The risk landscape is constantly changing, and risk and compliance managers always need to have a pulse on what’s happening. Understanding macro trends and where your industry and organization fits will help you prioritize your efforts on the risks with the greatest potential impact on your company.
As we head into 2020, here are five questions for risk and compliance leaders to consider:
1. What type of risks will the uncertainty surrounding the 2020 Presidential election create?
Election-year jitters are setting in, and flip-flopping outlooks of a potential economic slowdown have many organizations on edge. Election risk comes in two stages: initial uncertainty and longtail change. In the short term, risk and compliance managers need to consider possible capital expenditure reductions, hiring stalls, and fluctuations in consumer confidence or credit markets. Beyond 2020, risks related to economic and regulatory changes – increasing tariffs through changing international trade, radical restructuring of the healthcare industry, federal approaches to corporate taxes, or operational and regulatory changes related to climate change – should be top of mind.
Preparation starts with an enterprise risk management strategy. Linking the organization’s critical success factors to key risk drivers and preparing quantified views of different outcomes in a what-if fashion, enables you to project both the initial impact and longtail effect of the decisions you make.
2. Will the lens on reputational risks and consumer trust magnify?
Drivers of reputational risks are steadily shifting. While data privacy and security remain top of mind, ethics, integrity, and product and service quality are growing in importance. 2019 was a record year for CEO exits due to ethical departures from investor values. Amazon’s first-time 10K warning to investors about the risk of counterfeit goods in its supply chain was telling about the business impact of consumer trust. Companies and executives are increasingly being held accountable in the court of public opinion for reputational events – whether personal or professional – related to regulatory compliance, employee or executive misconduct, third-party activities, competitive attacks, notable hazards, catastrophes, and more.
Brand inauthenticity is starting to get the same level of scrutiny. Organizations that don’t practice what’s in their value statements are increasingly under the microscope. Consumers want to buy from brands that walk the talk – and if brands don’t, they’ll find a company that does. Risk and compliance managers will play a key role in mitigating missteps that impact brand image through establishing a solid foundation of controls, policies, procedures, and more.
Even scarier: beyond traditional counterfeiting, we could also see a rise in compromised electronic products — like connected devices – that get tampered with from a malicious state entity. If a brand falls victim to this, reputation will be the least of your concerns.
3. Will 2020 bring new models for dealing with climate risks?
Climate change was front and center for businesses this year, bringing an increase in property insurance rates, property casualty claims, and carbon footprint costs. With Wall Street incorporating climate resiliency as a new risk metric when evaluating companies, climate risks and business continuity planning will top executive agendas in 2020 and beyond. Risk and compliance managers need to ask what kinds of actions should be prioritized to mitigate climate risk right now, versus long-term structural change to prepare for more drastic changes in five to ten years. They’ll also increasingly need to demonstrate what they’re doing to protect their organizations against environmental risks and make sure they’re addressing underlying problems vs. just reporting on the issues.
A few tips: ditch mono-source mentalities and diversify supply bases outside of high-risk areas. It’s also wise to reconsider the locations of manufacturing plants and distribution centers. When assessing climate-related risks, expand the focus beyond internal operations to the environment in which you operate, and accelerate repeat-event modeling so you can make pragmatic decisions to increase overall resiliency.
4. When will the quantum computing technology war escalate to corporate’s front door?
Growing cyber-warfare will require organizations to increase controls, encryptions, and protection, and dedicate more time and resources to quality controls and validation – especially when it comes to algorithms developed by third parties.
There are also strategic risks that result from industry disruption and quantum leaps in technical innovation. Companies that don’t understand digitization risks within their existing markets, or are slow to adopt new approaches, are behind and exposed.
5. How much information is necessary to drive drive risk assessments, patient outcomes, and operational decisions?
While an enormous number of factors play into patient outcomes – patient demographics, environment, and socioeconomic factors — an obvious driver is the level of medical care the patient receives. Historically, risk management and patient quality operated in parallel, but rarely integrated their mission to protect both patients and the overall organization.
The most advanced risk and compliance functions are expanding the scope and depth of data and analytics to better correlate patient events and sources of patient harm. They’re also integrating employee safety with patient safety and getting more sophisticated when it comes to using quality management and clinical data to drive patient success and outcomes. In 2020, more organizations – especially in healthcare – will accelerate the integration of technology that facilitates communication across departments — risk, quality, and safety — to break down silos and get a more complete picture of what’s happening.
With the lens magnified on reputational risks, watch out for “slow bleeds” that can creep up and cause more damage than worst-case scenarios. Read more thoughts from Riskonnect CEO Jim Wetekamp in Risk & Insurance.
