaining operational resilience as firms continue to negotiate the changing regulatory environment and uphold ethical standards. It offers a stable roadmap even in the face of difficult times. Entities operating in regulated industries must make sure that their workforce planning is proactive in aligning with the complex compliance needs of their particular industry and country, in addition to being up to current on regulatory revisions. In doing this, workforce planning provides the blueprint for continued operational resilience through even the most turbulent times.

Need help?

With extensive expertise in workforce planning and talent acquisition, C&G consultants are well-equipped to help firms navigate evolving regulatory complexity. Our team has held senior roles at top UK brokerages, giving firsthand insight into industry talent needs. We leverage this experience to assist companies in strengthening internal oversight capabilities amid new regulations and reforms. Our services span workforce planning, talent acquisition and provide in-house training. For additional details on collaborating with us as your workforce planning and talent partner, please contact us.


  1. Strategic Workforce Planning. Chartered Institute of Personal Development. Available at: Strategic workforce planning | CIPD (last accessed 28 November 2023).
  2. Global Impact Report. Deloitte. Available at: Governance | Deloitte 2023 Global Impact Report: Governance (last accessed 28 November 2023)
  3. DP18/2: Transforming Culture in Financial Services. Financial Conduct Authority. Available at: Discussion Paper 18/2: Transforming Culture in Financial Services ( (last accessed 28th November 2023).
  4. Ferrazzi, K., 7. Ways to improve employee development programs. Harvard Business Review. Available at: 7 Ways to Improve Employee Development Programs ( (last accesses 28th November 2023).

Luiza Barwood

Luiza Barwood

Luiza Barwood