What Riskonnect’s Xactium acquisition means for the GRC/IRM world


By Riaan Bekker, Force Solutions Manager at thryve

There is growing interest over Riskonnect’s acquisition of Xactium, a fellow GRC/IRM software vendor. It’s another big etch on Riskonnect’s growth chart, and also a sign of the accelerating evolution of the GRC/IRM market.

I refer to GRC/IRM in a split fashion because there is still debate on whether they are two different things. In my personal opinion, they are not. Many attributes within the governance, risk and compliance world could apply to either or both. Distinguishing which is the better is a matter of which research firm you support. Yet from a thryve perspective, it’s not about the name but what the software can do.

Riskonnect and Xactium are both GRC/IRM services. Both operate as cloud platforms, and both qualify as ‘modern’ GRC/IRM solutions. But there are also a few notable differences. Riskonnect is considerably larger and serves a broader market. Xactium is a younger business and not as well-known. Yet it has several attributes that will significantly enhance Riskonnect’s offerings.

Xactium suits Riskonnect for two reasons. First, it is focused on the financial sector. Riskonnect’s solutions can serve many different industries, and a lot of effort goes into creating services that meet every sector’s requirements. But it’s challenging to grow over different parts of the market and still maintain highly specialised services. Some companies will try and muddle this approach, taking a good-enough attitude.

Not Riskonnect – as the vendor has grown, it has used strategic acquisitions to complement and grow its services. Xactium specialises in the financial sector, a place where governance, risk and compliance come with many additional demands and nuanced barriers. Instead of competing for that market, Riskonnect sought a service that could work well with its own and found that in Xactium.

The Xactium acquisition also adds to Riskonnect’s intelligent analytics capability. Xactium has built outstanding artificial intelligence engines to help with GRC prediction and management, and process automation. It brands itself as the world’s first risk intelligence system.

Riskonnect has been working on expanding into features such as these. Last year it acquired Marsh Clearsight to boost its analytics and predictive services significantly. Riskonnect also acquired Aruvio, bolstering its GRC tools in business continuity management. In other words, the Riskonnect juggernaut is becoming bigger, stronger and more versatile – great news for partners such as thryve, as well as our customers.

The above are tactical reasons. But I want to close on offering a philosophical view as well. Riskonnect is making strategic acquisitions in terms of improving its services, not removing competitors. None of these companies were direct competition for Riskonnect. Instead, they operated successfully in different niches of the GRC/IRM world. What we’re witnessing is the consolidation of GRC/IRM services, which underlines the growing importance of platforms such as Riskonnect to companies. In some places, GRC still seems like a cottage industry, not an enterprise force to help organisations become aware, effective and flexible about the real picture of GRC.

But attitudes are changing – why else would Riskonnect seek to expand its portfolio of services by acquiring the best at those services? The Xactium acquisition is exciting if you are a financial services company. But it’s also a sign that modern GRC/IRM is becoming a fundamental part of modern enterprise management.

I look forward to introducing these features as they become available to thryve’s clients. Cloud-based GRC/IRM platforms are proving their significance and the businesses that adopt those are the ones that will continue to thrive.