CERRIX User Conference 2025

On March 12, 2025, industry leaders, assurance experts, and CERRIX customers came together for the CERRIX User Conference 2025—a day of knowledge-sharing, insightful discussions, and collaboration on the future of risk management, compliance, and AI-driven GRC solutions.

Missed the event? Watch the recap video below:

A special thank you to Stater for co-organizing this event with us. Their contributions provided valuable insights into risk reporting, assurance, and compliance challenges, helping to make this conference a success. Below are some of the key takeaways from the event.

Empowering Risk and Compliance Through Innovation

At CERRIX, we believe that governance, risk, and compliance (GRC) should be efficient, and data-driven. Our mission is to empower organizations with integrated risk management solutions that enhance efficiency, automation, and 360° control.

Through continuous innovation, we provide automated workflows, improved reporting, and advanced compliance tools to help businesses navigate regulatory complexities, strengthen internal controls, and reduce manual effort in risk management.

As part of our commitment to continuous improvement, CERRIX is focusing on key strategic areas —we aim to build a stronger partner ecosystem, enhance customer engagement, optimize internal operations, and drive AI adoption to further streamline risk and compliance processes.

AI in GRC: Responsible, Transparent, and Impactful

Artificial Intelligence is reshaping risk and compliance functions, but its role must be trustworthy, explainable, and aligned with governance principles. At CERRIX, our AI development follows key principles to ensure its impact is both ethical and effective.

CERRIX’s AI Development Principles:

• Empower risk managers, not replace them – AI enhances expertise by automating repetitive tasks while keeping human oversight in control.
• Human-in-the-loop for accountability – Users can validate, adjust, and override AI-generated insights, ensuring transparency and trust.
• Seamless integration – AI should fit naturally into workflows, requiring minimal disruption and training.
• Value-driven, not hype-driven – We prioritize real impact over trends, solving critical GRC challenges rather than adding unnecessary complexity.
• Security and transparency first – AI solutions must comply with strict privacy and security standards, ensuring compliance with regulations like the EU AI Act.

To ensure AI adoption remains secure and responsible, CERRIX follows best practices in infrastructure, governance, and data access. Our approach aligns with Microsoft’s Responsible AI Framework, emphasizing privacy, reliability, transparency, and accountability to ensure AI solutions remain compliant and secure.To drive continuous innovation, CERRIX is rolling out an AI pilot program, allowing customers to explore new AI capabilities in risk and compliance. With this program, our AI offering will expand in 2025, with a wider portfolio of AI features becoming available as an add-on to further streamline risk management, reporting, and decision-making.

Risk Reporting: Making Data Actionable in Real-Time

One of the most pressing challenges in GRC is the diminishing value of risk-related information over time. The session on risk reporting and decision-making highlighted how organizations can move from reactive to proactive risk management by improving the timeliness and quality of risk data.

The half-life of risk data – The longer data sits unused, the less valuable it becomes for decision-making.

From real-time alerts to traditional batch reporting – Organizations must balance immediate decision-making (e.g., auto-generated findings, KRI breaches) with structured analytics (e.g., Power BI reports, statistical models).Bridging the gap – Effective risk reporting requires integrated dashboards, automated risk identification, and predictive analytics to ensure information remains actionable.

As organizations evolve, real-time data processing and risk insights will play a crucial role in improving decision-making and mitigating risks effectively. During the event, Univé and Blue Sky Group shared real-world incidents and risk reporting challenges, highlighting the need for more dynamic, automated, and integrated risk reporting solutions. Their experiences reinforced the importance of timely insights and proactive risk management in today’s complex regulatory landscape.

A Case Study of Stater in Assurance and Growth

As a co-organizer of the CERRIX User Conference 2025, Stater provided a deep dive into how they manage assurance, compliance, and risk in the financial sector. With €330B in assets under management and a leading presence in the mortgage industry, Stater showcased how their modular SaaS and BPO service model enables financial institutions to balance regulatory compliance with operational efficiency.

By leveraging a structured approach to risk governance, Stater is advancing control testing, monitoring, and assurance frameworks. Their use of the Three Lines Model, along with integrated control testing through Cerrix Cloud, is strengthening compliance and efficiency. Stater also shared its journey towards SOC 2 assurance, a process that involved aligning security, continuity, privacy, confidentiality, and processing integrity—positioning them as one of the first Dutch companies to obtain a full-scope SOC 2 report.

Additionally, Stater highlighted their efforts to mature first-line risk ownership, enhance risk awareness across management teams, and streamline third-party risk management in response to regulatory changes like DORA. Their experiences demonstrate how technology, automation, and structured assurance frameworks can help organizations improve compliance, mitigate risks, and drive sustainable growth—a vision closely aligned with CERRIX’s commitment to transforming GRC through innovation.

Staying Compliant in a Rapidly Changing Regulatory Landscape

Compliance is an ongoing commitment, and CERRIX follows a structured six-step approach to staying ahead of regulatory changes and security challenges.

1. Continuous Compliance Monitoring – Implementing real-time monitoring to ensure ongoing adherence to regulations and internal policies.

2. Keeping Up with Regulatory Changes – Adapting to evolving frameworks such as DORA, NIS2, GDPR, CSRD, and the EU AI Act to maintain compliance in an increasingly complex landscape.

3. Strengthening Cybersecurity & Resilience – Enhancing security measures through a multi-layered approach that includes operational, tactical, and strategic threat intelligence.

4. Training & Awareness – Ensuring that compliance is embedded in company culture through regular employee training and awareness programs.

5. Supply Chain Security – Reducing third-party risk by limiting critical suppliers and maintaining direct oversight over key infrastructure providers such as Microsoft and Netrom.

6. Regular Assessments – Conducting penetration tests, internal and external audits, infrastructure evaluations, and architectural reviews to continuously assess and enhance security and compliance measures.

The CERRIX User Conference 2025 was a great opportunity to explore the use cases of risk reporting, the role of AI in GRC, and best practices in compliance. Special appreciation to Stater for sharing their expertise and to all our attendees!

‍