Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
The Widening Scope and
Application of Risk Management
Kath Quayle
www.aicp.im
The widening scope and application of risk management
Presentation by Kath Quayle
Senior Advisory Manager, PwC Isle of Man
7 February 2020
Evolving risk landscape
“[T]here are known knowns; there are things we know we know.
Former United States Secretary of Defence,
Donald Rumsfeld
Evolving risk landscape
We also know there are known unknowns; that is to say we
know there are some things we do not know.
But there are also unknown unknowns –
there are things we do not know we don't know. ”
The widening scope and application of risk management
PwC
PwC
Risk and
response
diagrams
Archibald and
Lichtenberg
“risk is now openly
acknowledged as part
of real management
life”
Rise of
insurance
companies
The Society
of Lloyds in
London
Marine
insurance
Advent of
project risk
management
Project management
literature
around risk
identification, estimation
and response
BP - risk
quantification
and modelling
using probability
distributions
Influence
diagrams
combined with
probability
theory -
systems
dynamics
Questionnaires
and checklists
Underlying
knowledge
based systems
Project risk
management
software
typically used
as an analysis
tool
Risk quantification
and modelling to
promote
communication
and response
planning teamwork
No longer simply for
analysis
18th century 1970s 1980s 1990s
Regulatory
compliance
Evolution of risk management to the end of the 1990s
PwC
The widening scope and application of risk management
PwC
Advanced
analytics and
decision
automation
ERM Integrated
Framework -
COSO
Contractual
risk transfer
Sarbanes
Oxley
ERM more
widespread
Risk culture Risk
evaluation
models
Risk
registers
Multi-
jurisdictional
integration
Enhanced
analytics
2000s 2010s 2020 and beyond?
CRO
Macro-
economic
stress
testing
AI
Emerging
risks
The future of risk
management in the digital era
Annual risk
budget
allocation to
digitising risk
management
Digital
channels
present new
kinds of risk
Non-
traditional
sources of
information
Up-to-date
knowledge of
analytics and
next generation
technologies
Robotic
Process
Automation
Evolution of risk management 2000 and beyond
PwC
The widening scope and application of risk management
Drivers behind the evolution
PwC
The widening scope and application of risk management
What is driving the evolution?
Dynamic risk landscape
“Big data” - sheer explosion of data
AI and robotics
Globalisation - broadening collaboration and
dialogue among a diverse group of
stakeholders
Emerging risks including social, environmental
and economic strainThe widening scope and application of risk management
PwC
Digital channels
Challenges facing the risk function
PwC
Developing Rationalisation Developed
Strategy and mandate
Framework and governance
Risk awareness and culture
Talent management
Process and technology
Organisational design
Risk functions are at different levels of maturity across the six dimensions of the
operating model, with the majority of firms in the Rationalisation phase
Source: PwC’s 22nd Annual Asset and Wealth Management CEO Survey
3,200 interviews with CEOs in more than 90 territories
The risk function is evolving and has a number of challenges to address
The widening scope and application of risk management
PwC
PwC
- Lack of maturity of first-line controls
73%
27%
55%
of risk and control frameworks
inconsistent across business units
indicated that risk culture is fully embedded
across the business
identified technology and data skills as
key gaps in their risk resources
- Deficiencies in management information
- Technology infrastructure comprises multiple legacy systems and disparate data sets
- Embedding and measuring appropriate culture in the firm
- Skills gaps are evident in data, technology and change management
11
7 February 2020
Key internal challenges
The widening scope and application of risk management
PwC
PwC
62% of
respondents felt
that their risk
registers weren’t
sufficiently
connected *
Isolated and
disparate
risks
Not part of,
or infused
into, the
whole
business
Responsibility
of few, rather
than many
Lack of
ownership
among the
body of staff for
delivering risk
insight and
assessment* 2019 World Economic Forum,
Global Risk Landscape Report
The widening scope and application of risk management
What we see in practice
Other challenges - emerging risks
PwC
1. Unclear or changing framework conditions
2. Even basic information, which would help adequately assess the frequency and severity of a given risk, is often lacking
3. Usually as yet unquantified
4. Most not yet fully understood or researched
5. Could lead to surprises or shocks
New Existing Dynamic LatentOther challenges -emerging risks
Consideration of
emerging risks is
important - It is a real
risk management
discipline
The widening scope and application of risk management
PwC
PwC
cyber security threat, artificial intelligence (AI), nanotechnology, genetic engineering, growing
integration and interaction of digital systems, blockchain, new waves of automation, robotics,
producers and consumers are making faster decisions, disruption to traditional market leaders
and business models, digitisation, data regulation, quantum technology, 3D and 4D printing,
drones, the “Internet of Things”, macro-economic factors, globalisation, de-globalisation trends,
fragmented value chains throughout the entire world, decline in multilateralism, rise in populism,
risk of dividing into US and China-led blocs, deregulation, competitor activity, corruption and
fraud, currency wars, free market obstruction, high unemployment, market complexity, market
crash, international bond default, derivate market meltdown, reinsurance counterparty failures,
sovereign default, systemic risk of collapse, trade wars, global depression, downgraded credit
ratings, societal change, societal pressure, reputation vulnerability, preferences shifting under the
influence of social media and trending news, pandemic, population growth, pollution, mobile
phone radiation, food additives, overpopulation, space debris, stress related disease, terrorism,
cyber hactivism, training needs, regulatory developments, political change, geopolitical instability,
fragmented political landscape, legal reform, world war III, political risk, civil unrest, climate
change, biodiversity loss, environmental degradation, fracking, natural disaster, famine, rising
sea levels, access to raw materials, food insecurity, carbon emissions, rising oil prices, supply
chain security, Liability regime in environment and human health area, access to talent, legal
liability, computer security breaches, privacy breaches, cyber theft, cyber espionage and cyber
spying, cyber extortion, cyber terrorism, business continuity/supply chain disruption, connectivity
PwC
Emerging risksInterrelated and interconnectedSource: 2019 AXA-Eurasia Group Future Risks Report
Cybersecurity
Climate change
Geopolitical
instability
Social
discontent
and local
conflict
Macro
economic
risk
New
threats
to
security
Natural
resource
depletion
Pandemic
Pollution
AI and Big
Data
The widening scope and application of risk management
PwC
PwC
Emerging risk evaluation
The widening scope and application of risk management
PwC
Scenario planning
Tool to discuss plausible future outcomes as a basis
for risk dialogue, developing risk mitigation measures
and identifying business opportunities
Hypothetical scenarios + risk appetite + risk response
Some governance related stress testing requirements in place for
banks and building societies
Regulatory
requirements and
market best
practice
Internal business
and
risk analysis
perspective
Which risks
to test?
+
PwC
Those risks which are potentially…
• Disruptive to company plans
• Disastrous to earnings expectations
• Ruinous to company continuation
Emerging Risks with expected high velocity
• Monitoring may be less effective
• Concentrate on action plans
Emerging Risks with lower velocity
• May be able to identify KRIs that give good warning
• Allow time to recognise emergence and adapt
Post evaluation monitoring
Beware resistance to advance actions:
“Let’s put this off until it becomes clearer that we need it”The widening scope and application of risk management
PwC
Risk response:Risk transfer and collaborative risk mitigation
PwC
The rise of risk transfer and collaboration
Why
• Inability to completely eliminate risks through preventive controls
• Business continuity and more predictable performance
• “Mega-events” like climate change, political unrest, terrorism and cyber attacks
Caution
• Clear and stringent risk sharing clauses in partner contracts
• Potential for conflict, litigation, and disputes over risk sharing agreements
• How to determine the appropriate insurance premium for various risks?
• “Over insurance” or insuring non critical areas
Ascending tools
The widening scope and application of risk management
PwC
Commercial third
party insurance
Risk sharing
agreements
Captive in-house
insurance
Fixed price
contracts
Catastrophe
bonds
Market wide pooling of
otherwise uninsurable
risksNovel financial
instruments that
transfer and monetise
risk
Removal of warranties and/or guarantees
PwC
Where are these trends already in place?
Cyber insurance market
Organisations providing objective, data driven
ratings of a subject’s security performance through
continuous monitoring
Captive insurance market
Medical device manufacture
Risk sharing agreements with hospitals to take on
performance based financial risk for their product
Post 9/11 airport security
Industry wide collaboration
Realignment of operations in supply chain to be
more environmentally friendly
Walmart’s “Going Green” initiativeThe widening scope and application of risk management
PwC
Case studies
PwC
Business
unit risk
registers
Standardised
risk
processes
and tools
Standard
risk
language
Compare and
consolidate risk registers
at an organisational level
to gain a better
understanding of the
overall risk profile
Overarching focus on improving risk management capabilities across the business and
supporting business units to feed into the process
Innocent Drinks - a move towards a more joined up way of thinking about risk
The widening scope and application of risk management
PwC
PwC
Treasury
related risk
focus with a
clear
understanding
of how those
risks interact
with each
other
Continuous
feed
Analytic and
measurement
framework that
considers the
firm in its entirety
Management framework and policies that cover all firm activities and cross notional barriers
Vita Group’s holistic approach
All relevant
risks are captured
and all the
interdependencies
are adequately
understood
Liquidity
Insurance
Credit Pension
Counterparty
FXInterest
rate
Re-
financing
The widening scope and application of risk management
PwC
PwC
Internal dialogue among
experienced and knowledgeable
employees
Dedicated intranet dialogue platform
Automated web
analysis
Crowd sourced signal
detection
Post and discuss risk
notions
Dedicated emerging risk management team to moderate, collate and review
The widening scope and application of risk management
Swiss Re’s SONAR approach
Where risk
trends already
known or their
context is well
understood
Automated
web
technology
for monitoring
and analysis
PwC
Swiss Re’s SONAR approach
• Overcome blind spots• Foster risk awareness • Support risk assessment and mitigation • Reduce surprises• Seize opportunities
Multi source
Collaborative
Facilitates a broad, diverse and
robust dialogue around risk
notions
Single platform
Benefits
In conclusion
PwC
1
2
3
4
Establish an
understanding of the
wider organisational
strategy Promote crowd
sourced dialogue
around riskDevelop a business
case for change -
think agile, not large
multi-year
implementations
Create and execute
your roadmap, linking
in with other initiatives
across the organisationThe widening scope and application of risk management
Key take-aways
PwC
Closing thoughts
“If you don't invest in risk management, it doesn't matter what business you're in, it's a risky business.”
Gary Cohn
American economist, philanthropist,
and venture capital investor
The widening scope and application of risk management
pwc.com/im
Thank you
© 2020 PricewaterhouseCoopers LLC, an Isle of Man limited liability company. All rights reserved. PwC refers to the Isle of Man member firm, and may sometimes refer
to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This publication has been prepared for general
guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining
specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this
publication, and, to the extent permitted by law, PricewaterhouseCoopers LLC, its members, employees and agents do not accept or assume any liability, responsibility
or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision
based on it. Not for further distribution without the permission of PwC.