q
by David Doughty, Chartered Director – Chief Executive, Chair, Non-Executive Director, Entrepreneur and Business Mentor
From the Black Lives Matter movement (BLM) to the Environment, Society and Governance (ESG) investment initiatives, the resounding cry is for greater diversity and inclusion in the workforce, and a reduction in inequality and in the barriers to opportunity.
Yet the changes that reduce the dominance of, to put it bluntly, old white men, in the world’s boardrooms are still seen to be happening at a glacial pace.
A Catalyst study of US Fortune 500 companies showed that those with a higher representation of women on their boards of directors outperformed their peers by 53% in return on equity and 42% in return on sales.
And it is not just a matter of race or gender. There is an increasing focus on cognitive diversity to avoid “group-think”, for example where board members are predominantly accountants. There is plenty of evidence to suggest that a lack of cognitive diversity in the boardroom has been a contributory factor in the dramatic corporate failures that we have seen, such as Wirecard and Carillion, and indeed the financial crisis of 2007/8.
In Testosterone, Cortisol and Financial Risk-Taking, Joe Herbert of the University of Cambridge’s Department of Clinical Neurosciences examined how hormone levels in men and women impacted their risk-related decisions. His review of several studies showed connections between higher levels of testosterone and mispricing and “over-optimism about future changes in asset values.”
So, how are diversity and inclusion linked with strategic business risk?
Most boards are aware these days that environmental and reputational risks are likely to be as important as traditional financial risks, if not more so. BP’s failure with the Gulf oil-spill was not caused by financial factors. Nor was it the environmental impact that did the most damage to the company. It was the reputational harm caused by the mishandling of the oil-spill that proved to be the biggest problem.
But few boards consider diversity and inclusion to be a strategic business risk. They may well have ethnic and gender diversity targets for their workforce. Perhaps they report on ethnic and gender pay-gaps in their annual reports. But they will probably regard diversity and inclusion as an HR issue, and not something that should appear on the strategic risk register.
That is all about to change. There is an increasing awareness that creating an inclusive workplace for all, regardless of gender, ethnicity, background, sexual orientation and beliefs, is not just a source of competitive advantage. It also plays a powerful role in shaping the views of stakeholders: shareholders, employees, suppliers and, probably most important of all, customers.
There is a growing view that a lack of diversity and inclusion in the workforce is a major strategic business risk. The existence of a mono-cultural, ‘group-thinking’, exclusive board of directors is an indication that the risk is not being taken seriously: in all probability such a board does not have the skills, experience or even the inclination to address the issues.
Since April 2017, gender pay-gap reporting has been mandatory in the UK. Financial services, which is one of the most important sectors for the UK economy, has a gender pay-gap of about 34%. That is double the national average of 17%.
This is a serious reputational risk, which will influence how stakeholders, including prospective and current employees, customers and regulators, view financial services firms. This makes diversity and inclusion a business issue rather than an HR issue – a business risk that demands to be actively measured, monitored and managed.
Given that diversity and inclusion should appear on the board’s strategic risk register, which aspects should be covered?
There are four main areas:
The main risks to the development of a successful company strategy, where there is a lack of diversity and inclusion in the board and senior management team, is that poor decisions are likely to be made without a challenge to the status quo. The risk of group-think is that the strategic focus is too narrow, opportunities are missed, and ground is lost against competitors.
With the immediacy of social media, particularly with respect to customer experience, reputation risk is increasingly important. A diverse board leading an inclusive workforce is much more likely to be able to respond to the needs of a diverse customer base.
Boards with only a token attempt at diversity and inclusion, who practice ‘one and done’, are unlikely to convince stakeholders that they are really making an effort. They may well damage the company’s reputation, especially in the eyes of investors looking for exemplary corporate governance practice.
The Board and Senior Management team should set the tone from the top of the organisation. Ensuring diversity and inclusion is not just a tick box exercise about numbers and percentages. It is about openness and transparency, a willingness to embrace new ideas, and new ways of thinking.
Exit interviews with employees these days more often than not highlight a lack of clear leadership as one of the main reasons for staff wanting to work elsewhere. Leaders who are seen to embrace diversity and inclusion have been shown to be more effective than those that do not.
Businesses which deliberately exclude sections of the community on the grounds of gender, ethnicity or some other characteristic are exposing themselves to prosecution for breaking employment law. More importantly though they are limiting the possibilities for recruiting the right people for the job. This is especially true in the case of sectors where there are skills shortages. The risk to the organisation of not making the talent pool for recruitment as wide as possible is that they will miss out on attracting and retaining the best people and thereby reduce their key source of competitive advantage.
Post COVID-19, businesses are looking at the ‘new normal’ for innovative and improved ways of engaging with their employees, customers, suppliers and investors. Traditional ways of doing business are being questioned as rapid advances in technology enable truly global working. Communities are looking to put an end to discrimination and to create environments with equal opportunities, regardless of gender, race, ethnicity or other characteristics.
Diversity and inclusion are rapidly becoming the ‘new normal’. Directors and their boards need to identify, mitigate and monitor the risks of not acting swiftly enough to ensure that they and their workforces put an end to the mono-cultural, group-think way of operating.
by David Doughty, Chartered Director – Chief Executive, Chair, Non-Executive Director, Entrepreneur and Business Mentor
Fortune 500 companies with more women directors outperformed their peers by 53% in ROI and 42% in return on sales. David Doughty, entrepreneur and corporate governance expert explains why demographic and cognitive diversity is an essential part of achieving corporate success.
For many people in the United Kingdom, talk of Brexit has fallen by the wayside. Despite the pause in what had seemed like non-stop Brexit talk, the end of the transition period (31 December 2020) remains on the horizon. For UK recipients of European Union (EU) grant funding, things are going to change. For counter fraud professionals in the public and private sectors, changes to (or the absence of) EU grant funding is expected to pose a significant challenge once the transition period ends.
The EU is a huge source of grant funding for its member states. EU grants currently cover infrastructure, cultural, environmental, agricultural, scientific, educational and fishing initiatives, among others. However, the participation of the UK in future programmes after 2020 will depend on the outcome of negotiations on the relationship with the EU.
Currently, recipients who have been awarded or are already in receipt of EU funding will continue to receive those payments, including funding due to be received after the close of the transition period. Additionally, applications for some EU funds can be made under the current spending framework. However, it has yet to be decided what funding UK organisations will be able to apply for after the spending framework ends.
In July 2020, the UK government published its Research and Development Roadmap, which set out its vision and ambition for science, research and innovation. The Roadmap restates the UK’s ambition to fully associate to Horizon Europe and Euratom, subject to agreeing a fair and balanced deal. The government has also said it would implement short-term alternative funding arrangements if there are any funding gaps before a more formal agreement is reached. It has committed to providing funding to UK partners who are successful in bidding to programmes open to third country participation.
With significant change in uncertain times and decisions being made without knowledge of long-term agreements, the risk of fraud is greatly increased. Businesses and local governments will be making long-term decisions on key projects with limited knowledge of secured funding. This economic setting means that agreements will be entered into with new partners and suppliers, new ways of working will be adopted and an increased reliance on risk management will be realised. These circumstances create the perfect breeding ground for fraud and opportunists that aim to take advantage of uncertainty and its associated vulnerability.
Organisations will have to stay vigilant while this significant, anticipated change occurs in the UK. Existing and new controls will have to be reviewed and developed for new ways of working, and it is expected that there will be a greater reliance on risk management frameworks.
With fraudsters looking to seek opportunity in turbulent and uncertain times, weaknesses in future grant application processes will likely be preyed upon, with a view to diverting grant funding through the misrepresentation of genuine claims. Due diligence will become more important than ever. In post-transition period Britain, fraud loss from grants will no longer be a shared EU loss, but rather will be borne solely by UK budgets.
The risks are real, and planning for unknown changes to grant funding should be a current and ongoing area of focus for counter fraud professionals.
by Marc McAuley, Head of Counter Fraud Operations at CIPFA
The chaos and uncertainty of Brexit are the perfect breeding ground for grant fraud. CIPFA’s Marc McAuley (pictured) warns that, outside the group safety of the EU, the UK needs watertight due diligence if it is to avoid huge losses to misrepresented claims.
In an extract from recently published book Digital Governance (Routledge, 2020), co-author Jeremy Swinfen Green discusses the problems of managing technology risk.
It sounds like a wonderful opportunity. Using technology, businesses can deliver the products and services that people have always wanted (even if they didn’t always realise it) – customised, instant, convenient and available anywhere.
But that doesn’t mean it’s an easy opportunity to manage. Unfortunately, in over 80 per cent of cases digital transformation initiatives fail. The truth is that managing technology is hard, especially for people who are not technologists. Sometimes it seems that technologists speak a totally different language full of TLAs (Three Letter Acronyms). They have different attitudes to risk, deliverables and even time from their non-technical counterparts. They think in different ways, far more literally than most people.
Well, that may or may not be true. But the difficult in managing technology doesn’t stem from the nature of the people involved. It’s to do with the nature of technology, which is often a catalyst for new ways of thinking and working.
Technology can bring rapid change and managing change is always hard. It is about moving forward while much of governance is about using backward-looking tools such as financial accounts. In addition, most organisations resist change: people in them are cautious and generally like to remain comfortable doing and using what they know.
People are often particularly worried about technological change. They think, “I’m going to lose my job to a robot.” Or “I’m going to look stupid because I don’t understand this new stuff.” And because they are frightened, they look for excuses to avoid change: “I’d never use that, so I don’t think anyone else would either.”
Managing rapid technological change is particularly difficult. Decisions that may need considerable thought need to be made quickly and circumstances may have changed before the decision is made.
And if circumstances (including technology) change so rapidly, the temptation is to avoid making any decisions in the hope that the pace of change might eventually slow, allowing more reasoned decisions to be made.
It’s inevitable that technology will change and bring changes to society along with it. You might as well accept that and start making decisions about how you are going to react to technology, either by changing your products and services or by changing the way your organisation delivers those products and services.
But before you make any decisions, it’s a good idea to remember that introducing new technology carries many risks that may be difficult to manage. Why is that? There are a number of reasons:
Conversely, another common experience is that the scope of proposed change is implemented successfully but lacks ambition, because of fear or because of a lack of imagination about what might be achieved.
Another problem is “virtuality”. It’s easy to visualise a new machine. It’s far harder to visualise a new end-to-end process. There is a danger that the focus of digital transformation can be on making a physical change, in effect bolting a computer onto a system to make it a bit more efficient, rather than thinking how the system as a whole could be made radically more efficient and effective through technology.
This problem is often made worse by a focus on a process or even a particular endpoint, such as a product or output from a process, rather than a wider focus on continued business success.
And just to make things a little worse, the implementation of technology is often driven at speed, perhaps because it was started late and people are panicking, perhaps because the enthusiastic developers want to ignore due process (and/or compliance) and get to a result as soon as possible.
If you mean to be successful in the transformative use of technology, there are a number of things to consider. Ensure that any technology initiatives are truly integrated into your organisation: having a separate “technology change” department is a certain route to failure. Look at all your processes and see where most value is to be found: don’t employ technology for the sake of it. And be pragmatic: if you are over-ambitious and try to do everything at the same time you will probably fail at everything.
The most important principle is to focus on the people who will be affected by technology – the end users, whether they are employees or customers. If you forget them they will simply reject your technology and avoid your products and services.
Transforming an organisation through technology can never be easy. But if you are pragmatic and manage the risks involved you will have a far better chance of success. Get it right and the rewards are potentially enormous.
Digital transformation consultant Jeremy Swinfen Green explains that, while technology enables businesses to satisfy market demand faster and more effectively, this opportunity comes with substantial risks attached. To read his article, click the “OPEN” button below.
With real-time transactions gaining popularity and new legalised product markets (such as cannabis) emerging, anti-money-laundering (AML) regulations are getting tougher and more complex.
New payment transaction types allow money launderers to apply smarter schemes. The adoption of peer-to-peer payments via services such as Google Pay, PayPal, Popmoney, Square Cash, Venmo, Xoom and Zelle complicates tracing funds and catching money-laundering activities. Cryptocurrency payments are on the rise, along with related money-laundering activity. This allows money launderers to employ covert new account opening, layering and structuring schemes to facilitate faster and less detectable money laundering.
At the same time regulators are creating more-complex compliance regulations at breakneck speeds. The list of mandates related to AML is getting longer every year. Regulators are responding to and keeping up with an increasing number and sophistication of money-laundering schemes. New AML regulations effective from January 10, 2020, mandate that new kinds of organisations, beyond traditional financial services, must perform AML activities.
Preventing and reporting money-laundering activities is a key issue for financial institutions, insurers, gaming and gambling organisations, utilities and telecoms, especially during periods of economic and budgetary constraints such as the one we are currently experiencing. Forrester expects that, in the next three to four years, firms that enable customers to create an account and store and move money in and out of that account will have to comply with AML regulations in their appropriate jurisdiction:
Integrate once, communicate often
Failing to improve a business’ AML regime can expose it to regulatory fines, sanctions and even higher levels of fraud. In today’s complex and online-first environment, where faceless registration and application is the norm, it’s important to coordinate and unify efforts to build on existing data ingestion methods and create new unified methods for as few AML suites as possible. At a minimum, there should be an internal sharing database with tight access controls to disseminate hotlists about known money launderers’ identities.
It’s also important to supply as much alert and case context to investigators on one screen as possible. Solutions are getting much better at being able to customise case management screens to include map information and link analysis, and predictively recommend other cases to look at or to investigate. Having a single-pane-of-glass view of transactions and entities reduces the likelihood of investigators missing important case details.
Find out more about Forrester’s research topics on Fraud Management and Financial Services here.
by Andras Cser, VP and Principal Analyst, Forrester
With real-time transactions gaining popularity and new legalised product markets (such as cannabis) emerging, anti-money-laundering (AML) regulations are getting tougher and more complex.
New payment transaction types allow money launderers to apply smarter schemes. The adoption of peer-to-peer payments via services such as Google Pay, PayPal, Popmoney, Square Cash, Venmo, Xoom and Zelle complicates tracing funds and catching money-laundering activities. Cryptocurrency payments are on the rise, along with related money-laundering activity. This allows money launderers to employ covert new account opening, layering and structuring schemes to facilitate faster and less detectable money laundering.
At the same time regulators are creating more-complex compliance regulations at breakneck speeds. The list of mandates related to AML is getting longer every year. Regulators are responding to and keeping up with an increasing number and sophistication of money-laundering schemes. New AML regulations effective from January 10, 2020, mandate that new kinds of organisations, beyond traditional financial services, must perform AML activities.
Preventing and reporting money-laundering activities is a key issue for financial institutions, insurers, gaming and gambling organisations, utilities and telecoms, especially during periods of economic and budgetary constraints such as the one we are currently experiencing. Forrester expects that, in the next three to four years, firms that enable customers to create an account and store and move money in and out of that account will have to comply with AML regulations in their appropriate jurisdiction:
Integrate once, communicate often
Failing to improve a business’ AML regime can expose it to regulatory fines, sanctions and even higher levels of fraud. In today’s complex and online-first environment, where faceless registration and application is the norm, it’s important to coordinate and unify efforts to build on existing data ingestion methods and create new unified methods for as few AML suites as possible. At a minimum, there should be an internal sharing database with tight access controls to disseminate hotlists about known money launderers’ identities.
It’s also important to supply as much alert and case context to investigators on one screen as possible. Solutions are getting much better at being able to customise case management screens to include map information and link analysis, and predictively recommend other cases to look at or to investigate. Having a single-pane-of-glass view of transactions and entities reduces the likelihood of investigators missing important case details.
Find out more about Forrester’s research topics on Fraud Management and Financial Services here.
by Andras Cser, VP and Principal Analyst, Forrester
With the rise of crypto and online payment mechanisms and newly legalised markets opening up, the 2020s are a money launderer’s paradise. Forrester’s Andras Cser looks at developing trends in the AML landscape.
The risk profession is going to have to develop new skills to stay ahead of the digital game. In 2018, the Institute of Risk Management partnered with the Cambridge Centre for Risk Studies (CRS) at the University of Cambridge Judge Business School to produce exciting new risk management research. The publication, Risk Management Perspectives of Global Corporations, reviews the risk management practices of major organisations and determines how they are adapting to meet future challenges and opportunities, particularly those posed by rapid technological developments.
This research has highlighted technological change as the biggest driver of uncertainty for organisations today. From self-driving cars to online medical consultations, new technologies such as the internet of things, blockchain, artificial intelligence, robotics and data analytics are starting to transform how things are done and present us with a new landscape of opportunity and risk. Change has always been with us, but there is a feeling that what we are facing now is more extreme. This arises from both the speed of developments and the profound impacts they are likely to have on business models and on human activity.
Technological developments are moving so fast – look at what you can do on your mobile phone today that you couldn’t do (reliably, anyway) five years ago; look at the mushrooming take up of connected devices in our homes and workplaces. Further emerging technologies such as drones, virtual reality, autonomous vehicles and blockchain are starting to move out of the laboratory and into real-life applications, as our ability to transmit and crunch vast amounts of data expands. New technology offers so many opportunities for organisations to fulfil their objectives by improving processes, reducing costs, enhancing services and developing innovative new solutions. The potential benefits for firms, individuals and economies are huge. But all of this comes with risk – there are downsides as well as upsides, and these risks need to be managed. As well as the relatively familiar “cyber” risks of hacking, data and privacy breaches, extortion and internet-related fraud, there are the more strategic risks faced by organisations where digital technology is disrupting markets. There are also ethical questions – just because you can do something, does that mean you should? And if you do, how can you do it safely (and what does that even mean)?
Our research also uncovered that fewer than 40 per cent of the risk management community feel well equipped to understand these changes and support their organisations in this area. Part of our response to this is, don’t panic! The basic principles of good risk management will stay the same – the fundamental approach of building resilient organisations with robust processes, a healthy risk culture and strong risk communications will still be very much required, albeit able to move at a faster pace. The context, however, is certainly shifting with new risks to address and the potential for new tools and techniques to help. The risk professional cannot afford to be left behind in this field. They have to be reasonably knowledgeable about these developments. If they act fast, they could actually have an opportunity to lead and add value in helping their organisations manage these risks.
To help with this, IRM recently launched its new Digital Risk Management certificate. This qualification has been designed to equip risk practitioners and others to apply their skills in an increasingly digital world. Our world-class study material, developed in collaboration with Warwick University, will cover how new technologies and digitalisation are disrupting businesses and changing the risk environment for organisations of all types. It will look at how to carry out digital risk assessments, provide a detailed grounding in cyber-security principles and practices, and also look at the ethical issues surrounding both privacy and machine learning.
The qualification is, naturally, delivered and examined globally on a fully online basis, paving the way for a programme that will eventually bring all IRM’s qualifications online and hence make them even more accessible. It will be a relatively quick qualification to obtain, involving one multiple-choice examination and about 180 hours of study over approximately six months. It has been designed on a standalone basis to provide both a supplementary “future-proofing” qualification for our existing members as part of their continuing professional development opportunity, and also as an introduction to the subject for those from other disciplines. Enrolment for our first exam session opened at the end of 2018 and more than 200 people from around the world have already signed up to take the certificate.
A combination of great risk management skills together with an up-to-date knowledge of the digital risk landscape should be an unbeatable combination for tomorrow’s risk jobs.
The IRM also delivers an International Certificate in Enterprise Risk Management, one in Financial Services and also a Diploma. More information on this can be found here.
If you’re interested in finding out more, click here.
The risk profession must evolve to stay relevant in an increasingly digitised world. Research from the Judge Business School in Cambridge and the Institute of Risk Management uncovers the new skills, knowledge and processes that will be needed
When management envisions who might be most likely to commit fraud in their organisation, they may think of a new employee who hasn’t earned the trust of their colleagues yet, or perhaps a lower-level employee who has been given too much access to cash or inventory. Or, as I have seen most often, management simply does not think any of their employees would commit fraud. These assumptions are not only incorrect, but they could end up costing the organisation millions.
While people commit fraud for a variety of reasons, criminologist Dr Donald Cressey hypothesises that three factors need to be in place for a fraud to begin: pressure, perceived opportunity and rationalisation. Together, these form the Fraud Triangle. The underlying pressure can come from within the organisation, such as unrealistic sales goals for employees, or it can be personal, such as an employee struggling financially due to a costly divorce or a gambling addiction. A perceived opportunity is present when a potential fraudster sees how they’d be able to commit fraud and not get caught. For example, maybe an employee is able to both approve company purchases and authorise payments to vendors. Or perhaps they know there is no oversight for expense reports. Rationalisation can take the form of an employee believing they aren’t fairly compensated for their work, or even thinking that an act of fraud would only happen once, and they’d pay it back before anyone noticed.
In the latest edition of the Association of Certified Fraud Examiner’s (ACFE) Report to the Nations, 2,504 fraud cases from 125 countries were analysed to gain a clear understanding of patterns and trends in occupational fraud. In addition to looking at the fraud schemes and how they were detected, the report examined the characteristics of those who perpetrated the frauds.
Non-managerial level employees were the most common perpetrators, representing 41 per cent of cases, with mid-level managers being the perpetrators in 35 per cent of the cases. While owners/executives only accounted for 20 per cent of cases, they caused the most financial damage and their fraud schemes lasted the longest before being discovered. Fraud perpetrated by an owner/executive had a median duration of two years and caused a median loss of $600,000.
The length of time a fraudster had been at the organisation mattered as well. Fraud was most commonly perpetrated by employees who had worked for the victim organisation from one to five years; these cases resulted in a median loss of $100,000. Employees who had been employed from six to 10 years represented 22 per cent of cases and caused a median loss of $190,000, and those with more than 10 years’ tenure represented 23 per cent of the cases and a median loss of $200,000. While some people may assume newer employees pose a higher risk, individuals who had been with the organisation for less than a year only comprised 9 per cent of the cases and caused a median loss of $50,000.
Other demographic factors such as gender, education and age also influenced the amount lost. Male perpetrators were more common than female, accounting for 72 per cent of fraud cases studied, and caused a median loss of $150,000, compared with $85,000 caused by female perpetrators. Of the cases analysed, 64 per cent of fraudsters had a university degree or higher; these perpetrators also caused a significantly higher median loss ($195,000) than those without a university degree ($100,000). Additionally, losses tend to rise with the perpetrator’s age. Perpetrators younger than 40 caused a median loss of $75,000, those aged between 40 and 54 caused a median loss of $150,000 and fraudsters over 55 caused a median loss of $425,000.
While perpetrators varied in their demographic data, there were consistent behavioral red flags that they displayed. The most telling was living beyond their means – 42 per cent of fraudsters exhibited this characteristic, which has been the most common red flag in all of our studies since 2008. Additionally, 26 per cent had known financial difficulties, 19 per cent had an unusually close relationship with vendors or customers, 15 per cent displayed control issues (such as an unwillingness to share duties) and 13 per cent showed irritability, suspiciousness or defensiveness. There were also HR-related red flags in many cases: 13 per cent of fraudsters had poor work evaluations, 13 per cent had excessive absenteeism, 12 per cent displayed a fear of losing their job and 10 per cent were denied a raise or promotion.
While the fact that some employees display red flags or fall into higher-risk demographic categories does not necessarily mean they will commit fraud, being aware of these factors can help business leaders at any type of organisation recognise early warning signs and protect themselves and their employer from fraud.
Find free fraud training and awareness resources at FraudWeek.com. For more information on fraud prevention and detection, visit ACFE.com.
by Bruce Dorris, President and CEO, ACFE
When management envisions who might be most likely to commit fraud in their organisation, they may think of a new employee who hasn’t earned the trust of their colleagues yet, or perhaps a lower-level employee who has been given too much access to cash or inventory. Or, as I have seen most often, management simply does not think any of their employees would commit fraud. These assumptions are not only incorrect, but they could end up costing the organisation millions. To read the full article click the “OPEN” button below.
We live in difficult times. Rushed decisions and poor planning increase the risks from crime and weak internal processes. Future proofing risk management requires technology, increased diversity and new digital skills
Robin Dunbar, University of Oxford; Chris Zebrowski, Loughborough University, and Per Olsson, Stockholm University
While the consequences of the COVID-19 pandemic are still unclear, it is certain that they are a profound shock to the systems underpinning contemporary life.
The World Bank estimates that global growth will contract by between 5% and 8% globally in 2020, and that COVID-19 will push between 71-100 million into extreme poverty. Sub-Saharan Africa is expected to be hit hardest. In developed countries health, leisure, commercial, educational and work practices are being reorganised – some say for good – in order to facilitate the forms of social distancing being advocated by experts and (sometimes reluctantly) promoted by governments.
Each of us has been affected by the changes wrought by COVID-19 in different ways. For some, the period of isolation has afforded time for contemplation. How do the ways in which our societies are currently structured enable crises such as this? How might we organise them otherwise? How might we use this opportunity to address other pressing global challenges, such climate change or racism?
For others, including those deemed vulnerable or “essential workers”, such reflections may have instead been directly precipitated from a more visceral sense of their exposure to danger. Had adequate preparations been made for events such as COVID-19? Were lessons being learnt not only to manage crises such as these when they happen again, but to prevent them from happening in the first place? Is the goal of getting back to normality adequate, or should we instead be seeking to refashion normality itself?
Such profound questions are commonly prompted by major events. When our sense of normality is shattered, when our habits get disrupted, we are made more aware that the world could be otherwise. But are humans capable of enacting such lofty plans? Are we capable of planning for the long-term in a meaningful way? What barriers might exist and, perhaps more pressingly, how might we overcome them in order to create a better world?
This article is part of Conversation Insights
The Insights team generates long-form journalism derived from interdisciplinary research. The team is working with academics from different backgrounds who have been engaged in projects aimed at tackling societal and scientific challenges.
As experts from three different academic disciplines whose work considers the capacity to engage in long-term planning for unanticipated events, such as COVID-19, in different ways, our work interrogates such questions. So is humanity in fact able to successfully plan for the longterm future?
Robin Dunbar, an evolutionary psychologist at the University of Oxford, argues that our obsession with short-term planning may be a part of human nature – but possibly a surmountable one. Chris Zebrowski, an emergency governance specialist from Loughborough University, contends that our lack of preparedness, far from being natural, is a consequence of contemporary political and economic systems. Per Olsson, sustainability scientist and expert in sustainability transformations from the Stockholm Resilience Centre at Stockholm University, reflects on how crisis points can be used to change the future – drawing on examples from the past in order to learn how to be more resilient going into the future.
Robin Dunbar
COVID-19 has highlighted three key aspects of human behaviour that seem unrelated but which, in fact, arise from the same underlying psychology. One was the bizarre surge in panic buying and stockpiling of everything from food to toilet rolls. A second was the abject failure of most states to be prepared when experts had been warning governments for years that a pandemic would happen sooner or later. The third has been the exposure of the fragility of globalised supply chains. All three of these are underpinned by the same phenomenon: a strong tendency to prioritise the short term at the expense of the future.
Most animals, including humans, are notoriously bad at taking the long term consequences of their actions into account. Economists know this as the “public good dilemma”. In conservation biology, it is known as the “poacher’s dilemma” and also also, more colloquially, as “the tragedy of the commons”.
If you are a logger, should you cut down the last tree in the forest, or leave it standing? Everyone knows that if it is left standing, the forest will eventually regrow and the whole village will survive. But the dilemma for the logger is not next year, but whether he and his family will survive until tomorrow. For the logger, the economically rational thing to do is, in fact, to cut the tree down.
This is because the future is unpredictable, but whether or not you make it to tomorrow is absolutely certain. If you die of starvation today, you have no options when it comes to the future; but if you can make through to tomorrow, there is a chance that things might have improved. Economically, it’s a no-brainer. This is, in part, why we have overfishing, deforestation and climate change.
The process underpinning this is known to psychologists as discounting the future. Both animals and humans typically prefer a small reward now to a larger reward later, unless the future reward is very large. The ability to resist this temptation is dependent on the frontal pole (the bit of the brain right just above your eyes), one of whose functions is to allow us to inhibit the temptation to act without thinking of the consequences. It is this small brain region that allows (most of) us to politely leave the last slice of cake on the plate rather than wolf it down. In primates, the bigger this brain region is, the better they are at these kinds of decisions.
Our social life, and the fact that we (and other primates) can manage to live in large, stable, bonded communities depends entirely on this capacity. Primate social groups are implicit social contracts. For these groups to survive in the face of the ecological costs that group living necessarily incur, people must be able to forego some of their selfish desires in the interests of everyone else getting their fair share. If that doesn’t happen, the group will very quickly break up and disperse.
In humans, failure to inhibit greedy behaviour quickly leads to excessive inequality of resources or power. This is probably the single most common cause of civil unrest and revolution, from the French Revolution to Hong Kong today.
The same logic underpins economic globalisation. By switching production elsewhere where production costs are lower, homegrown industries can reduce their costs. The problem is that this occurs at a cost to the community, due to increased social security expenditure to pay for the now redundant employees of home industries until such time as they can find alternative employment. This is a hidden cost: the producer doesn’t notice (they can sell more cheaply than they could otherwise have done) and the shopper doesn’t notice (they can buy cheaper).
There is a simple issue of scale that feeds into this. Our natural social world is very small scale, barely village size. Once community size gets large, our interests switch from the wider community to a focus on self-interest. Society staggers on, but it becomes an unstable, increasingly fractious body liable at continual risk of fragmenting, as all historical empires have found.
Businesses provide a smaller-scale example of these effects. The average lifetime of companies in the FTSE100 index has declined dramatically in the last half-century: three-quarters have disappeared in just 30 years. The companies that have survived turn out to be those that have a long term vision, are not interested in get-rich-quick strategies to maximise returns to investors and have a vision of social benefit. Those that have gone extinct have largely been those that pursued short term strategies or those that, because of their size, lacked the structural flexibility to adapt (think holiday operator Thomas Cook).
Much of the problem, in the end, comes down to scale. Once a community exceeds a certain size, most of its members become strangers: we lose our sense of commitment both to others as individuals and to the communal project that society represents.
COVID-19 may be the reminder many societies need to rethink their political and economic structures into a more localised form which is closer to their constituents. Of course, these will surely need bringing together in federal superstructures, but the key here is a level of autonomous community-level government where the citizen feels they have a personal stake in the way things work.
Chris Zebrowski
Where size and scale is concerned, it doesn’t get much bigger than the Rideau canal. Stretching over 202 kilometres in length, the Rideau canal in Canada is regarded as one of the great engineering feats of the 19th century. Opened in 1832, the canal system was designed to act as an alternative supply route to the vital stretch of the St Lawrence river connecting Montreal and the naval base in Kingston.
The impetus for this project was the threat of resumed hostilities with the Americans following a war fought between the United States, the United Kingdom and their allies from 1812-1815. While the canal would never need to be used for its intended purpose (despite its considerable cost), it is just one example of human ingenuity being paired with significant public investment in the face of an uncertain future threat.
“Discounting the future” may well be a common habit. But I don’t think that this is an inevitable consequence of how our brains are wired or an enduring legacy of our primate ancestry. Our proclivity to short-termism has been socialised. It is a result of the ways we are socially and politically organised today.
Businesses prioritise short-term profits over longer term outcomes because it appeals to shareholders and lenders. Politicians dismiss long-term projects in favour of quick-fix solutions promising instant results which can feature in campaign literature that is distributed every four years.
At the same time, we are surrounded by examples of highly sophisticated, and often well-financed, tools for risk management. The major public works projects, vital social security systems, sizeable military assemblages, complex financial instruments, and elaborate insurance policies which support our contemporary way of life attest to the human capacity to plan and prepare for the future when we feel compelled to do so.
In recent months, the vital importance of emergency preparedness and response systems in managing the COVID-19 crisis has come into full public view. These are highly complex systems which employ horizon scanning, risk registers, preparedness exercises and a variety of other specialist methods to identify and plan for future emergencies before they happen. Such measures ensure that we are prepared for future events, even when we are not entirely sure when (or if) they will materialise.
While we could not predict the scale of the outbreak of COVID-19, previous coronavirus outbreaks in Asia meant we knew it was a possibility. The World Health Organization (WHO) has been warning about the risks of an international influenza pandemic for many years now. In the UK, the 2016 national preparedness project Exercise Cygnus made abundantly clear that the country lacked the capacity to adequately respond to a large-scale public health emergency. The danger was clearly identified. What was required to prepare for such a calamity was known. What was lacking was the political will to provide adequate investment in these vital systems.
In many western nations the ascendance of neoliberalism (and accompanying logic of austerity) has contributed to the defunding of many critical services, including emergency preparedness, upon which our safety and security depend. This is in sharp contrast to countries including China, New Zealand, South Korea, and Vietnam where a commitment to both preparedness and response has ensured a rapid suppression of the disease and the minimisation of its disruptive potential to lives and the economy.
While such a diagnosis may first appear to be bleak, there is good reason to find within it some hope. If the causes of short-termism are a product of the ways we are organised, then there is an opportunity for us reorganise ourselves to address them.
Recent studies suggest that the public not only recognises the risk of climate change, but are demanding urgent action be taken to stave off this existential crisis. We cannot allow the death and destruction of COVID-19 to have been in vain. In the wake of this tragedy, we must be prepared to radically rethink how we organise ourselves our societies and be prepared to take ambitious actions to ensure the security and sustainability of our species.
Our capacity to deal not only with future pandemics, but larger-scale (and perhaps not unrelated) threats including climate change will require us to exercise the human capacity for foresight and prudence in the face of future threats. It is not beyond us to do so.
Per Olsson
As much as short-termism and structural issues have come to play out in analyses of the pandemic, those focused on the longer term keep arguing that this is the time for change.
The COVID-19 pandemic has led to a slew of people arguing that this is a once-in-a-generation moment for transformation. Government responses, these writers say, must drive far-reaching economic and social change relating to energy and food systems, otherwise we will be vulnerable to more crises in the future. Some go further and claim a different world is possible, a more equitable and sustainable society less obsessed with growth and consumption. But transforming multiple systems simultaneously is not an easy task, and it is worth understanding better what we already know about transformations and crisis.
History shows us that crisis does indeed create a unique chance for change.
A classic example is how the oil crisis in 1973 enabled the transition from a car-based society to a cycling nation in the Netherlands. Prior to the energy crisis there was growing opposition to cars, and a social movement emerged in response to the increasingly congested cities and the number of traffic related deaths, especially children.
Another example is the Black Death, the plague that swept Asia, Africa, and Europe in the 14th century. This led to the abolition of feudalism and the strengthening of peasants rights in Western Europe.
But while positive (large-scale) societal change can come out of crises, the consequences are not always better, more sustainable, or more just, and sometimes the changes that emerge are different from one context to another.
For example, the 2004 Indian Ocean earthquake and tsunami affected two of Asia’s longest-running insurgencies in Sri Lanka and the Aceh province in Indonesia very differently. In the former, the armed conflict between the Sri Lankan government and the separatist Liberation Tigers of Tamil Eelam deepened and intensified by the natural disaster. In Aceh meanwhile, it resulted in a historic peace agreement between the Indonesian government and the separatists.
Some of these differences can be explained by the long histories of the conflicts. But the readiness of different groups to further their agenda, the anatomy of the crisis itself, and the actions and strategies following the initial tsunami event also have important parts to play.
It comes as no surprise, then, that the opportunities for change can be seized by self-interested movements and therefore can accelerate non-democratic tendencies. Power can be further consolidated among groups not interested in improving equity and sustainability. We see this right now in places like the Philippines and Hungary.
With many clamouring for change, what gets left out of the discussion is that the scale, speed, and quality of transformations matter. And more importantly, the specific capabilities that are needed to navigate such significant change successfully.
There is often a confusion about what kinds of actions actually make a difference and what should be done now, and by whom. The risk is that opportunities created by the crisis are missed and that efforts – with the best of intentions and all the promises of being innovative – just lead back to the pre-crisis status quo, or to a slightly improved one, or even to a radically worse one.
For example, the financial crisis of 2008 was seized on by some as a moment to transform the finance sector, but the strongest forces pushed the system back to something resembling the pre-crash status quo.
Systems that create inequality, insecurity, and unsustainable practices are not easily transformed. Transformation, as the word suggests, requires fundamental changes in multiple dimensions such as power, resource flows, roles, and routines. And these shifts must take place at different levels in society, from practices and behaviours, to rules and regulations, to values and worldviews. This involves changing the relationships among humans but also profoundly change the relationships between humans and nature.
We see efforts now during COVID-19 to – at least in principle – commit to these kinds of changes, with ideas once viewed as radical now being deployed by a range of different groups. In Europe, the idea of a green recovery is growing. The city of Amsterdam is considering implementing doughnut economics – an economic system that is intended to deliver ecological and human wellbeing; and universal basic income is being rolled out in Spain. All existed before the COVID-19 crisis and have been piloted in some cases, but the pandemic has put rocket boosters under the ideas.
So for those that seek to use this opportunity to create change that will ensure the long-term health, equity, and sustainability of our societies, there are some important considerations. It is critical to dissect the anatomy of the crisis and adjust actions accordingly. Such assessment should include questions about what type of multiple, interacting crises are occurring, what parts of the “status quo” are truly collapsing and what parts remain firmly in place, and who is affected by all of these changes. Another key thing to do is to identify piloted experiments that have reached a certain level of “readiness”.
It is also important to deal with inequalities and include marginalised voices to avoid transformation processes becoming dominated and co-opted by a specific set of values and interests. This also means respecting and working with the competing values that will inevitably come into conflict.
How we organise our efforts will define our systems for decades to come. Crises can be opportunities – but only if they are navigated wisely.
For you: more from our Insights series:
To hear about new Insights articles, join the hundreds of thousands of people who value The Conversation’s evidence-based news. Subscribe to our newsletter.
Robin Dunbar, Professor of Evolutionary Psychology, Department of Experimental Psycology, University of Oxford; Chris Zebrowski, Lecturer in Politics and International Relations, Loughborough University, and Per Olsson, Researcher, Stockholm Resilience Centre, Stockholm University
This article is republished from The Conversation under a Creative Commons license. Read the original article.
“
Once our community becomes larger, our interests switch from the wider community to a focus on self-interest.
“
In humans, failure to inhibit greedy behaviour quickly leads to excessive inequality of resources or power.
We’re hardwired to make things worse for ourselves – and crises such as Covid and Brexit are bearing this out. Robin Dunbar, an evolutionary psychologist at Oxford University, argues that our obsession with short-term planning may be part of human nature.
Procurement is one of the most vital aspects of a business, serving the goal of obtaining goods and services for an organization at a cost-effective rate. It is widely agreed in the business world that procurement must be reliable and secure. In order to maintain this high standard of security, the mitigation of risks is crucial.
Procurement risk management is intended to anticipate risks and safeguard businesses from any problems that can arise during the procurement process. Each purchase brings with it a set of critical factors: product quality, vendor reliability, customer satisfaction, company reputation and more. All of these should be monitored to avoid all types of procurement risks.
Having an effective procurement risk management strategy will save costs for your business and help avoid any unwanted setbacks. It will ensure that your business’s procurement process remains efficient and productive.
In the modern business world, procurement has evolved from being a simple cost-cutting process to being an integral strategy designed to advance an organization’s bottom line. As businesses continue to adapt in the midst of a global pandemic, risk management in procurement has even stronger implications for the future success and reputation of a business.
Majdi Sleimen, co-founder of Tradogram, describes how the importance of procurement now extends to every part of an organization. “The rapid transformation of the procurement function from the back office to the boardroom has proved that procurement objectives are far beyond just cost control. Procurement plays a vital role in strategically aligning company values while managing the supply chain. Now more than ever, companies are turning to procurement to mitigate supply chain risk and maintain business continuity.”
Below is a list of the common types of procurement risks that nearly all companies experience in one way or another.
Knowing your needs, when you need them, and how you will satisfy them, is critical to the success of any supply chain. For instance, if your needs are overstated or understated, if you’re following an unrealistic schedule, or if you’re operating on an inadequate budget, as the procurement process begins there are several areas where issues have the potential to arise. These can have adverse effects and result in wasted time and added expenses. In addition, connecting accurate budgets to actual spending behaviour will be difficult.
Poor supply chain management can quickly make itself apparent if an organization doesn’t have a transparent, easily accessible vendor evaluation method, as well as a clear, carefully audited method for making purchases, requests, approvals, and payments. In this case, maverick spending can easily pass unchecked and drain a company’s finances. Disorganized supply chain management can also result in precious time being lost searching for invoices or terms and conditions.
In the modern business world, contracts are often simply treated as an agreement to buy. However, if contracts are approached carefully and thoroughly, there are opportunities for mutually beneficial partnerships to be made between your company and vendors, mitigating risks and saving costs. Without dependable vendors facilitated by stable and well-considered contracts, a company’s needs can go unfulfilled and projects can be delayed.
To avoid misinterpreting your business’s needs or using budgets that don’t match actual spending patterns, utilize the modern automation technology that procurement software offers. A strong procurement software package gives you the ability to track and analyze transaction data for every purchase and to assess usage patterns. This gives you valuable insights into how your business’s procurement strategy can be adjusted and optimized.
The implementation of automated procurement software allows for the easy set-up of a vendor portal, and offers streamlined, fully automated vendor evaluation and management, which helps greatly with mitigating supply chain risk.
Another valuable feature of procurement software is its ability to reduce or eliminate maverick spending, by defining and assigning roles for each facet of the procurement process: requests, approvals, and purchasing. With such implementation, you can also expect to see streamlined strategic sourcing to negotiate better deals with suppliers.
Investing in effective contract management software can go a long way. With a centralized document library in a procurement software solution, it is simple to view the contracts for each of your approved vendors along with thorough transactional data. This can easily be translated into reports for finance and upper management, which streamlines contract negotiations.
Procurement is becoming an increasingly important function of many businesses and risk mitigation is critical during the process. There is no doubt that process automation and the use of innovative technology can play a very important role in mitigating risk. Considering the volatility of today’s economy, an effective procurement software solution can provide a welcome boost to many businesses, cutting costs, and improving efficiency and transparency.
Take this opportunity to streamline your procurement strategy and avoid unnecessary risks with the seamless automation and data analysis of our procurement software solution. Contact us at Tradogram today to learn more.
by Logan Price, Marketing and PR, Tradogram
“
Having an effective procurement risk management strategy will save costs for your business and help avoid any unwanted setbacks.
“
Procurement plays a vital role in strategically aligning company values while managing the supply chain.
Logan Price at procurement software specialists Tradogram describes the common supply chain risks and how to mitigate them.
Terry Franklin, Global Business Development Director, QUALCO
Over the past decade, the European non-performing loans (NPLs) industry has matured, with loan sales and securitisations becoming the modus operandi for banks, and several investors actively entering into NPL transactions. But just as the NPL market achieved a steady, effective pace, the Covid-19 pandemic brought a very rapid and deep fall in economic activity.
With the level of uncertainty high, it is difficult to produce projections. However, this sudden halt is highly likely to cause a re-emergence of the NPL problem. According to recent research of the European Central Bank, during crises NPLs typically follow an inverse-U pattern. They start at modest levels, rise rapidly around the start of the crisis, and peak some years afterwards, before stabilising and declining.
Preparing a plan now to identify and deal with vulnerable loans is imperative, and it starts with developing a proactive debt management mechanism tailored to the creditor’s asset classes and customer circumstances. This mechanism requires accurate and timely loan and customer data, which often entails changes to legacy IT systems.
“The ability to spot how individual customers will be impacted by the pandemic will be the differentiating factor and value driver for banking and lending organisations.”
The Covid-19 outbreak immediately changed the way people work, shop, socialise, interact with their bank, and make payments, with a significant percentage moving to digital options for the first time. Unemployment levels have risen and will continue to rise, as various protection schemes, such as furlough, are withdrawn, and this will undoubtedly lead to higher levels of indebtedness.
Identifying whose financial cricumstances are adversely affected and to what extent is difficult – especially given the variance in moratoriums, the duration of the recession, the pace of an economic recovery and the changes in consumer behaviour caused by lockdowns.
The use of established models to predict future behavior has become somewhat arbitrary given the increase in unknowns. These models no longer support the new approach needed to cater for a Covid-19 world, and businesses are having to adapt.Circumstances today call for adaptive models that are constantly updating and quickly recognise changes in behaviour, re-calibrating and/or rebuilding them when needed. Daily feeds of large volumes of data into these models, such as those reflecting the frequency of reaching credit limits, or frequency of contact via online help pages or missing payments, enable continuous change and lead to more accurate predictions and personalised treatment paths.
At QUALCO we have seen that combining this approach with machine learning and a comprehensive collections system revolutionises NPL management operations and radically reduces losses.
“A 30 per cent improvement in efficiencies and higher cash flow rates can be expected by introducing ML behavioural analysis and digital tools that allow customers to interact with their creditors.”
Acting now to align operational activity with constantly changing customer behaviour will allow creditors to respond quickly and effectively to the inevitable increase in non-performing exposures. Failure to take steps to mitigate the risk today will ultimately lead to increased losses and swamped collection centres.
QUALCO is a leading fintech in the debt management industry offering enterprise-class collections and analytics software that transforms businesses and their results. To learn more about QUALCO, please click here.
With Covid-19 having made consumer behaviour erratic and unpredictable, we need a new approach to accurately project NPLs. To read the article, click the “OPEN” button below.
From the Black Lives Matter movement (BLM) to the Environment, Society and Governance (ESG) investment initiatives, the resounding cry is for greater diversity and inclusion in the workforce, and a reduction in inequality and in the barriers to opportunity.
Yet the changes that reduce the dominance of, to put it bluntly, old white men, in the world’s boardrooms are still seen to be happening at a glacial pace.
A Catalyst study of US Fortune 500 companies showed that those with a higher representation of women on their boards of directors outperformed their peers by 53% in return on equity and 42% in return on sales.
And it is not just a matter of race or gender. There is an increasing focus on cognitive diversity to avoid “group-think”, for example where board members are predominantly accountants. There is plenty of evidence to suggest that a lack of cognitive diversity in the boardroom has been a contributory factor in the dramatic corporate failures that we have seen, such as Wirecard and Carillion, and indeed the financial crisis of 2007/8.
In Testosterone, Cortisol and Financial Risk-Taking, Joe Herbert of the University of Cambridge’s Department of Clinical Neurosciences examined how hormone levels in men and women impacted their risk-related decisions. His review of several studies showed connections between higher levels of testosterone and mispricing and “over-optimism about future changes in asset values.”
So, how are diversity and inclusion linked with strategic business risk?
Most boards are aware these days that environmental and reputational risks are likely to be as important as traditional financial risks, if not more so. BP’s failure with the Gulf oil-spill was not caused by financial factors. Nor was it the environmental impact that did the most damage to the company. It was the reputational harm caused by the mishandling of the oil-spill that proved to be the biggest problem.
But few boards consider diversity and inclusion to be a strategic business risk. They may well have ethnic and gender diversity targets for their workforce. Perhaps they report on ethnic and gender pay-gaps in their annual reports. But they will probably regard diversity and inclusion as an HR issue, and not something that should appear on the strategic risk register.
That is all about to change. There is an increasing awareness that creating an inclusive workplace for all, regardless of gender, ethnicity, background, sexual orientation and beliefs, is not just a source of competitive advantage. It also plays a powerful role in shaping the views of stakeholders: shareholders, employees, suppliers and, probably most important of all, customers.
There is a growing view that a lack of diversity and inclusion in the workforce is a major strategic business risk. The existence of a mono-cultural, ‘group-thinking’, exclusive board of directors is an indication that the risk is not being taken seriously: in all probability such a board does not have the skills, experience or even the inclination to address the issues.
Since April 2017, gender pay-gap reporting has been mandatory in the UK. Financial services, which is one of the most important sectors for the UK economy, has a gender pay-gap of about 34%. That is double the national average of 17%.
This is a serious reputational risk, which will influence how stakeholders, including prospective and current employees, customers and regulators, view financial services firms. This makes diversity and inclusion a business issue rather than an HR issue – a business risk that demands to be actively measured, monitored and managed.
Given that diversity and inclusion should appear on the board’s strategic risk register, which aspects should be covered?
There are four main areas:
The main risks to the development of a successful company strategy, where there is a lack of diversity and inclusion in the board and senior management team, is that poor decisions are likely to be made without a challenge to the status quo. The risk of group-think is that the strategic focus is too narrow, opportunities are missed, and ground is lost against competitors.
With the immediacy of social media, particularly with respect to customer experience, reputation risk is increasingly important. A diverse board leading an inclusive workforce is much more likely to be able to respond to the needs of a diverse customer base.
Boards with only a token attempt at diversity and inclusion, who practice ‘one and done’, are unlikely to convince stakeholders that they are really making an effort. They may well damage the company’s reputation, especially in the eyes of investors looking for exemplary corporate governance practice.
The Board and Senior Management team should set the tone from the top of the organisation. Ensuring diversity and inclusion is not just a tick box exercise about numbers and percentages. It is about openness and transparency, a willingness to embrace new ideas, and new ways of thinking.
Exit interviews with employees these days more often than not highlight a lack of clear leadership as one of the main reasons for staff wanting to work elsewhere. Leaders who are seen to embrace diversity and inclusion have been shown to be more effective than those that do not.
Businesses which deliberately exclude sections of the community on the grounds of gender, ethnicity or some other characteristic are exposing themselves to prosecution for breaking employment law. More importantly though they are limiting the possibilities for recruiting the right people for the job. This is especially true in the case of sectors where there are skills shortages. The risk to the organisation of not making the talent pool for recruitment as wide as possible is that they will miss out on attracting and retaining the best people and thereby reduce their key source of competitive advantage.
Post COVID-19, businesses are looking at the ‘new normal’ for innovative and improved ways of engaging with their employees, customers, suppliers and investors. Traditional ways of doing business are being questioned as rapid advances in technology enable truly global working. Communities are looking to put an end to discrimination and to create environments with equal opportunities, regardless of gender, race, ethnicity or other characteristics.
Diversity and inclusion are rapidly becoming the ‘new normal’. Directors and their boards need to identify, mitigate and monitor the risks of not acting swiftly enough to ensure that they and their workforces put an end to the mono-cultural, group-think way of operating.
by David Doughty, Chartered Director – Chief Executive, Chair, Non-Executive Director, Entrepreneur and Business Mentor
From the Black Lives Matter movement (BLM) to the Environment, Society and Governance (ESG) investment initiatives, the resounding cry is for greater diversity and inclusion in the workforce, and a reduction in inequality and in the barriers to opportunity.
Yet the changes that reduce the dominance of, to put it bluntly, old white men, in the world’s boardrooms are still seen to be happening at a glacial pace.
A Catalyst study of US Fortune 500 companies showed that those with a higher representation of women on their boards of directors outperformed their peers by 53% in return on equity and 42% in return on sales.
And it is not just a matter of race or gender. There is an increasing focus on cognitive diversity to avoid “group-think”, for example where board members are predominantly accountants. There is plenty of evidence to suggest that a lack of cognitive diversity in the boardroom has been a contributory factor in the dramatic corporate failures that we have seen, such as Wirecard and Carillion, and indeed the financial crisis of 2007/8.
In Testosterone, Cortisol and Financial Risk-Taking, Joe Herbert of the University of Cambridge’s Department of Clinical Neurosciences examined how hormone levels in men and women impacted their risk-related decisions. His review of several studies showed connections between higher levels of testosterone and mispricing and “over-optimism about future changes in asset values.”
So, how are diversity and inclusion linked with strategic business risk?
Most boards are aware these days that environmental and reputational risks are likely to be as important as traditional financial risks, if not more so. BP’s failure with the Gulf oil-spill was not caused by financial factors. Nor was it the environmental impact that did the most damage to the company. It was the reputational harm caused by the mishandling of the oil-spill that proved to be the biggest problem.
But few boards consider diversity and inclusion to be a strategic business risk. They may well have ethnic and gender diversity targets for their workforce. Perhaps they report on ethnic and gender pay-gaps in their annual reports. But they will probably regard diversity and inclusion as an HR issue, and not something that should appear on the strategic risk register.
That is all about to change. There is an increasing awareness that creating an inclusive workplace for all, regardless of gender, ethnicity, background, sexual orientation and beliefs, is not just a source of competitive advantage. It also plays a powerful role in shaping the views of stakeholders: shareholders, employees, suppliers and, probably most important of all, customers.
There is a growing view that a lack of diversity and inclusion in the workforce is a major strategic business risk. The existence of a mono-cultural, ‘group-thinking’, exclusive board of directors is an indication that the risk is not being taken seriously: in all probability such a board does not have the skills, experience or even the inclination to address the issues.
Since April 2017, gender pay-gap reporting has been mandatory in the UK. Financial services, which is one of the most important sectors for the UK economy, has a gender pay-gap of about 34%. That is double the national average of 17%.
This is a serious reputational risk, which will influence how stakeholders, including prospective and current employees, customers and regulators, view financial services firms. This makes diversity and inclusion a business issue rather than an HR issue – a business risk that demands to be actively measured, monitored and managed.
Given that diversity and inclusion should appear on the board’s strategic risk register, which aspects should be covered?
There are four main areas:
The main risks to the development of a successful company strategy, where there is a lack of diversity and inclusion in the board and senior management team, is that poor decisions are likely to be made without a challenge to the status quo. The risk of group-think is that the strategic focus is too narrow, opportunities are missed, and ground is lost against competitors.
With the immediacy of social media, particularly with respect to customer experience, reputation risk is increasingly important. A diverse board leading an inclusive workforce is much more likely to be able to respond to the needs of a diverse customer base.
Boards with only a token attempt at diversity and inclusion, who practice ‘one and done’, are unlikely to convince stakeholders that they are really making an effort. They may well damage the company’s reputation, especially in the eyes of investors looking for exemplary corporate governance practice.
The Board and Senior Management team should set the tone from the top of the organisation. Ensuring diversity and inclusion is not just a tick box exercise about numbers and percentages. It is about openness and transparency, a willingness to embrace new ideas, and new ways of thinking.
Exit interviews with employees these days more often than not highlight a lack of clear leadership as one of the main reasons for staff wanting to work elsewhere. Leaders who are seen to embrace diversity and inclusion have been shown to be more effective than those that do not.
Businesses which deliberately exclude sections of the community on the grounds of gender, ethnicity or some other characteristic are exposing themselves to prosecution for breaking employment law. More importantly though they are limiting the possibilities for recruiting the right people for the job. This is especially true in the case of sectors where there are skills shortages. The risk to the organisation of not making the talent pool for recruitment as wide as possible is that they will miss out on attracting and retaining the best people and thereby reduce their key source of competitive advantage.
Post COVID-19, businesses are looking at the ‘new normal’ for innovative and improved ways of engaging with their employees, customers, suppliers and investors. Traditional ways of doing business are being questioned as rapid advances in technology enable truly global working. Communities are looking to put an end to discrimination and to create environments with equal opportunities, regardless of gender, race, ethnicity or other characteristics.
Diversity and inclusion are rapidly becoming the ‘new normal’. Directors and their boards need to identify, mitigate and monitor the risks of not acting swiftly enough to ensure that they and their workforces put an end to the mono-cultural, group-think way of operating.
by David Doughty, Chartered Director – Chief Executive, Chair, Non-Executive Director, Entrepreneur and Business Mentor
Fortune 500 companies with more women directors outperformed their peers by 53% in ROI and 42% in return on sales. David Doughty, entrepreneur and corporate governance expert explains why demographic and cognitive diversity is an essential part of achieving corporate success.
For many people in the United Kingdom, talk of Brexit has fallen by the wayside. Despite the pause in what had seemed like non-stop Brexit talk, the end of the transition period (31 December 2020) remains on the horizon. For UK recipients of European Union (EU) grant funding, things are going to change. For counter fraud professionals in the public and private sectors, changes to (or the absence of) EU grant funding is expected to pose a significant challenge once the transition period ends.
The EU is a huge source of grant funding for its member states. EU grants currently cover infrastructure, cultural, environmental, agricultural, scientific, educational and fishing initiatives, among others. However, the participation of the UK in future programmes after 2020 will depend on the outcome of negotiations on the relationship with the EU.
Currently, recipients who have been awarded or are already in receipt of EU funding will continue to receive those payments, including funding due to be received after the close of the transition period. Additionally, applications for some EU funds can be made under the current spending framework. However, it has yet to be decided what funding UK organisations will be able to apply for after the spending framework ends.
In July 2020, the UK government published its Research and Development Roadmap, which set out its vision and ambition for science, research and innovation. The Roadmap restates the UK’s ambition to fully associate to Horizon Europe and Euratom, subject to agreeing a fair and balanced deal. The government has also said it would implement short-term alternative funding arrangements if there are any funding gaps before a more formal agreement is reached. It has committed to providing funding to UK partners who are successful in bidding to programmes open to third country participation.
With significant change in uncertain times and decisions being made without knowledge of long-term agreements, the risk of fraud is greatly increased. Businesses and local governments will be making long-term decisions on key projects with limited knowledge of secured funding. This economic setting means that agreements will be entered into with new partners and suppliers, new ways of working will be adopted and an increased reliance on risk management will be realised. These circumstances create the perfect breeding ground for fraud and opportunists that aim to take advantage of uncertainty and its associated vulnerability.
Organisations will have to stay vigilant while this significant, anticipated change occurs in the UK. Existing and new controls will have to be reviewed and developed for new ways of working, and it is expected that there will be a greater reliance on risk management frameworks.
With fraudsters looking to seek opportunity in turbulent and uncertain times, weaknesses in future grant application processes will likely be preyed upon, with a view to diverting grant funding through the misrepresentation of genuine claims. Due diligence will become more important than ever. In post-transition period Britain, fraud loss from grants will no longer be a shared EU loss, but rather will be borne solely by UK budgets.
The risks are real, and planning for unknown changes to grant funding should be a current and ongoing area of focus for counter fraud professionals.
by Marc McAuley, Head of Counter Fraud Operations at CIPFA
The chaos and uncertainty of Brexit are the perfect breeding ground for grant fraud. CIPFA’s Marc McAuley (pictured) warns that, outside the group safety of the EU, the UK needs watertight due diligence if it is to avoid huge losses to misrepresented claims.
In an extract from recently published book Digital Governance (Routledge, 2020), co-author Jeremy Swinfen Green discusses the problems of managing technology risk.
It sounds like a wonderful opportunity. Using technology, businesses can deliver the products and services that people have always wanted (even if they didn’t always realise it) – customised, instant, convenient and available anywhere.
But that doesn’t mean it’s an easy opportunity to manage. Unfortunately, in over 80 per cent of cases digital transformation initiatives fail. The truth is that managing technology is hard, especially for people who are not technologists. Sometimes it seems that technologists speak a totally different language full of TLAs (Three Letter Acronyms). They have different attitudes to risk, deliverables and even time from their non-technical counterparts. They think in different ways, far more literally than most people.
Well, that may or may not be true. But the difficult in managing technology doesn’t stem from the nature of the people involved. It’s to do with the nature of technology, which is often a catalyst for new ways of thinking and working.
Technology can bring rapid change and managing change is always hard. It is about moving forward while much of governance is about using backward-looking tools such as financial accounts. In addition, most organisations resist change: people in them are cautious and generally like to remain comfortable doing and using what they know.
People are often particularly worried about technological change. They think, “I’m going to lose my job to a robot.” Or “I’m going to look stupid because I don’t understand this new stuff.” And because they are frightened, they look for excuses to avoid change: “I’d never use that, so I don’t think anyone else would either.”
Managing rapid technological change is particularly difficult. Decisions that may need considerable thought need to be made quickly and circumstances may have changed before the decision is made.
And if circumstances (including technology) change so rapidly, the temptation is to avoid making any decisions in the hope that the pace of change might eventually slow, allowing more reasoned decisions to be made.
It’s inevitable that technology will change and bring changes to society along with it. You might as well accept that and start making decisions about how you are going to react to technology, either by changing your products and services or by changing the way your organisation delivers those products and services.
But before you make any decisions, it’s a good idea to remember that introducing new technology carries many risks that may be difficult to manage. Why is that? There are a number of reasons:
Conversely, another common experience is that the scope of proposed change is implemented successfully but lacks ambition, because of fear or because of a lack of imagination about what might be achieved.
Another problem is “virtuality”. It’s easy to visualise a new machine. It’s far harder to visualise a new end-to-end process. There is a danger that the focus of digital transformation can be on making a physical change, in effect bolting a computer onto a system to make it a bit more efficient, rather than thinking how the system as a whole could be made radically more efficient and effective through technology.
This problem is often made worse by a focus on a process or even a particular endpoint, such as a product or output from a process, rather than a wider focus on continued business success.
And just to make things a little worse, the implementation of technology is often driven at speed, perhaps because it was started late and people are panicking, perhaps because the enthusiastic developers want to ignore due process (and/or compliance) and get to a result as soon as possible.
If you mean to be successful in the transformative use of technology, there are a number of things to consider. Ensure that any technology initiatives are truly integrated into your organisation: having a separate “technology change” department is a certain route to failure. Look at all your processes and see where most value is to be found: don’t employ technology for the sake of it. And be pragmatic: if you are over-ambitious and try to do everything at the same time you will probably fail at everything.
The most important principle is to focus on the people who will be affected by technology – the end users, whether they are employees or customers. If you forget them they will simply reject your technology and avoid your products and services.
Transforming an organisation through technology can never be easy. But if you are pragmatic and manage the risks involved you will have a far better chance of success. Get it right and the rewards are potentially enormous.
Digital transformation consultant Jeremy Swinfen Green explains that, while technology enables businesses to satisfy market demand faster and more effectively, this opportunity comes with substantial risks attached. To read his article, click the “OPEN” button below.
With real-time transactions gaining popularity and new legalised product markets (such as cannabis) emerging, anti-money-laundering (AML) regulations are getting tougher and more complex.
New payment transaction types allow money launderers to apply smarter schemes. The adoption of peer-to-peer payments via services such as Google Pay, PayPal, Popmoney, Square Cash, Venmo, Xoom and Zelle complicates tracing funds and catching money-laundering activities. Cryptocurrency payments are on the rise, along with related money-laundering activity. This allows money launderers to employ covert new account opening, layering and structuring schemes to facilitate faster and less detectable money laundering.
At the same time regulators are creating more-complex compliance regulations at breakneck speeds. The list of mandates related to AML is getting longer every year. Regulators are responding to and keeping up with an increasing number and sophistication of money-laundering schemes. New AML regulations effective from January 10, 2020, mandate that new kinds of organisations, beyond traditional financial services, must perform AML activities.
Preventing and reporting money-laundering activities is a key issue for financial institutions, insurers, gaming and gambling organisations, utilities and telecoms, especially during periods of economic and budgetary constraints such as the one we are currently experiencing. Forrester expects that, in the next three to four years, firms that enable customers to create an account and store and move money in and out of that account will have to comply with AML regulations in their appropriate jurisdiction:
Integrate once, communicate often
Failing to improve a business’ AML regime can expose it to regulatory fines, sanctions and even higher levels of fraud. In today’s complex and online-first environment, where faceless registration and application is the norm, it’s important to coordinate and unify efforts to build on existing data ingestion methods and create new unified methods for as few AML suites as possible. At a minimum, there should be an internal sharing database with tight access controls to disseminate hotlists about known money launderers’ identities.
It’s also important to supply as much alert and case context to investigators on one screen as possible. Solutions are getting much better at being able to customise case management screens to include map information and link analysis, and predictively recommend other cases to look at or to investigate. Having a single-pane-of-glass view of transactions and entities reduces the likelihood of investigators missing important case details.
Find out more about Forrester’s research topics on Fraud Management and Financial Services here.
by Andras Cser, VP and Principal Analyst, Forrester
With real-time transactions gaining popularity and new legalised product markets (such as cannabis) emerging, anti-money-laundering (AML) regulations are getting tougher and more complex.
New payment transaction types allow money launderers to apply smarter schemes. The adoption of peer-to-peer payments via services such as Google Pay, PayPal, Popmoney, Square Cash, Venmo, Xoom and Zelle complicates tracing funds and catching money-laundering activities. Cryptocurrency payments are on the rise, along with related money-laundering activity. This allows money launderers to employ covert new account opening, layering and structuring schemes to facilitate faster and less detectable money laundering.
At the same time regulators are creating more-complex compliance regulations at breakneck speeds. The list of mandates related to AML is getting longer every year. Regulators are responding to and keeping up with an increasing number and sophistication of money-laundering schemes. New AML regulations effective from January 10, 2020, mandate that new kinds of organisations, beyond traditional financial services, must perform AML activities.
Preventing and reporting money-laundering activities is a key issue for financial institutions, insurers, gaming and gambling organisations, utilities and telecoms, especially during periods of economic and budgetary constraints such as the one we are currently experiencing. Forrester expects that, in the next three to four years, firms that enable customers to create an account and store and move money in and out of that account will have to comply with AML regulations in their appropriate jurisdiction:
Integrate once, communicate often
Failing to improve a business’ AML regime can expose it to regulatory fines, sanctions and even higher levels of fraud. In today’s complex and online-first environment, where faceless registration and application is the norm, it’s important to coordinate and unify efforts to build on existing data ingestion methods and create new unified methods for as few AML suites as possible. At a minimum, there should be an internal sharing database with tight access controls to disseminate hotlists about known money launderers’ identities.
It’s also important to supply as much alert and case context to investigators on one screen as possible. Solutions are getting much better at being able to customise case management screens to include map information and link analysis, and predictively recommend other cases to look at or to investigate. Having a single-pane-of-glass view of transactions and entities reduces the likelihood of investigators missing important case details.
Find out more about Forrester’s research topics on Fraud Management and Financial Services here.
by Andras Cser, VP and Principal Analyst, Forrester
With the rise of crypto and online payment mechanisms and newly legalised markets opening up, the 2020s are a money launderer’s paradise. Forrester’s Andras Cser looks at developing trends in the AML landscape.
The risk profession is going to have to develop new skills to stay ahead of the digital game. In 2018, the Institute of Risk Management partnered with the Cambridge Centre for Risk Studies (CRS) at the University of Cambridge Judge Business School to produce exciting new risk management research. The publication, Risk Management Perspectives of Global Corporations, reviews the risk management practices of major organisations and determines how they are adapting to meet future challenges and opportunities, particularly those posed by rapid technological developments.
This research has highlighted technological change as the biggest driver of uncertainty for organisations today. From self-driving cars to online medical consultations, new technologies such as the internet of things, blockchain, artificial intelligence, robotics and data analytics are starting to transform how things are done and present us with a new landscape of opportunity and risk. Change has always been with us, but there is a feeling that what we are facing now is more extreme. This arises from both the speed of developments and the profound impacts they are likely to have on business models and on human activity.
Technological developments are moving so fast – look at what you can do on your mobile phone today that you couldn’t do (reliably, anyway) five years ago; look at the mushrooming take up of connected devices in our homes and workplaces. Further emerging technologies such as drones, virtual reality, autonomous vehicles and blockchain are starting to move out of the laboratory and into real-life applications, as our ability to transmit and crunch vast amounts of data expands. New technology offers so many opportunities for organisations to fulfil their objectives by improving processes, reducing costs, enhancing services and developing innovative new solutions. The potential benefits for firms, individuals and economies are huge. But all of this comes with risk – there are downsides as well as upsides, and these risks need to be managed. As well as the relatively familiar “cyber” risks of hacking, data and privacy breaches, extortion and internet-related fraud, there are the more strategic risks faced by organisations where digital technology is disrupting markets. There are also ethical questions – just because you can do something, does that mean you should? And if you do, how can you do it safely (and what does that even mean)?
Our research also uncovered that fewer than 40 per cent of the risk management community feel well equipped to understand these changes and support their organisations in this area. Part of our response to this is, don’t panic! The basic principles of good risk management will stay the same – the fundamental approach of building resilient organisations with robust processes, a healthy risk culture and strong risk communications will still be very much required, albeit able to move at a faster pace. The context, however, is certainly shifting with new risks to address and the potential for new tools and techniques to help. The risk professional cannot afford to be left behind in this field. They have to be reasonably knowledgeable about these developments. If they act fast, they could actually have an opportunity to lead and add value in helping their organisations manage these risks.
To help with this, IRM recently launched its new Digital Risk Management certificate. This qualification has been designed to equip risk practitioners and others to apply their skills in an increasingly digital world. Our world-class study material, developed in collaboration with Warwick University, will cover how new technologies and digitalisation are disrupting businesses and changing the risk environment for organisations of all types. It will look at how to carry out digital risk assessments, provide a detailed grounding in cyber-security principles and practices, and also look at the ethical issues surrounding both privacy and machine learning.
The qualification is, naturally, delivered and examined globally on a fully online basis, paving the way for a programme that will eventually bring all IRM’s qualifications online and hence make them even more accessible. It will be a relatively quick qualification to obtain, involving one multiple-choice examination and about 180 hours of study over approximately six months. It has been designed on a standalone basis to provide both a supplementary “future-proofing” qualification for our existing members as part of their continuing professional development opportunity, and also as an introduction to the subject for those from other disciplines. Enrolment for our first exam session opened at the end of 2018 and more than 200 people from around the world have already signed up to take the certificate.
A combination of great risk management skills together with an up-to-date knowledge of the digital risk landscape should be an unbeatable combination for tomorrow’s risk jobs.
The IRM also delivers an International Certificate in Enterprise Risk Management, one in Financial Services and also a Diploma. More information on this can be found here.
If you’re interested in finding out more, click here.
The risk profession must evolve to stay relevant in an increasingly digitised world. Research from the Judge Business School in Cambridge and the Institute of Risk Management uncovers the new skills, knowledge and processes that will be needed
When management envisions who might be most likely to commit fraud in their organisation, they may think of a new employee who hasn’t earned the trust of their colleagues yet, or perhaps a lower-level employee who has been given too much access to cash or inventory. Or, as I have seen most often, management simply does not think any of their employees would commit fraud. These assumptions are not only incorrect, but they could end up costing the organisation millions.
While people commit fraud for a variety of reasons, criminologist Dr Donald Cressey hypothesises that three factors need to be in place for a fraud to begin: pressure, perceived opportunity and rationalisation. Together, these form the Fraud Triangle. The underlying pressure can come from within the organisation, such as unrealistic sales goals for employees, or it can be personal, such as an employee struggling financially due to a costly divorce or a gambling addiction. A perceived opportunity is present when a potential fraudster sees how they’d be able to commit fraud and not get caught. For example, maybe an employee is able to both approve company purchases and authorise payments to vendors. Or perhaps they know there is no oversight for expense reports. Rationalisation can take the form of an employee believing they aren’t fairly compensated for their work, or even thinking that an act of fraud would only happen once, and they’d pay it back before anyone noticed.
In the latest edition of the Association of Certified Fraud Examiner’s (ACFE) Report to the Nations, 2,504 fraud cases from 125 countries were analysed to gain a clear understanding of patterns and trends in occupational fraud. In addition to looking at the fraud schemes and how they were detected, the report examined the characteristics of those who perpetrated the frauds.
Non-managerial level employees were the most common perpetrators, representing 41 per cent of cases, with mid-level managers being the perpetrators in 35 per cent of the cases. While owners/executives only accounted for 20 per cent of cases, they caused the most financial damage and their fraud schemes lasted the longest before being discovered. Fraud perpetrated by an owner/executive had a median duration of two years and caused a median loss of $600,000.
The length of time a fraudster had been at the organisation mattered as well. Fraud was most commonly perpetrated by employees who had worked for the victim organisation from one to five years; these cases resulted in a median loss of $100,000. Employees who had been employed from six to 10 years represented 22 per cent of cases and caused a median loss of $190,000, and those with more than 10 years’ tenure represented 23 per cent of the cases and a median loss of $200,000. While some people may assume newer employees pose a higher risk, individuals who had been with the organisation for less than a year only comprised 9 per cent of the cases and caused a median loss of $50,000.
Other demographic factors such as gender, education and age also influenced the amount lost. Male perpetrators were more common than female, accounting for 72 per cent of fraud cases studied, and caused a median loss of $150,000, compared with $85,000 caused by female perpetrators. Of the cases analysed, 64 per cent of fraudsters had a university degree or higher; these perpetrators also caused a significantly higher median loss ($195,000) than those without a university degree ($100,000). Additionally, losses tend to rise with the perpetrator’s age. Perpetrators younger than 40 caused a median loss of $75,000, those aged between 40 and 54 caused a median loss of $150,000 and fraudsters over 55 caused a median loss of $425,000.
While perpetrators varied in their demographic data, there were consistent behavioral red flags that they displayed. The most telling was living beyond their means – 42 per cent of fraudsters exhibited this characteristic, which has been the most common red flag in all of our studies since 2008. Additionally, 26 per cent had known financial difficulties, 19 per cent had an unusually close relationship with vendors or customers, 15 per cent displayed control issues (such as an unwillingness to share duties) and 13 per cent showed irritability, suspiciousness or defensiveness. There were also HR-related red flags in many cases: 13 per cent of fraudsters had poor work evaluations, 13 per cent had excessive absenteeism, 12 per cent displayed a fear of losing their job and 10 per cent were denied a raise or promotion.
While the fact that some employees display red flags or fall into higher-risk demographic categories does not necessarily mean they will commit fraud, being aware of these factors can help business leaders at any type of organisation recognise early warning signs and protect themselves and their employer from fraud.
Find free fraud training and awareness resources at FraudWeek.com. For more information on fraud prevention and detection, visit ACFE.com.
by Bruce Dorris, President and CEO, ACFE
When management envisions who might be most likely to commit fraud in their organisation, they may think of a new employee who hasn’t earned the trust of their colleagues yet, or perhaps a lower-level employee who has been given too much access to cash or inventory. Or, as I have seen most often, management simply does not think any of their employees would commit fraud. These assumptions are not only incorrect, but they could end up costing the organisation millions. To read the full article click the “OPEN” button below.