Businesses have always faced crises. But, just as the nature of business keeps changing and accelerating, the nature of crises keep changing, increasing in pace and complexity.

The global financial crisis of 2008-2009 reflected companies’ difficulties in evaluating credit and financial risk, particularly as such risk related to derivative financial instruments and the counterparties behind complex trades. Many of those concerns have been addressed through recapitalization and regulatory reform, but new risks have continued to emerge, and potential new crises are continually forming just around the corner. And the range of threats continue to extend beyond the traditional focus of financial, credit and liquidity risk.

<<< Start >>>

<<< End >>>

Cyber-crime, for example, was a much lesser concern for many just a decade or so ago. Now it commands the attention and significant investment of every large enterprise, as highly sophisticated groups (sometimes backed by nation-states or organized crime) test the digital defenses of governments, companies, and non-governmental organizations. Successful cyber incursions continue to cause massive operational problems and often cost millions of dollars to remediate.

The exact nature and circumstances of new crises are impossible to predict. As one obvious example, few forecasters had a global pandemic high on their list of major risks for 2020. In the 2020 Global Risk Report sponsored by the World Economic Forum, infectious disease didn’t even make the list of top 10 short-term risks identified by survey respondents or a panel of emerging global social entrepreneurs and leaders. All we really know is that when the next crisis hits, it is very likely to take an unanticipated form.

That doesn’t mean that nothing can be done to prepare for the next crisis; just the opposite, in fact, is true. Effective risk management is about being prepared, not trying to predict. In an era of hyper-change, companies need a new risk mindset and an expanded set of both tools and skills. This calls for a combination of elements including:

  • A strong data foundation. It’s not enough to have access to good data; it’s also essential to be able to organize, access and analyze such data to draw useful insights from it. And for the risk function, it increasingly needs to be focused on the areas of the business that matter most. You cannot try to protect every dimension to the same level.
  • Sensors at the edges. Risk functions can’t wait for centralized operations to process and analyze data; they need to know what’s happening in real or near-real time, in markets around the world and be well connected with the business to move to action rapidly.
  • Awareness of the macroeconomic environment. Everything is interconnected, meaning that events taking place in remote locations can have major implications for companies doing business in the US and other major markets.

Preparation is critical, but it is increasingly important to be able to respond and evolve quickly when threats emerge. This is something that risk functions have been working towards, but the reality is most remain behind the curve. To be effective in this highly interconnected world, change – rapid change – is required. There are three key first steps involved in getting ready for the next set of challenges emerging.

  1. Simplify and automate basic activities. Many risk functions have failed to take advantage of tools such as robotic processing automation (RPA), and analytics which not only make operations more efficient but free up the time of the risk professional to be less reactive to day-to-day issues, and more focused on the risks that matter most. When the next crisis hits, the organization is better prepared to confront and respond to the challenge rather than reacting and having to play catch up.
  2. Add new skills. Risk management is increasingly digital and data driven. Risk management needs employees with skills in areas ranging from data science to visualization to advanced modeling. Employees combining these skills with a strong risk orientation and awareness can significantly enhance the organization’s overall readiness and can supply needed insights when problems appear.
  3. Sharpen the risk focus. Effective risk management starts with defining factors within the risk function’s control and designating assets that should be protected. Within this sphere of control, the risk team can take advantage of modern tools such as data and analytics, and it can collaborate more closely with the business units and with other corporate functions to address real threats.

Technology and skills require investment, and risk management teams can expect some pushback from management concerned about planning for scenarios that may never happen. This is a perpetual problem in crisis planning; we take precautions in case bad things happen, but that doesn’t mean that we want them to happen. Increasingly, however, the data, technology and skills harnessed by risk management teams pay dividends by also identifying new and potentially attractive areas for business growth. The use of analytics in credit risk management, for example, can expose a seam of viable but currently underserved customers for the sales and marketing teams to pursue.

<<< Start >>>

<<< End >>>

Although new technology and new skills are essential, the new risk mindset requires something more. All too often, risk teams have mistaken being busy for being effective, generating reports rather than concentrating on what really matters to the business, to its strategy and to its desired outcomes. The risk function needs the authority (and the accompanying confidence) to ask, “What’s going on here, and why?” when faced with new sets of facts and unexpected new circumstances.

 See more finance insights here and more risk-focused content here.

Steve Culp

Senior Managing Director – Strategy & Consulting

Subscription Center
Subscribe to Business Functions Blog Subscribe to Business Functions Blog