We live in an interconnected world, driven by technology and challenged by both traditional and emerging forms of risks like climate change, pandemic, cyber threats and the growing health-wealth gap. This increased volatility challenges all aspects of our global economy and society. That is why it is an imperative to expand traditional risk management to address classes of risks — long-tailed in nature — that are increasingly relevant but lack comprehensive solutions that address risk mitigation, incident response and compensation for loss.
As part of the Willis Research Network conference, the Emerging Risk hub will be doing this through a 3-question survey looking to gain insight on the emerging risks on your radars, and to populate rich narrative scenarios that draw together and highlight the interconnections between drivers and risks across 4 key trends. These scenarios will be used as the basis of discussion between panel members in the first session of day 3.
The last year has highlighted the exact type of transformative challenges posed by long-tail risks. These risks, once thought rare, are now becoming common and can happen at any moment, with an impact that grows more severe over time. A good risk manager will look at both sides of the coin and often the process of considering emerging risks can be used to explore new futures and build future resilience.
The last year has highlighted the exact type of transformative challenges posed by long-tail risks. These risks, once thought rare, are now becoming common and can happen at any moment, with an impact that grows more severe over time.
In the case of COVID-19, we had evidence that the wolf was already in the herd, if only the shepherd had taken a closer look or heeded warning from the disaster risk community. In November I highlighted a selection of examples from expert institutions warning about the potential of this risk at the FINEX “Beyond the limits - A blueprint for the future” conference:
It’s easy in hindsight, but the risk landscape picture was a little blurry because there are many shepherds, no shortage of wolves out there, or what can sometimes feel like people crying wolf! And yet this pandemic exposed major shortfalls in the preparedness of businesses, organisations and nations around the world. Many turned out to be much less well prepared to deal with the crisis than they should have been and thought they were.
What should bring comfort and spark thinking for 2021 is the number of scenario-based exercises and expert assessments of the global risk landscape that are available to be used as a starting point for those looking to increase their awareness of risks, or to be fed into existing risk analysis to augment thinking.
With no universally accepted definition for emerging risks there are many ways to consider them, and every organisation will have a definition and criteria that supports their thinking. Emerging risks appeared at number 10 in the 2020 Willis Towers Watson ‘Most dangerous risks to insurers’ survey as a category of their own1. In the insurance industry the Chief Risk Officers Forum added three new risks to their 2020 radar map: Digital Misinformation, Plastics and Microplastics, and Skills Shortage and Reskilling2, and within the Emerging Risks hub, a review for an insurance association produced a long list of 90+ emerging risks for members to consider and prioritise. Every organisation will have their own view of risk and opportunities, and ensuring the process is integrated into strategic planning and operational activities will help to stress test those views.
There are plenty of low frequency, high severity risks where planning may be out of date for our current society, their impacts not fully recognised, or there’s a potential for threats compounding each other. It also highlights the need to consider where the pain points are. Cyber attacks, solar storms, and pandemics all result in different kinds of impacts, but the main outcome is business interruption. Cyber Business Continuity Plans tend of focus on picking up the office and moving to a secondary location. And yet, with this pandemic that secondary location was useless with social distancing requirements, and finance directors were compelled to accelerate digital investment to get up and running. The threat of a solar storm could see nationwide power cuts where all devices requiring power and connectivity struggle.
Provision 28 of the UK Corporate Governance Code 2018 requires boards to undertake a “robust assessment of the company’s emerging and principal risks”3. including risks that result in events that may threaten the organisation’s business model, future performance, solvency and reputation. When uncertainty is your only certainty, it is easy to see why investors want to know companies are on the case, and curious about a wide range of areas, and why systems perspectives and the connectivity of risks are also creeping into regulatory requirements.
When uncertainty is your only certainty, it is easy to see why investors want to know companies are on the case, and curious about a wide range of areas, and why systems perspectives and the connectivity of risks are also creeping into regulatory requirements.
Stakeholders want to know you understand the wider risk landscape, and COVID-19 is likely to trigger further interest as financial institutions attempt to gauge resilience and how interconnectivity is being considered, and how organisations intend to build forwards. A good example of this is climate risk, which although well recognised by scientists and regulators as a key risk, has facets that continue to emerge as stakeholders enact and react to change such as the green incentives tied to COVID-19 recovery plans. The direction of travel towards mandatory climate disclosure is becoming ever more apparent. For example, the Financial Conduct Authority’s (FCA) recent commitment to introduce climate disclosure, on a ‘comply or explain’ basis, beginning next year, for UK premium listed firms alongside new regulatory requirements on banks and insurers to assign individual accountability to senior management is particularly notable4. It should also serve as a prompt for firms to look at the maturity of their thinking across their entire programme around other systemic risks – what doesn’t get measured doesn’t get managed, and what doesn’t get managed will end up under the regulatory microscope eventually (if it doesn’t put you out of business first).
Foreseeing trends is often a matter of perspective and sometimes it helps to take a step back and look at challenges with fresh eyes. Decades worth of digital acceleration under COVID-19, shifts in business travel, and the rise of home working will all have changed the landscape in ways that may not yet be apparent.
If you had pandemics on your risk register, was there a scenario comparable to the impacts we’ve seen or a scenario for another risk with similar characteristics? Did it include the escalating tensions between nation states and the competition and shocks to global supply chains, or the need for your CFO to approve the purchase of laptops to facilitate the home office?
…flexibility and building resilience capabilities is essential. It is as much a culture challenge as an operational one – businesses need to be ready for multiple scenarios, and reactive when the exact situation doesn’t unfold as scripted.
This is where flexibility and building resilience capabilities is essential. It is as much a culture challenge as an operational one – businesses need to be ready for multiple scenarios, and reactive when the exact situation doesn’t unfold as scripted. More importantly, how has your risk register changed to account for the new world we find ourselves in? If nothing has changed it is time to dig out this list and put it under the microscope in this new world of the ”new normal” or “never normal” (with a faster pace of change), challenging your own decision making and the connections your brain is making without you even noticing. We tend to use information that comes to mind quickly and easily when making decisions about the future (“availability heuristic”). Certain events and experiences are memorable and will come to mind – even when evidence can counteract them.
This pandemic will set new mental paths, but not all pandemics will be like this one and the past is often not the best guide for the future. The same goes for emerging risks, which is why it is so important to continually stress test thinking and work with diverse groups, outside of your sector and your comfort zone. And cherish the devil’s advocate in the room5.
1 2020: Most dangerous risks to insurers
3 TCFD: coming, ready or not
4 https://foreignpolicy.com/2020/05/06/want-to-avoid-the-next-pandemic-hire-a-devils-advocate/
