Reporting and Governance

For organisations, the scale and scope of risks are changing at an unprecedented pace. This is being driven by the increasing interconnectedness of organisations, as well as rapid disruptions in business models and technology landscapes. By Subharun Mukherjee AVP, Strategic Initiatives, director at MetricStream

While the opportunities for organisations are tremendous, as we enter the fourth industrial revolution there are also many associated risks that lie ahead in 2020, and it is hugely important that organisations are well prepared to tackle them. The following points are the top challenges we have identified that organisations will need to resolve in their governance, risk and compliance (GRC) programmes for the new year and beyond.

Ready for the worst 

Cyber attacks, geopolitical uncertainties and extreme weather events are just some of the many disruptions that are set to intensify over the next year. In 2019, we saw a leading financial services company that was quick to respond to a massive data breach and had alerted law enforcement authorities and fixed the vulnerability swiftly. All these actions in the right succession arguably prevented the breach from turning into a catastrophic disaster for the company. 

Today, operational resilience is high on the radar for the UK’s Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA). As it finds its way to other regulatory agendas around the globe, organisations will need to be ready to prepare for the worst by having strong incident response measures and business continuity programmes, as there is a lot on the line to lose if an organisation does not have one. 

Also, despite all the best efforts, it is almost impossible these days for organisations to be so operationally resilient that they can avoid disruptions altogether. Instead, resilience-building in 2020 should focus less on trying to avoid disruptions and risk and focus more on minimising the impact when they do occur, because they undoubtedly will. 

One way organisations should think about operational resilience is to be flexible, but not break and the more prepared an organisation is to contain the damage and get back on its feet, the better its credibility will be amongst customers, regulators and stakeholders. 

Third-party risks

Almost every business today has some level of third-party involvement, whether we are aware of it or not, and these third parties may have access to highly sensitive data. Although outsourcing certain functions will be the way forward for many organisations in 2020, one challenge everyone should be aware of is that you may be able to outsource the work, but you cannot outsource the risk. 

While a vulnerability may be the result of a third-party company, ultimately the responsibility of the failure will lie with the organisation in the eyes of the regulator, as well as the eyes of the customer and stakeholders.

It is very important that organisations ensure they are monitoring any third-party risk with due diligence processes to meet the highest of standards. The first step organisations need to take is to confirm that there is sufficient visibility across the third-party ecosystem. The more effectively organisations understand how third-parties map to processes, business units, risks, compliance requirements, and controls, the better they can prioritise and direct their risk mitigation investments.

The reputational era

The present business environment is volatile and another key challenge that organisations will need to manage throughout 2020 is, of course, their reputation. In our hyperconnected world where negative news travels swiftly, business decisions and actions will be governed not only by legal or compliance considerations, but also by reputational ones. 

If an organisation makes the news for all the wrong reasons – perhaps due to an unhappy consumer or a disgruntled employee – the reputational repercussions can be enormous, often leaving permanent scars that can be hard for organisations to live down.

Today, customers and stakeholders are looking not just at what an organisation delivers, but how it was delivered. Many questions are asked which include whether the sales practices were unethical, whether customer data was compromised, where suppliers were exploited – the list goes on. 

These questions will continue to surface as organisations expand their focus to intangible assets like trust and reputation where the value of a business will increasingly be found. It will become even more important for organisations in 2020 to be seen to be operating with integrity. The success of business is no longer measured by achievement of sales or performance objectives, but also by conduct, ethics, transparency, and fairness.

The risks identified above are just some of the many potential vulnerabilities that organisations may face in 2020. These challenges can come from anywhere and hit organisations where it hurts most. However, organisations will find it much easier to stay ahead of a disaster if they prioritise having an incident response team that is resilient and better aware of any risks third parties pose and by ensuring they always act with integrity.

This article is free to read, request a no obligation trial access to Global Risk Regulator.