When governance, risk and compliance initiatives fail, the culprit is rarely regulatory complexity but rather organizational fragmentation. Anna Muzalska, fintech and regtech solutions manager at Quidgest, examines how siloed departments create dangerous blind spots in risk management and offers insights on how leadership and communication can transform disconnected compliance efforts into a cohesive strategy.
GRC is often seen as a structured approach to managing regulatory requirements and mitigating risk. Yet, despite its growing importance, many organizations struggle to implement GRC effectively. The reason? It’s not the complexity of regulations or the pace of legislative change. The real challenge lies within — the fragmentation of the organization itself.
Without strong governance to unify departments and break down silos, GRC becomes a patchwork of isolated efforts, lacking cohesion and strategic direction.
A recent Harvard Business Review article underscores that organizational silos continue to be a major obstacle to effective collaboration, hampering decision-making and overall business performance. As companies expand, these structural barriers create blindspots, making it harder to detect risk, ensure compliance and maintain accountability. Without a centralized strategy, governance efforts clash or operate in isolation, leading to a lack of visibility over the organization’s overall risk landscape.
Take, for example, the 2016 Wells Fargo scandal, where unauthorized accounts were created to meet aggressive sales quotas. This wasn’t simply a compliance failure; it was a breakdown of governance. Different parts of the organization were operating under conflicting priorities, and without strong leadership to oversee and integrate compliance efforts, unethical practices went unchecked. The fallout was severe: fines, reputational damage and a massive overhaul of leadership and policies.
Why leadership must break down silos
To break down these silos, organizations need more than policies and procedures; they need a cultural shift that starts with leadership. Strong governance ensures that compliance isn’t seen as an isolated function but as an intrinsic part of how the business operates. Effective leadership fosters an environment where information flows freely between departments, risk awareness is heightened and decision-making is based on a comprehensive understanding of the company’s exposure to threats.
A 2023 McKinsey research found that organizations with strong governance structures and integrated risk management practices were significantly better equipped to anticipate and respond effectively to emerging risks. As businesses face growing uncertainty, those with proactive governance and risk frameworks demonstrate greater resilience and adaptability in navigating disruptions. This doesn’t happen by chance; it’s a direct result of leadership fostering a collaborative approach to GRC. When executives take ownership of GRC initiatives and embed them into corporate strategy, they eliminate the fragmentation that undermines compliance and risk management efforts.
10 Questions That Separate Strategic Leaders From Spectators
From pattern recognition to emotional intelligence, key indicators reveal true boardroom influence
Read moreDetailsThe overlooked aspect: communication
While many organizations focus on establishing strong policies and procedures, they often overlook the vital role of communication in ensuring GRC’s success. Without it, even the most well-structured governance frameworks can fail, leaving departments to work each on their own, missing the broader picture of risk, compliance and accountability.
Take, for example, a prominent global bank that faced significant regulatory penalties due to a lack of communication around new compliance measures. Despite having the right policies in place, employees were unclear on how to implement these changes, leading to widespread noncompliance. It wasn’t a matter of missing policies; it was a communication breakdown that left staff unaware of their responsibilities. To address this, the bank introduced regular cross-departmental meetings and clear channels for feedback, allowing them to ensure that the entire organization was aligned in real-time with regulatory requirements.
Similarly, a healthcare system in Europe struggled to enforce consistent compliance with GDPR due to fragmented communication across its departments. Different divisions, from IT to patient care, had their own interpretations of the rules. The organization responded by creating a centralized communication platform that facilitated better understanding and alignment, ensuring that every team was on the same page regarding patient data privacy. This integration helped the organization avoid costly fines and strengthened its overall compliance posture.
Communication in AI governance
As organizations increasingly incorporate AI into their operations, communication becomes even more critical. AI introduces complex risks that traditional GRC frameworks may not be fully equipped to address. For example, Amazon faced public backlash when its AI-based recruitment system was found to be biased against women. The issue stemmed not from the technology itself but from the lack of transparency around how the AI system was used, the data it was trained on and how its results were interpreted. The system, which was trained on resumes submitted to the company over a decade, inadvertently favored male candidates, as the data reflected a historical gender imbalance. This highlights the need for greater openness and oversight when implementing AI systems, especially in sensitive areas like hiring.
To prevent similar issues, organizations must ensure that AI governance is clearly communicated at all levels. This means explaining not just the risks associated with AI but also the measures being taken to mitigate those risks. It’s essential for leadership to foster a culture where AI ethics and governance are openly discussed, ensuring that all employees understand their role in making responsible, transparent decisions when using AI technologies.
From my experience, the most successful GRC frameworks are those where communication isn’t an afterthought but a central pillar of governance. Organizations that prioritize communication can break down silos, foster transparency, and create an environment where compliance is a shared responsibility.
As Warren Buffet once said, “It takes 20 years to build a reputation and 5 minutes to ruin it. If you think about that, you’ll do things differently.” This is especially true in the domain of GRC, where strong communication and strong leadership can make the difference between a solid, unified approach and a fragmented, reactive strategy.
Anna Muzalska is fintech and regtech solutions manager at Quidgest, a global technology company headquartered in Portugal. 
