-
Governance advisory
We guide boards and management teams in frameworks, team processes and leadership dynamics to deliver sustainable value.
-
Financial services advisory
Get market-driven expertise to achieve your goals in banking, insurance, capital markets, and investment management.
-
Business risk services
Our market-driven expertise helps firms keep growing and manage risk in an evolving regulatory landscape.
-
Risk
Meet risks with confidence and transform your business – we support you to manage risk and deliver on your goals.
-
Economic consulting
Bespoke guidance grounded in complex economic theory and practical sector insight to help you make the right decisions.
-
Government and public sector
Experience and expertise in delivering quality public sector advisory and audits.
-
Business consulting
Partnering with you to deliver sustainable business change that helps you realise your ambitions.
-
Transaction advisory services
Whether buying or selling, we help you get the deal done with our comprehensive range of transaction advisory services.
-
Financial accounting advisory services (FAAS)
Our FAAS team can support your finance function with the flexible resource they need to get results.
-
Corporate finance advisory
Building a business is never easy. We help you maximise the value of your business and find the right option.
-
Valuations
Help to understand or support the valuation of a business or asset.
-
Insolvency and global asset recovery
We provide asset tracing and seamless cross-border global recovery for clients.
-
Forensic and investigation services
Market-driven expertise in investigations, dispute resolution and digital forensics.
-
Restructuring
Our restructuring team help lenders, investors and management navigate contingency plans, restructuring and insolvency.
-
Transformation consulting
Is business transformation a priority for your organisation? Our expert insight and guidance can help you achieve it.
-
Pensions assurance
A tailored service that responds to evolving risks and regulations.
-
Accounting services
Optimise your growth with expert accounting services. Contact us today.
-
Royalty and intellectual property (IP) audits
Enhance IP asset protection with our royalty and IP audit services. Expertise in licensing, revenue detection, and compliance improvements.
-
Business consulting
Partnering with you to deliver sustainable business change that helps you realise your ambitions.
-
Corporate Simplification
Release value, reduce compliance complexity, and improve tax efficiency by streamlining your group structure.
-
Economic consulting
Bespoke guidance grounded in complex economic theory and practical sector insight to help you make the right decisions.
-
Financial accounting advisory services (FAAS)
Our FAAS team can support your finance function with the flexible resource they need to get results.
-
Governance advisory
We guide boards and management teams in frameworks, team processes and leadership dynamics to deliver sustainable value.
-
International
Unlock global opportunities with our local expertise and worldwide reach.
-
People advisory
Driving business performance through people strategy and culture.
-
Strategy Group
Successful business strategy is rooted in a clear understanding of the market, customer segmentation and how purchase decisions vary.
-
Respond: Data breach, incident response and computer forensics
Are you prepared for a cyber failure? We can help you avoid data breaches and offer support if the worst happens.
-
Comply: Cyber security regulation and compliance
Cyber security regulation and compliance is constantly evolving. Our team can support you through the digital landscape.
-
Protect: Cyber security strategy, testing and risk assessment
Cyber security threats are constantly evolving. We’ll work with you to develop and test robust people, process and technology defences to protect your data and information assets.
-
Corporate finance advisory
Building a business is never easy. We help you maximise the value of your business and find the right option.
-
Debt advisory
Working with borrowers and private equity financial sponsors on raising and refinancing debt. We can help you find the right lender and type of debt products.
-
Financial accounting advisory services (FAAS)
Our FAAS team can support your finance function with the flexible resource they need to get results.
-
Financial modelling services
Financial modelling that helps you wrestle with your most pressing business decisions.
-
Operational deal services
Enabling transaction goals through due diligence, integration, separation, and other complex change.
-
Our credentials
Search our transactions to see our experience in your sector and explore the deals advisory services we've delivered.
-
Transaction advisory services
Whether buying or selling, we help you get the deal done with our comprehensive range of transaction advisory services.
-
Valuations
Help to understand or support the valuation of a business or asset.
-
The ESG agenda
Shape your ESG agenda by identifying the right metrics, sustainable development and potential business value impact.
-
ESG driven business transition
Whatever your ESG strategy, we can support your organisation as it evolves while maximising efficiency and profitability.
-
ESG programme and change management
Do you have the right capabilities to drive the delivery of your ESG strategy to realise your targets?
-
ESG risk management
You must protect, comply, understand and influence to successfully manage the risk involved with ESG issues. We can help.
-
ESG strategy, risk and opportunity identification
We can help you clearly define your ESG Strategy, with the risks and opportunities identified and managed.
-
Create value through effective ESG communication
Building trust and engagement with your stakeholders on your ESG strategy.
-
ESG metrics, targets and disclosures
The pressure to report your ESG progress is growing. Do your targets measure up?
-
ESG governance, leadership and culture framework
Make the most of ESG opportunities by effectively embedding your strategy across your organisation.
-
ESG and non-financial assurance
Support your board to be confident in supplying robust information that withstands scrutiny.
-
Transition planning to net zero
Supporting your organisation in the transition to net zero.
-
Actuarial and insurance consulting
We consult extensively to the life insurance, general insurance, health insurance and pensions sectors.
-
Business risk services
Our market-driven expertise helps firms keep growing and manage risk in an evolving regulatory landscape.
-
Financial crime
Helping you fight financial crime in a constantly changing environment
-
Financial services business consulting
Leverage our diverse capabilities to manage challenges and take opportunities: from assurance to transformation
-
Financial services tax
Helping financial services firms navigate the global financial services and funds tax landscape.
-
Regulatory and compliance
Providing an exceptional level of regulatory and compliance to firms across the financial services industry.
-
Corporate intelligence
Corporate intelligence often involves cross-border complexities. Our experienced team can offer support.
-
Litigation support
Industry-wide litigation support and investigation services for lawyers and law firms.
-
Disputes advisory
Advising on quantum, accounting and financial issues in commercial disputes.
-
Forensic investigations and special situations
Do you need clarity in an uncertain situation? If you're accused of wrongdoing we can help you get the facts right.
-
Forensic data analytics
Our forensic data analytics team are helping businesses sift the truth from their data. See how we can help your firm.
-
Monitoring trustee and competition services
Monitoring trustee services to competition, financial and regulatory bodies.
-
Financial crime
Supporting your fight against financial crime in an ever-changing environment
-
Public sector advisory
To deliver excellent public services, local and central government need specialist support.
-
Public sector consulting
Helping public sector organisations maintain oversight of services and understand what's happening on the ground.
-
Public sector audit and assurance
As a leading UK auditor, we have unparalleled insights into the risks, challenges and opportunities that you face.
-
Contentious estates and family disputes
We manage complex and sensitive disputes through to resolution.
-
Digital Asset Recovery
Get guidance and technical expertise on digital finance and cryptoasset recovery from our dedicated crypto hub.
-
Grant Thornton Offshore
Grant Thornton Offshore is our one-stop global solution for insolvency, asset recovery, restructuring and forensics services.
-
Insolvency Act Portal
Case information and published reports on insolvency cases handled by Grant Thornton UK LLP.
-
Litigation support
Industry-wide litigation support and investigation services for lawyers and law firms.
-
Personal insolvency
We can support you to maximise personal insolvency recovery and seek appropriate debt relief.
-
South Asia business group
Supporting your growth in the UK-India economic corridor and beyond.
-
US business group
Optimise your trans-Atlantic operations with local knowledge and global reach.
-
Japan business group
Bridging the commercial and cultural divide and supporting your ambitions across Japan and the UK.
-
Africa business group
Connecting you to the right local teams in the UK, Africa, and the relevant offshore centres.
-
China-Britain business group
Supporting your operations across the China – UK economic corridor.
-
Asset based lending advisory
Helping lenders, their clients and other stakeholders navigate the complexities of ABL.
-
Contingency planning and administrations
In times of financial difficulty, it is vital that directors explore all the options that are available to them, including having a robust ‘Plan B’.
-
Corporate restructuring
Corporate restructuring can be a difficult time. Let our team make the process simple and as stress-free as possible.
-
Creditor and lender advisory
Whether you're a creditor or lender, complex restructurings depend on pragmatic commercial advice
-
Debt advisory
Our debt advisory team can find the right lender to help you in restructuring. Find out how our experts can support you.
-
Financial services restructuring and insolvency
Financial services restructuring and insolvency is a competitive marketplace. Our team can help you navigate this space.
-
Pensions advisory services
DB pension-schemes need a balanced approach that manages risk for trustees and sponsors in an uncertain economy.
-
Restructuring and insolvency tax
Tax will often be crucial in a plan to restructure a distressed business. Our team can guide you through the process.
-
Restructuring Plans
Market leading experience in advising companies and creditors in Restructuring Plan processes.
-
Controls advisory
Build a robust internal control environment in a changing world.
-
Data assurance and analytics
Enhancing your data processes, tools and internal capabilities to help you make decisions on managing risk and controls.
-
Enterprise risk management
Understand and embrace enterprise risk management – we help you develop and connect risk thinking to your objectives.
-
Internal audit services
Internal audit services that deliver the value and impact they should.
-
Managing risk and realising ESG opportunities
Assess and assure risk and opportunities across ESG with an expert, commercial and pragmatic approach.
-
Project, programme, and portfolio assurance
Successfully delivering projects and programmes include preparing for the wider impact on your business.
-
Service organisation controls report
Independent assurance provides confidence to your customers in relation to your services and control environment.
-
Supplier and contract assurance
Clarity around key supplier relationships: focusing on risk, cost, and operational performance.
-
Technology risk services
IT internal audits and technology risk assurance projects that help you manage your technology risks effectively.
-
Capital allowances (tax depreciation)
Advisory and tools to help you realise opportunities in capital allowances.
-
Corporate tax
Helping companies manage corporate tax affairs: delivering actionable guidance to take opportunities and mitigate risk.
-
Employer solutions
We will help you deliver value through your employees, offering pragmatic employer solutions to increasing costs.
-
Indirect tax
Businesses face complex ever changing VAT regimes, guidance and legislation. We can help you navigate these challenges.
-
International tax
Real-world international tax advice to help you navigate a changing global tax landscape.
-
Our approach to tax
We advise clients on tax law in the UK and, where relevant, other jurisdictions.
-
Private tax
Tax experts for entrepreneurs, families and private business. For now and the long term.
-
Real estate tax
Stay ahead of real estate tax changes with holistic, tax-efficient solutions.
-
Research and development tax incentives
We can help you prepare optimised and robust research and development tax claims.
-
Tax dispute resolution
We make it simple to stay compliant and avoid HMRC tax disputes
-
Tax risk management
We work with you to develop effective tax risk management strategies.
-
Skills and training
Get the right support to deliver corporate and vocational training that leads the way in an expanding market.
-
Private education
Insight and guidance for all businesses in the private education sector: from early years to higher education and edtech.
-
Facilities management and property services
Get insight and strategic support to take opportunities that protect resilience and drive UK and international growth.
-
Recruitment
Helping recruitment companies take opportunities to achieve their goals in a market where talent and skills are key.
-
Food and beverage (F&B)
We can help you find the right ingredients for growth in your food and beverage business.
-
Travel, tourism and leisure
Tap into our range of support for travel, tourism and leisure businesses in this period of challenge and change.
-
Retail, e-commerce and consumer products
With multiple challenges and opportunities in the fast-evolving retail sector, make sure you are ready for them.
-
Banking
Our expertise and insight can help you respond positively to long term and emerging issues in the banking sector.
-
Capital markets
2020 is a demanding year for capital markets. Working with you, we're architecting the future of the sector.
-
Insurance
Our experienced expert team brings you technical expertise and insight to guide you through insurance sector challenges.
-
Investment management
Embracing innovation and shaping business models for long-term success.
-
Pensions
Pension provision is an essential issue for employers, and the role of the trustee is becoming increasingly challenging.
-
Payments advisory and assurance
Payment service providers need to respond to rapidly evolving technical innovations and increased regulatory scrutiny.
-
Central and devolved government
Helping central and devolved governments deliver change to improve our communities and grow our economies.
-
Infrastructure and transport
Delivering a successful transport or infrastructure project will require you to balance an often complex set of strategic issues.
-
Local government
Helping local government leverage technical and strategic expertise deliver their agendas and improve public services.
-
Regeneration development and housing
We provide commercial and strategic advice to assist your decision making in pursuing your objectives.
-
Health and social care
Sharing insight and knowledge to deliver transformation and improvement to health and social care services.
-
Charities
Supporting you to achieve positive change in the UK charity sector.
-
Education and skills
The education sector has rarely faced more risk or more opportunity to transform. You need to plan for the future.
-
Social housing
We are committed to helping change social housing for the better, and can help you make the most of every opportunity.
-
Technology
We work with dynamic technology companies of all sizes to help them succeed and grow internationally.
-
Telecommunications
Take all opportunities to realise your goals in telecommunications: from business refresh to international expansion.
-
Media
Media companies must stay agile to thrive in today’s highly competitive market – we’re here to support your ambitions.
Growing cyber regulation and reporting
For firms in the financial sector, cyber regulation is becoming increasingly complex. The UK is in its second generation of cyber security regulations and follows a cross-cutting approach. That makes it difficult to take a comprehensive look at cyber regulations as they are mostly embedded within a broader range of rules.
Key expectations include alignment with the FCA and PRA rulebooks, overall responsibility for cyber security within the Senior Managers and Certification Regime (SMCR), the Bank of England’s CBEST and CQUEST requirements, and breach reporting. Firms need to stay ahead of regulatory expectations, map the path to better cyber resilience, and ensure they allocate sufficient resources to strengthen internal frameworks.
Additionally, developing effective cyber risk reporting processes is key to communicating risks and opportunities to senior executives. This can include everything from developing clear reporting lines for cyber threats to ensuring that the right stakeholders have access to the information they need to make better decisions.
These reporting processes are regularly reviewed and updated to reflect the latest threats and best practices. By building effective cyber risk reporting frameworks, individuals and teams within firms will have a better understanding of cyber risk and resilience.
While reporting cyber risk is not yet a formal requirement, regulators expect firms to report cyber risk in financial statements. In 2023, the FRC published revised guidance on digital security risk disclosure, focusing on how to improve reporting on digital systems, processes and data that affect business continuity, resilience and value creation.
Expectations and guidelines are likely to turn into mandatory risk reporting – having the right frameworks in place will help firms get ahead of the curve.
Secure use of AI and ML
Use of the latest technology, such as Artificial Intelligence (AI) and Machine Learning (ML) is increasingly common across the financial sector and is more accessible than ever.
Opportunities are aplenty, as are risks – some businesses have already experienced the effects of AI use going wrong:
- DHL had to take their customer service chatbot offline within 24 hours as it had been ‘trained’ by external users to say DHL was useless.
- An employee of a Hong Kong company was duped into transferring £20 million from a deepfake video call.
To support the secure use of AI, the National Cyber Security Centre (NCSC) has published guidelines that aim to support firms through the development of AI systems and ensure that security still is at the centre of implementation. The NCSC has structured their measures into four sections:
- Secure design
- Secure development
- Secure deployment
- Secure operation and maintenance
Firms need to have an AI policy in place, supported by a robust project plan, to control what information is available and to restrict wider system access. Key considerations include protecting intellectual property, client data or personal information, in line with UK data protection laws and financial regulation.
Having a strong understanding of the products that support cyber resilience is key – whether it's new technology or not. Firms should ask themselves important questions, including: are our products delivering against their remit, are they being used efficiently, are we duplicating services?
Ransomware attacks
Ransomware continues to be a core risk for financial services firms, requiring constant monitoring. Organisations must adopt strong security measures to tackle the problem head-on. It can be introduced through a variety of means, including email attachments, infected software downloads, and malicious websites.
In the first half of 2023 alone, the FCA received 51 cyber incident reports. This is a 10% increase compared to the first half of 2022 and indicates a rising risk of attack. 31% of these attacks were categorised as ransomware, highlighting the opportunity attackers see to infiltrate systems.
AI has only made these attempts more convincing and challenging to detect - attackers can create ransomware that is sophisticated and difficult to recognise. AI can generate convincing content with minimal human intervention.
Firms must remain vigilant and take proactive measures to mitigate the evolving sophistication of cyber attackers, and the ever-evolving forms of ransomware, including the “attack surface”, “entry vectors” and “recovery strategies” if businesses find themselves facing off against a threat actor. Minimum expectations would include implementing robust security measures, conducting regular risk assessments, and training employees on best practices for identifying and responding to ransomware attacks.
Firms will also have to deal with growing numbers of phishing attacks, supply chain attacks, and increasingly sophisticated social engineering attacks, and convincing AI-enabled attacks.
Reducing third-party and supply-chain risk
Many financial organisations simply don’t have the resources they need. Typically, only top-tier banks (or financial institutions of a comparable scale) have a dedicated cyber team or a security operations centre (SOC). Smaller and mid-sized organisations tend to outsource these responsibilities to third parties.
While this can be an affordable alternative, it’s important to make sure these providers have the right skill sets, scale and capabilities to deliver the work effectively. Regulators are increasingly scrutinising the quality of first-line, second-line and third-party governance structures. Many financial organisations are questioning the level of skills and resources available to them internally, especially during challenging economic circumstances. In some circumstances, a hybrid first and third-party solution can provide the most efficient and effective risk management solution.
With the limited number of niche service providers working across the financial sector, firms also need to consider concentration risk and the potential impact on operational resilience contingency planning. Recent attacks have focused on credit card printing providers and businesses supplying hard-copy print services to financial organisations.
Even where it is necessary to use these suppliers, regulators have still insisted on the need to conduct detailed due diligence assessments for oversight, data security, regulatory compliance, and contract management. And for financial services firms, there’s also operational resilience to consider, to ensure any third-party failings don’t lead to service outages that could cause economic harm to customers or the wider economy.
There are also core risks around cloud and software-as-a-service (SaaS) security. Providers of these services are constantly changing their security architectures, which can open new vulnerabilities that firms are not aware of. It is risky to rely on static security design models.
UK regulators have set their sights on cyber risks associated with third-party vendors and suppliers. These vendors and supply chains can – often inadvertently - introduce new vulnerabilities into an organisation's network and compromise sensitive data. Additionally, UK firms still need to comply with the Digital Operational Resilience Act (DORA) if they are in the supply chain of FS companies in Europe
Firms must consider cyber resilience from the outset of working with third parties to develop robust policies and procedures for managing these risks. This can include conducting thorough risk assessments of vendors and suppliers, ensuring that contracts contain security requirements, and consistently monitoring these vendors for any signs of suspicious activity.
Building cyber risk culture with effective training
It’s important to create a strong cyber risk culture that prioritises cyber security and risk management. This can include everything from ensuring that employees understand their role in protecting the organisation from cyber threats to promoting a culture of accountability and transparency.
Creating a robust culture around cyber security requires mapping elements such as board awareness, tone from the top, managing people risk, phishing training, and awareness of social engineering.
A “no blame” environment that encourages staff to speak up if they’ve accidentally opened a suspicious email or clicked on a fake website link can dramatically improve the security posture for not only the business but the entire industry. Firms can help reinforce this culture by regularly communicating the latest threats and best practices to employees, conducting regular security awareness training, and rewarding employees for showing good cybersecurity practices.
As human error plays a big part in cyber risk, firms should implement frameworks that allow cyber professionals to collaborate with and challenge decision-makers.
Additionally, firms must be aware of the potential training gaps that exist within their organisations, particularly with regard to high-risk individuals. Often firms are not aware of who they are and therefore leave considerable gaps in their prevention framework. A lack of training for high-risk individuals leaves firms more vulnerable to cyber threats and susceptible to attacks. It is crucial that firms provide the relevant training and education to all employees relative to their risk profile.
Firms should look to bridge these training gaps to strengthen cyber resilience and culture - the Bank of England provided guidelines in section 5.2 of its 2023 review of the CBEST programme.
Credible incident response plans
Firms must have a comprehensive incident response plan in place, which can regularly be tested to simulate a real-world response to cyber attacks. This includes identifying the key stakeholders who need to be involved in the response, setting up communication protocols, and integrating processes for containing and mitigating the attack.
While preventative controls certainly support cyber resilience, firms need to focus further on strong response and recovery mechanisms. In case of an attack, which processes do firms have that will allow them to bounce back? And are they credible?
The CBEST findings highlight the importance of having a robust framework in place. The lack of monitoring, logging, and detecting malicious activity exposes important business lines to disruption, hindering the ability to contain incidents and remove threat actors from the network.
While some organisations have integrated workflows that support preventative controls and/or detection use cases, as well as comprehensive and rapid response capabilities, many still face key gaps:
- The use of insecure incident ticketing and tracking systems
- A lack of specialist staff ready to execute complex response activities
- Insufficient logging and hardening in production and non-production environments.
- Addressing these gaps is crucial in improving security monitoring and strengthening cyber resilience
Regulators are increasingly scrutinising how the financial services sector prepares for and manages cyber threats, as the impact from attacks and outages is in line with operational resilience.
Aligning to industry standards
To mitigate the risks from key 2024 themes, it is important to align with one of the industry standards such as NIST CSF or ISO 27001 or against best practice by applying the National Cyber Security Centre’s (NCSC) top 10 steps to cyber security, or Center for Internet Security (CIS) benchmarks. The NCSC has been pushing their Cyber Assessment Framework (CAF) for operators of essential services - which banking normally falls into.
Choosing a cyber security framework is a difficult decision. There is no one-size-fits-all solution, as the ‘best’ framework depends on factors such as the business goal, risk tolerance, applicable regulatory drivers and contractual obligations. It is important for firms to conduct a thorough assessment of their needs and requirements before selecting a framework. By aligning to the organisation's unique needs, businesses can better protect themselves.
Where firms have accreditations, such as ISO 27001, they often apply to one specific area of the business. To improve cyber resilience and overcome core challenges, firms should apply the lessons from certifications across the organisation. When working with external parties, it’s also important to be transparent about which business units these standards apply to.
A newer version of ISO 27001 has been available since October 2022. The revised standard reflects industry changes, encouraging firms to assess their internal systems and mitigate evolving cyber risks.
Firms won’t be able to certify or recertify against the older version after 30 Apr 2024, so they should act now. Implemented correctly, ISO 27001:2022 certification can significantly reduce cyber risks.
To learn more about key cyber themes, risks, and opportunities for financial services in 2024, contact Manu Sharma and Ankur Aeran.