In an uncertain climate where risk is rife, the call for a more holistic approach to risk management has never been greater
Despite new risks having emerged amid the volatile global environment, existing risks such as cyber-crime and climate change haven’t gone away. Compounding this are new regulations on the horizon, such as those recommended in The Brydon Review, where it’s likely we’ll see increased scrutiny over risk management, compliance and internal controls in the coming months.
The rapid pace of change in the past year has undoubtedly created significant short-term challenges for organisations worldwide, but only now are the long-term consequences beginning to manifest themselves.
Arguably, Covid-19 has highlighted deficiencies in risk management that otherwise might never have been brought to light. Though what’s clear is that those who have taken a more dynamic and frequent approach to their risk practices have been better able to future-proof their business and tackle the ongoing turbulence initiated by the pandemic.
Here are some ways organisations can enhance their performance in four of today’s key risk areas, while maintaining rigorous compliance and agility:
As innovation rises, so too do risks. Yet conversely, the risk of not innovating can be just as high. This places a considerable onus on risk managers to help their organisations strike the right balance between risk and reward.
Due to the nature of innovation, propositions are often in a constant state of development, rendering point-in-time engagement from risk executives impractical. For risk management to be effective, it must be embedded throughout the development process, with continuous interaction between risk and innovation teams. Furthermore, risk controls should be an integral part of product design, especially in the face of regulations such as GDPR, which maintains “privacy by design” as one of its leading principles.
Innovation risks undoubtedly alter the risk profile of an organisation and potentially fuel other technology-related risks such as cyber-crime and fraud – creating another strong case for implementing new risk controls and a wider discipline of digital conduct.
One prime example of innovation risk managed well is e-commerce giant JD.com, whose radical advances in contagion-mitigating technology and robotics have increased the retailer’s stock price by 97 per cent in the past year alone.
At the same time as organisations are expanding their digital footprint, cyber-threats are growing exponentially in their sophistication. Although this has largely made traditional risk management frameworks unworkable, a data-driven approach can help businesses to better quantify cyber-risk and sense check their cyber-response capabilities.
Data can be derived from multiple sources including audit findings, threat intelligence tools, asset lifecycles and defect management to help build a real-time picture of risk, while providing key insights to the security team and senior leaders for more informed decision-making.
That said, a cyber-risk framework is only as good as an organisation’s first line of defence – its valued employees. An all-hands-on-deck style is the surest way to instilling a culture of cyber-security accountability at all levels of the business, supported through training courses and robust policies to raise awareness of today’s ever-evolving cyber-risks.
By identifying and addressing vulnerabilities before they become an issue, risk professionals can reduce the likelihood of their organisation being a sitting target and thus protect their end-clients as they continue their digitisation journey.
Rising expectations from stakeholders in recent years have indicated that high environmental, social and governance (ESG) performance could lead to improved profitability and business opportunities.
Microsoft is one such case in point, becoming the first company in its sector to target a “carbon negative” status by 2030. Since creating a $1 billion fund to reduce emissions and carbon usage, Microsoft received the highest ESG rating (AAA) from MSCI ESG Research in 2019.
Covering a wide set of issues, a failure to incorporate ESG into enterprise risk management practices could see businesses lagging behind their peers. Particularly so if they do not make the connection between ESG and materiality.
While laws and regulations mandating disclosure is a key driver for putting forth a robust ESG strategy, businesses should adopt an approach that transcends simply meeting compliance requirements. A critical starting point is to develop a purposeful culture around ESG that is exemplified at the top and instilled throughout the organisation.
Board oversight is also crucial to the effective integration of ESG risk management and subsequent long-term sustainability. Senior leaders should work closely with risk teams to monitor ESG performance against the company’s goals, making activities such as megatrend analysis, media monitoring and regular ESG materiality assessments a core part of the wider ERM framework.
With the regulatory landscape changing at a rate of knots, businesses that rely on antiquated, reactive ways of managing compliance risks could open themselves up to a host of negative repercussions, from both a financial and reputational standpoint.
However, an integrated compliance framework facilitated by technology can not only enable companies to be more risk-intelligent but can also help keep compliance standards in check, ensuring policies are adhered to at all levels of the organisation.
Coupled with a best practice strategy for managing regulatory compliance risk, today’s advances in automation and regtech can provide a 360-degree view of compliance while delivering meaningful insights and highlighting gaps in processes or deviation from policy.
Moreover, as authorities place increased focus on the quality and completeness of regulatory data, businesses will need to show that they have systematic controls and tools in place to provide accurate regulatory and compliance reporting. By putting transparency at the heart of regulatory risk management through digital means, organisations can have the confidence that their regulatory obligations are being met, mitigating the chance of them falling foul of non-compliance.
With a focus on high-level risks as well as the more granular impact of risk across the board, businesses will not only benefit from a competitive advantage in future but also greater resilience and compliance in times of extreme disruption. Are you ready for a risk management revolution?
Discover Ideagen’s market-leading Pentana Compliance solution and how it can help to protect your financial services organisation from regulatory risk.