DE
SWISS GRC DAY 2025, which took place on May 14 at the Radisson Blu Hotel at Zurich Airport, was once again one of the most important conferences for governance, risk and compliance (GRC) professionals. With participants from the entire DACH region, the event impressively underlined how crucial resilience, proactive management and responsible innovation have become for sustainable corporate governance.
The focus was on the role of GRC as a strategic enabler – far beyond traditional compliance aspects. The participants not only gained insights into current challenges and developments, but also discussed in practical terms how GRC structures, new technologies and a strong risk culture can support organizations in a dynamic world.
Besfort Kuqi, CEO and co-founder of Swiss GRC AG, opened the event with a clear appeal: GRC is not a control instrument, but a management system that makes companies more resilient, agile and capable of acting. He emphasized the importance of controllability, adaptability and a robust structure as the cornerstones of a future-oriented understanding of GRC.
His special thanks went to the Swiss GRC team for the organization of the SWISS GRC DAY 2025 as well as to the partners SecurityScorecard, Swiss Infosec, CRIF, Securix, Drata and the Lucerne University of Applied Sciences and Arts (HSLU) for their support.
Historical example as a timeless lesson
Nikolai Tsenov, Head Strategy & Business Development at Swiss GRC and moderator of the event, took the participants on an impressive journey back to the year 1755. On November 1, a massive earthquake, followed by a tsunami and days of fires, destroyed large parts of Lisbon. Within minutes, tens of thousands of people lost their lives and 85% of the city lay in ruins. While the Portuguese king froze, Prime Minister Marquês de Pombal resolutely took the lead. He organized evacuations, emergency supplies and reconstruction – with a clear plan, innovative approaches and a pragmatic approach to decision-making. Under his leadership, new building regulations, industrial mass production of construction elements and the first approaches to state-controlled education and scientific disaster research were developed. His famous quote: “What now? Let’s bury the dead and look after the living.” – is emblematic of a resilient, proactive attitude.
Tsenov’s conclusion: even in today’s GRC world, proactive thinking, innovative strength, strategic management and adaptability are decisive success factors – especially in times of uncertainty and complexity.
With a large number of top-class presentations, the SWISS GRC DAY 2025 offered a multifaceted program that impressively combined theory, strategy and practical implementation. The speakers brought in different perspectives from business, law, technology and public institutions – and made it clear that effective GRC is far more than the sum of its parts. The spectrum of topics ranged from real-life crisis scenarios and cyber risks in supply chains to the ethical management of AI, providing not only food for thought but also concrete impetus for action.
From risk to crisis: The day Swiss airspace came to a standstill – Crisis management at first hand – Christian Weiss, Head Enterprise Risk, Skyguide
Christian Weiss provided an exclusive insight into the real-life crisis scenario of a complete airspace shutdown over Switzerland – caused by a system failure. He described in detail the escalation dynamics from a recognized risk to a tangible crisis and explained how control was quickly regained through structured decision-making processes, predefined roles and emergency plans.
He particularly emphasized the relevance of a crisis-proof governance structure, forward-looking scenario planning and transparent communication with authorities, airlines and the public, and made it clear how an identified risk can develop into a real crisis within a very short space of time. He demonstrated in a practical way how crisis organization, clear communication and trained interaction between all players are crucial – not just in an emergency, but already in the preparation phase.
> Link to the presentation
Out of nowhere: cyber threats in the supply chain – and how to protect against them – Marc Etienne Cortesi, Group Chief Information Security Officer (CISO), Baloise Group
Marc Etienne Cortesi used a specific cyber attack on an IT service provider of Baloise to show how external dependencies can become systemic threats. He presented the challenges in terms of transparency along digital supply chains and illustrated how the NIST Cyber Supply Chain Risk Management (C-SCRM) framework can help to prioritize suppliers, monitor risks in a targeted manner and build resilience through clear processes and well thought-out contract design. The presentation emphasized that cyber security is no longer just a technical task, but increasingly a strategic management task.
Using a real-life incident, Cortesi impressively demonstrated how often underestimated vulnerabilities in modern supply chains can become entry points for cyberattacks – and how important it is to ensure transparency, prioritization and resilience along the value chain with the right framework (NIST C-SCRM).
> Link to the presentation
Artificial intelligence (AI) in the GRC world: use cases and where the journey is heading – Marinela Bilic-Nosic, Partner – Regulatory, Risk & Compliance Transformation, EY in Germany
Marinela Bilic-Nosic showed how artificial intelligence (AI) is already transforming GRC processes today – for example through the automation of internal controls, the analysis of large amounts of data in monitoring or the use of generative AI for regulatory monitoring. However, she emphasized that the use of agent-based AI also requires a rethink of governance issues: clear guidelines, ethical frameworks and sharpened role models are necessary to ensure trust, effectiveness and security.
She advocated organization-wide governance models with defined risk and responsibility allocation. and challenges when using artificial intelligence in the GRC context. She emphasized that agent-based AI is increasingly making autonomous decisions and therefore needs a sustainable ethical and regulatory framework. In her view, the establishment of clear responsibilities and governance structures is crucial for trustworthy AI applications.
Governance and risk management for artificial intelligence – a balancing act between innovation and control – David Rosenthal, Team Head / Partner, VISCHER AG
David Rosenthal analyzed the increasing complexity of regulatory requirements in the context of AI – particularly in light of the EU AI Act. He showed how companies can use a staged, risk-based approval process and trained decision-makers in the first line to ensure legally compliant yet innovation-friendly implementation.
Using specific case studies, for example from the insurance sector, he illustrated how pragmatic governance processes can create trust, minimize legal risks and at the same time enable innovation potential. and clear, practical approval processes, the balancing act between innovation and regulation can be achieved. His approach: governance as an enabler, not a stumbling block – provided that the first line of defense is trained, processes are tiered and responsibilities are clearly defined.
> Link to the presentation
End-to-end assurance: How internal audit and GRC work together and create added value – Marc Gröflin, Head of Internal Audit, Swiss National Bank (SNB)
Marc Gröflin highlighted the role of internal audit as an integral part of an overarching assurance model. He showed how an efficient, redundancy-free assurance landscape can be created through coordinated audit plans, methodological consistency and close cooperation with risk management, ICS and compliance.
His presentation focused on specific practical examples from the SNB, which illustrated how trust, transparency and impact can be increased through structured coordination and a shared understanding of risk. He also explained how end-to-end assurance can only succeed if internal audit, compliance and risk management work closely together. The basis for this is a consistent understanding of terms, coordinated audit plans and a respectful dialog between the lines.
> Link to the presentation
Culture as an enabler: The invisible force for effective risk management and compliance – with real examples – Sandra Middel, Chief Ethics and Compliance Officer, Axpo Group
In her presentation, Sandra Middel emphasized that a strong GRC culture is not created by policies, but by living values in everyday life – especially at management level. She used examples to show how organizations can create an environment in which responsibility, transparency and risk awareness are promoted through targeted cultural work, empowerment of employees and a clear attitude in communication.
Culture is not a soft factor, but the decisive lever for the long-term effectiveness and acceptance of GRC measures: An effective GRC culture is not created on paper, but through daily behavior. Especially in management, role models are needed who live integrity, create transparency and take responsibility. This is the only way to anchor risk awareness in the organization in the long term.
Thank you very much and see you again: At the end of the event, moderator Nikolai Tsenov thanked all the speakers, partners and the committed participants for their interest, their contributions and the inspiring discussions. The day provided numerous impulses for the GRC practice of tomorrow and produced key insights:
- Resilience can be shaped: organizations must learn not only to react to crises, but also to systematically prepare for them.
- GRC is not an end in itself: governance, risk and compliance contribute to a company’s success when they are strategically conceived and put into practice.
- Technology needs responsibility: the use of artificial intelligence requires clear ethical guidelines and reliable governance structures.
- Cooperation is crucial: internal audit, risk management, compliance and operational areas must work together more closely than ever.
- Culture as a foundation: Integrity, transparency and responsibility are the cornerstones of any sustainable GRC culture.
The SWISS GRC DAY 2025 has once again proven that Governance, Risk and Compliance are not mere control mechanisms, but central building blocks for resilience, innovative strength and sustainable corporate management. In a world of constant change, what is needed is not checkbox compliance, but responsible structures that create clarity, enable collaboration and actively shape change. With openness to new approaches, the courage to change and a strong foundation of responsibility and trust, GRC is more than ever a key to future viability.
Photo Gallery
