In an uncertain climate where risk is rife, the call for a more holistic approach to risk management has never been greater.
Despite new risks having emerged amid the volatile global environment, existing risks such as cybercrime and climate change haven’t gone away. Compounding this are new regulations on the horizon, such as those recommended in the Brydon Review in the U.K., where it’s likely we’ll see increased scrutiny over risk management, compliance and internal controls in the coming months.
The rapid pace of change in the past year has undoubtedly created significant short-term challenges for organizations worldwide, but only now are the long-term consequences beginning to manifest themselves.
Arguably, Covid-19 has highlighted deficiencies in risk management that otherwise might never have been brought to light. What’s clear is that those who have taken a more dynamic and frequent approach to their risk practices have been better able to future-proof their business and tackle the ongoing turbulence initiated by the pandemic.
Here are some ways organizations can enhance their performance in four of today’s key risk areas, while maintaining rigorous compliance and agility:
As innovation rises, so too do risks. Yet conversely, the risk of not innovating can be just as high. This places a considerable onus on risk managers to help their organizations strike the right balance between risk and reward.
Due to the nature of innovation, propositions are often in a constant state of development, rendering point-in-time engagement from risk executives impractical. For risk management to be effective, it must be embedded throughout the development process, with continuous interaction between risk and innovation teams. Furthermore, risk controls should be an integral part of product design, especially in the face of regulations such as GDPR, which maintains “privacy by design” as one of its leading principles.
Innovation risks undoubtedly alter the risk profile of an organization and potentially fuel other technology-related risks such as cybercrime and fraud—creating another strong case for implementing new risk controls and a wider discipline of digital conduct.
One prime example of innovation risk managed well is offered by e-commerce giant JD.com, whose radical advances in mitigation technology and robotics have increased the retailer’s stock price by 97% in the past year.
At the same time that organizations are expanding their digital footprints, cyber threats are growing exponentially in their sophistication. Although this has largely made traditional risk management frameworks unworkable, a data-driven approach can help businesses to better quantify cyber risk and sense check their cyber-response capabilities.
Data can be derived from multiple sources including audit findings, threat intelligence tools, asset life cycles and defect management to help build a real-time picture of risk, while providing key insights to the security team and senior leaders for more informed decision-making.
That said, a cyber-risk framework is only as good as an organization’s first line of defense: its valued employees. An all-hands-on-deck style is the surest way to instill a culture of cybersecurity accountability at all levels of the business, supported through training courses and robust policies to raise awareness of today’s ever-evolving cyber risks.
By identifying and addressing vulnerabilities before they become an issue, risk professionals can reduce the likelihood of their organization being a sitting target and thus protect their end clients as they continue their digitalization journey.
Rising expectations from stakeholders in recent years have indicated that high environmental, social and governance (ESG) performance can lead to improved profitability and business opportunities.
Microsoft is one such case in point, becoming the first company in its sector to target a “carbon negative” status by 2030. Since creating a $1 billion fund to reduce emissions and carbon usage, Microsoft received the highest ESG rating (AAA) from MSCI ESG Research in 2019.
A failure to incorporate ESG—covering a wide set of issues—into enterprise risk management practices could see businesses lagging behind their peers, particularly if they do not make the connection between ESG and materiality.
While laws and regulations mandating disclosure are a key driver for putting forth a robust ESG strategy, businesses should adopt an approach that transcends simply meeting compliance requirements. A critical starting point is to develop a purposeful culture around ESG that is exemplified at the top and instilled throughout the organization.
Board oversight is also crucial to the effective integration of ESG risk management and subsequent long-term sustainability. Senior leaders should work closely with risk teams to monitor ESG performance against the company’s goals, making activities such as megatrend analysis, media monitoring and regular ESG materiality assessments a core part of the wider ERM framework.
Continue Reading About risk management
With the regulatory landscape changing rapidly, businesses that rely on antiquated, reactive ways of managing compliance risks could open themselves up to a host of negative repercussions, from both a financial and reputational standpoint.
However, an integrated compliance framework facilitated by technology can not only enable companies to be more risk-intelligent, but can also help keep compliance standards in check, ensuring that policies are adhered to at all levels of the organization.
Coupled with a best-practice strategy for managing regulatory compliance risk, today’s advances in automation and regtech can provide a 360-degree view of compliance while delivering meaningful insights and highlighting gaps in processes or deviation from policy.
Moreover, as authorities place increased focus on the quality and completeness of regulatory data, businesses will need to show that they have systematic controls and tools in place to provide accurate regulatory and compliance reporting. By putting transparency at the heart of regulatory risk management through digital means, organizations can have the confidence that their regulatory obligations are being met, mitigating the chance of them falling afoul of noncompliance.
With a focus on high-level risks as well as the more granular impact of risk across the board, businesses will not only benefit from a competitive advantage in future, but also greater resilience and compliance in times of extreme disruption. Are you ready for a risk management revolution?
Discover Ideagen’s market-leading Pentana Compliance solution and how it can help to protect your financial services organization from regulatory risk.
Gordon McKeown, Head of ARC Product, Ideagen