The Widening Scope and

Application of Risk Management

Kath Quayle

www.aicp.im

The widening scope and application of risk management

Presentation by Kath Quayle

Senior Advisory Manager, PwC Isle of Man

7 February 2020

Evolving risk landscape

“[T]here are known knowns; there are things we know we know.

Former United States Secretary of Defence,

Donald Rumsfeld

Evolving risk landscape

We also know there are known unknowns; that is to say we

know there are some things we do not know.

But there are also unknown unknowns –

there are things we do not know we don't know. ”

The widening scope and application of risk management

PwC

PwC

Risk and

response

diagrams

Archibald and

Lichtenberg

“risk is now openly

acknowledged as part

of real management

life”

Rise of

insurance

companies

The Society

of Lloyds in

London

Marine

insurance

Advent of

project risk

management

Project management

literature

around risk

identification, estimation

and response

BP - risk

quantification

and modelling

using probability

distributions

Influence

diagrams

combined with

probability

theory -

systems

dynamics

Questionnaires

and checklists

Underlying

knowledge

based systems

Project risk

management

software

typically used

as an analysis

tool

Risk quantification

and modelling to

promote

communication

and response

planning teamwork

No longer simply for

analysis

18th century 1970s 1980s 1990s

Regulatory

compliance

Evolution of risk management to the end of the 1990s

PwC

The widening scope and application of risk management

PwC

Advanced

analytics and

decision

automation

ERM Integrated

Framework -

COSO

Contractual

risk transfer

Sarbanes

Oxley

ERM more

widespread

Risk culture Risk

evaluation

models

Risk

registers

Multi-

jurisdictional

integration

Enhanced

analytics

2000s 2010s 2020 and beyond?

CRO

Macro-

economic

stress

testing

AI

Emerging

risks

The future of risk

management in the digital era

Annual risk

budget

allocation to

digitising risk

management

Digital

channels

present new

kinds of risk

Non-

traditional

sources of

information

Up-to-date

knowledge of

analytics and

next generation

technologies

Robotic

Process

Automation

Evolution of risk management 2000 and beyond

PwC

The widening scope and application of risk management

Drivers behind the evolution

PwC

The widening scope and application of risk management

What is driving the evolution?

Dynamic risk landscape

“Big data” - sheer explosion of data

AI and robotics

Globalisation - broadening collaboration and

dialogue among a diverse group of

stakeholders

Emerging risks including social, environmental

and economic strainThe widening scope and application of risk management

PwC

Digital channels

Challenges facing the risk function

PwC

Developing Rationalisation Developed

Strategy and mandate

Framework and governance

Risk awareness and culture

Talent management

Process and technology

Organisational design

Risk functions are at different levels of maturity across the six dimensions of the

operating model, with the majority of firms in the Rationalisation phase

Source: PwC’s 22nd Annual Asset and Wealth Management CEO Survey

3,200 interviews with CEOs in more than 90 territories

The risk function is evolving and has a number of challenges to address

The widening scope and application of risk management

PwC

PwC

- Lack of maturity of first-line controls

73%

27%

55%

of risk and control frameworks

inconsistent across business units

indicated that risk culture is fully embedded

across the business

identified technology and data skills as

key gaps in their risk resources

- Deficiencies in management information

- Technology infrastructure comprises multiple legacy systems and disparate data sets

- Embedding and measuring appropriate culture in the firm

- Skills gaps are evident in data, technology and change management

11

7 February 2020

Key internal challenges

The widening scope and application of risk management

PwC

PwC

62% of

respondents felt

that their risk

registers weren’t

sufficiently

connected *

Isolated and

disparate

risks

Not part of,

or infused

into, the

whole

business

Responsibility

of few, rather

than many

Lack of

ownership

among the

body of staff for

delivering risk

insight and

assessment* 2019 World Economic Forum,

Global Risk Landscape Report

The widening scope and application of risk management

What we see in practice

Other challenges - emerging risks

PwC

1. Unclear or changing framework conditions

2. Even basic information, which would help adequately assess the frequency and severity of a given risk, is often lacking

3. Usually as yet unquantified

4. Most not yet fully understood or researched

5. Could lead to surprises or shocks

New Existing Dynamic LatentOther challenges -emerging risks

Consideration of

emerging risks is

important - It is a real

risk management

discipline

The widening scope and application of risk management

PwC

PwC

cyber security threat, artificial intelligence (AI), nanotechnology, genetic engineering, growing

integration and interaction of digital systems, blockchain, new waves of automation, robotics,

producers and consumers are making faster decisions, disruption to traditional market leaders

and business models, digitisation, data regulation, quantum technology, 3D and 4D printing,

drones, the “Internet of Things”, macro-economic factors, globalisation, de-globalisation trends,

fragmented value chains throughout the entire world, decline in multilateralism, rise in populism,

risk of dividing into US and China-led blocs, deregulation, competitor activity, corruption and

fraud, currency wars, free market obstruction, high unemployment, market complexity, market

crash, international bond default, derivate market meltdown, reinsurance counterparty failures,

sovereign default, systemic risk of collapse, trade wars, global depression, downgraded credit

ratings, societal change, societal pressure, reputation vulnerability, preferences shifting under the

influence of social media and trending news, pandemic, population growth, pollution, mobile

phone radiation, food additives, overpopulation, space debris, stress related disease, terrorism,

cyber hactivism, training needs, regulatory developments, political change, geopolitical instability,

fragmented political landscape, legal reform, world war III, political risk, civil unrest, climate

change, biodiversity loss, environmental degradation, fracking, natural disaster, famine, rising

sea levels, access to raw materials, food insecurity, carbon emissions, rising oil prices, supply

chain security, Liability regime in environment and human health area, access to talent, legal

liability, computer security breaches, privacy breaches, cyber theft, cyber espionage and cyber

spying, cyber extortion, cyber terrorism, business continuity/supply chain disruption, connectivity

PwC

Emerging risksInterrelated and interconnectedSource: 2019 AXA-Eurasia Group Future Risks Report

Cybersecurity

Climate change

Geopolitical

instability

Social

discontent

and local

conflict

Macro

economic

risk

New

threats

to

security

Natural

resource

depletion

Pandemic

Pollution

AI and Big

Data

The widening scope and application of risk management

PwC

PwC

Emerging risk evaluation

The widening scope and application of risk management

PwC

Scenario planning

Tool to discuss plausible future outcomes as a basis

for risk dialogue, developing risk mitigation measures

and identifying business opportunities

Hypothetical scenarios + risk appetite + risk response

Some governance related stress testing requirements in place for

banks and building societies

Regulatory

requirements and

market best

practice

Internal business

and

risk analysis

perspective

Which risks

to test?

+

PwC

Those risks which are potentially…

• Disruptive to company plans

• Disastrous to earnings expectations

• Ruinous to company continuation

Emerging Risks with expected high velocity

• Monitoring may be less effective

• Concentrate on action plans

Emerging Risks with lower velocity

• May be able to identify KRIs that give good warning

• Allow time to recognise emergence and adapt

Post evaluation monitoring

Beware resistance to advance actions:

“Let’s put this off until it becomes clearer that we need it”The widening scope and application of risk management

PwC

Risk response:Risk transfer and collaborative risk mitigation

PwC

The rise of risk transfer and collaboration

Why

• Inability to completely eliminate risks through preventive controls

• Business continuity and more predictable performance

• “Mega-events” like climate change, political unrest, terrorism and cyber attacks

Caution

• Clear and stringent risk sharing clauses in partner contracts

• Potential for conflict, litigation, and disputes over risk sharing agreements

• How to determine the appropriate insurance premium for various risks?

• “Over insurance” or insuring non critical areas

Ascending tools

The widening scope and application of risk management

PwC

Commercial third

party insurance

Risk sharing

agreements

Captive in-house

insurance

Fixed price

contracts

Catastrophe

bonds

Market wide pooling of

otherwise uninsurable

risksNovel financial

instruments that

transfer and monetise

risk

Removal of warranties and/or guarantees

PwC

Where are these trends already in place?

Cyber insurance market

Organisations providing objective, data driven

ratings of a subject’s security performance through

continuous monitoring

Captive insurance market

Medical device manufacture

Risk sharing agreements with hospitals to take on

performance based financial risk for their product

Post 9/11 airport security

Industry wide collaboration

Realignment of operations in supply chain to be

more environmentally friendly

Walmart’s “Going Green” initiativeThe widening scope and application of risk management

PwC

Case studies

PwC

Business

unit risk

registers

Standardised

risk

processes

and tools

Standard

risk

language

Compare and

consolidate risk registers

at an organisational level

to gain a better

understanding of the

overall risk profile

Overarching focus on improving risk management capabilities across the business and

supporting business units to feed into the process

Innocent Drinks - a move towards a more joined up way of thinking about risk

The widening scope and application of risk management

PwC

PwC

Treasury

related risk

focus with a

clear

understanding

of how those

risks interact

with each

other

Continuous

feed

Analytic and

measurement

framework that

considers the

firm in its entirety

Management framework and policies that cover all firm activities and cross notional barriers

Vita Group’s holistic approach

All relevant

risks are captured

and all the

interdependencies

are adequately

understood

Liquidity

Insurance

Credit Pension

Counterparty

FXInterest

rate

Re-

financing

The widening scope and application of risk management

PwC

PwC

Internal dialogue among

experienced and knowledgeable

employees

Dedicated intranet dialogue platform

Automated web

analysis

Crowd sourced signal

detection

Post and discuss risk

notions

Dedicated emerging risk management team to moderate, collate and review

The widening scope and application of risk management

Swiss Re’s SONAR approach

Where risk

trends already

known or their

context is well

understood

Automated

web

technology

for monitoring

and analysis

PwC

Swiss Re’s SONAR approach

• Overcome blind spots• Foster risk awareness • Support risk assessment and mitigation • Reduce surprises• Seize opportunities

Multi source

Collaborative

Facilitates a broad, diverse and

robust dialogue around risk

notions

Single platform

Benefits

In conclusion

PwC

1

2

3

4

Establish an

understanding of the

wider organisational

strategy Promote crowd

sourced dialogue

around riskDevelop a business

case for change -

think agile, not large

multi-year

implementations

Create and execute

your roadmap, linking

in with other initiatives

across the organisationThe widening scope and application of risk management

Key take-aways

PwC

Closing thoughts

“If you don't invest in risk management, it doesn't matter what business you're in, it's a risky business.”

Gary Cohn

American economist, philanthropist,

and venture capital investor

The widening scope and application of risk management

pwc.com/im

Thank you

© 2020 PricewaterhouseCoopers LLC, an Isle of Man limited liability company. All rights reserved. PwC refers to the Isle of Man member firm, and may sometimes refer

to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This publication has been prepared for general

guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining

specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this

publication, and, to the extent permitted by law, PricewaterhouseCoopers LLC, its members, employees and agents do not accept or assume any liability, responsibility

or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision

based on it. Not for further distribution without the permission of PwC.