Nasdaq Agrees to Sell GRC Software Business

Governance, risk and compliance (GRC) software company BWise, which has been owned by Nasdaq since 2012, is being sold to SAI Global.

The agreement was announced on February 11, and the transaction is expected to close in the first half of 2019. Financial terms were not disclosed.

Technology is core to New York-based Nasdaq, a global financial markets and infrastructure operator that reported $2.5 billion in net revenues for 2018. But the company, whose Market Technology business supplies systems to more than 100 marketplaces around the world, is pivoting from the strategy that saw a build-up in corporate offerings like GRC and Digital Media Services.

Now the aim is “to concentrate our resources, people, and capital to maximize our potential as a technology and analytics provider to the capital markets, while also investing to enhance our leading marketplaces and the capital market clients we serve,” president and CEO Adena Friedman said.

In keeping with the “technology and analytics” pivot, Nasdaq in December acquired Quandl, a leader in the fast-growing alternative data market. In January it completed the purchase of Cinnober, known for its TRADExpress trading and clearing technology and a customer base that includes the Australian Securities Exchange, B3 of Brazil, Dubai Gold & Commodities Exchange, Euronext, Japan Exchange Group, Johannesburg Stock Exchange, London Metal Exchange, LME Clear, and NYSE.

Nasdaq also made a bid for Oslo BØrs, which, along with the other strategic acquisitions, would “be additive to our organic growth efforts and important drivers of the value we deliver to our clients and shareholders,” Friedman said at the release of earnings results in late January.

Innovation and Growth

SAI Global, which positions itself as an integrated risk management solutions vendor with SAI360 at its center, said the acquisition of BWise “elevates SAI Global's internal audit and regulatory compliance management software capabilities, accelerating its ongoing product innovation and commercial growth,” and “bolsters expansion of SAI360 for Financial Services, helping institutions keep pace with rising digital risk, regulatory pressure and market volatility.”

Both companies are regarded as leaders in GRC software, which they supply to multiple industries in competition with the likes of RSA Archer, MetricStream, SAP, and the former Thomson Reuters business now known as Refinitiv.

“The pervasive and unpredictable risk landscape requires organizations to eliminate silos and focus on time to value across a broad set of use cases,” SAI Global chief executive officer Peter Granat said in a press release. “Adding BWise's expertise in the financial services sector and its award-winning governance, risk and compliance technology solutions definitively positions SAI Global as the leader in integrated risk management. We are very excited to bring our teams together and leverage our newly combined capabilities.”

BWise CEO Jonathan Deeks said, “With our shared vision of creating the most complete suite of integrated risk management capabilities in the marketplace, BWise is the perfect partner to take SAI Global to the next level.”

Advantages of Integration

BWise was established in the Netherlands in 1994, and by the time Nasdaq - then Nasdaq OMX - bought it 18 years later, it had offices also in France, Germany, the U.K. and U.S.

Two years before the BWise purchase, Nasdaq acquired SMARTS, an Australian company whose trade surveillance and monitoring capabilities - also touching on compliance - remain a key component within Nasdaq Market Technology.

BWise's offerings address such functions as Sarbanes-Oxley Act compliance, GDPR [General Data Protection Regulation] compliance, regulatory compliance, internal control, audit analytics, vendor risk management, operational and enterprise risk management, corporate governance and IT governance.

“It's not uncommon to see disparate technologies, [GRC] solutions or otherwise, assist and enable the risk management process,” says a BWise web page explaining the rationale behind the Integrated Enterprise GRC Platform. “Unfortunately, disparate technologies, taxonomies, frameworks, and processes produce inconsistent conclusions on risk. This leads to stakeholder (executives, the board, regulators, etc.) confusion on how to compare results when the aggregation of data occurs and also duplicate efforts to collect data.”

“To benefit from the integration,” the page goes on, “it is recommended that an organization starts with the development of a GRC strategy including the financial and non-financial (e.g., culture) justification of the investments needed to embed and sustain the program. Internal Audit, Risk Management and Compliance departments have to work closely together and to agree on whether an existing framework should be used, such as COSO or ISO, or an adaptation given the maturity of the organization's risk management practices. Consensus also has to be reached on the risk vernacular, definitions, library of terms, governance model, as well as the GRC platform to enable the GRC strategy.”

Beyond Point Solutions

The integration principle is aligned with that of SAI Global's SAI360, which, CEO Granat said in that September announcement, “will begin to bind our market-leading risk and compliance solutions, ethics learning content and services together, providing our customers with an approach that means your risk management strategies can finally fall into place.”

In the November announcement of SAI360 for Financial Services, Granat explained: “In the digital economy, our customers in the financial sector are trusted to secure sensitive consumer data across multiple jurisdictions and systems. Compounding matters, risk professionals are contending with a patchwork of systems and learning models while today's consumer has evolved an expectation of near instantaneous service. SAI360 for Financial Services leaves behind one-size-fits-all and point solutions, enabling organizations to outpace these changes, so they can innovate and differentiate themselves to build greater brand resilience.”

In another move to enhance its risk software portfolio, SAI Global last August acquired Strategic BCP ResilienceONE, bringing in business continuity, crisis management, disaster recovery, and contingency management.