Traditionally, financial institutions tend to see IT projects by vertical business units, a practice that is so entrenched that it is difficult to modify, no matter how hard companies try. Many banks in various parts of the world even have IT structured to match the corporate organizations’ vertical business units so that you may find the Head of IT for Fixed Income, the Head of IT for Equity,etc.
Any support to Governance, Enterprise Risk Management, and Compliance with financial regulation cannot be funnel-based. GRC is a structured approach to align IT with business objectives within the dual frameworks of complying with financial regulations and managing risk (a task subject to many financial restrictions). It is the antithesis of a funnel-based approach. Regulations do not exist in isolation; they impact the whole corporate structure one way or another.