IRM experts look to the year ahead and make 2017 risk predictions
Political risk, cybersecurity, bribery and oil price and financial markets fluctuations are among chief concerns for businesses voiced by some of the UK’s leading risk experts as they look ahead to 2017.
Nicola Crawford, CFIRM, Chair of the Institute of Risk Management says:
“2017 is undoubtedly the year where political risk on the global scale will be one to watch, the effect on markets is unknown with the City of London and the wider stage braced for a hard Brexit and also the fall out of changes to American and European political leadership.
Enterprise Risk Management has never been higher on the agenda; organisations need to ensure that risk in the boardroom is taken seriously to ensure organisational success and longevity.
Factors in both the micro and macro environment should be constantly scanned against a company’s risk register, business continuity plans tested and stress tests conducted – reputational risk is also a major factor and examples of how not to manage this have been widely reported in the media.
Disruptive business models, the Internet of Things and the impact of a more connected world will all be factors changing the way we work. Although these are exciting times, the role of the risk manager has never been more important, with many opportunities and challenges for business.
We as an institute are placed to provide the latest in thought leadership, training and qualifications to develop organisations in any sector globally to be risk ready and I invite you to read on to find out more about the risks facing us across the globe”.
The Global Economy continues to be a risk for a number of reasons including oil prices, Brexit, possible Grexit and a slowdown of the BRICS (Brazil, Russia, India & China) economies as Alexander Larsen, FIRM, President of Baldwin Global Risk Services Ltd explains below:
Whilst oil companies have restructured their businesses in line with sub $50 oil prices, many countries that are reliant on oil as a major part of their GDP could face major economic crisis and social unrest. The economic as well as political impact could spill over into neighbouring countries. This could potentially have a detrimental effect on the global economy. It is not all doom and gloom however. Oil prices seem to have stabilized around the $45-$50 mark for the last six months and with oil companies having adapted to this new reality, any increase in the price will see major profits and investment in new projects. Even without an increase in price there is opportunity to be found, with oil companies already investing in renewable energy, they may invest even more heavily into it.
Brexit is a major uncertainty that could potentially contribute to damaging of an already struggling EU economy and a British economy that was one of the best performing in the EU. The pound has already been weakened against the dollar and some currency experts predict that it could even reach parity. Both a devalued pound as well as potential EU barriers to trade, could have a serious impact on manufacturers importing parts from abroad. It’s not just British companies who may be at risk however, as any foreign companies selling goods in the UK may find the weak pound hitting their sales. This could lead to an increase of prices, having a negative effect on consumers in the UK or could even lead to companies pulling out of the UK and relocating to other parts of the EU.
Whilst there are many risks involved with Brexit, there will inevitably also be many opportunities. A weakened pound would increase exports and encourage British companies with foreign suppliers to innovate or seek local suppliers in order to reduce costs.
Cyber Risk has been a growing threat in the last few years and it doesn’t look like 2017 will be any different. A recent report claimed that the risk in 2016 was four times higher than in 2015. Indeed, with technological advances allowing us to take further steps towards a cashless society, companies moving towards a paper free business model (one recently completed hospital in Qatar is virtually paperless), and goods such as cars, fridges, televisions and the home moving to complete automation or controlled by phone, there is more for hackers to target than ever before.
In October, Twitter, PayPal, Netflix and Spotify were all downed by a major cyber-attack, whilst an attack on Yahoo that saw the theft of 500 million users credentials occurred in 2014 but was only reported this year. These attacks cause downtime, share price drops and reputational damage. Worse still if user’s credit card details are stolen and used. This increase in risk has prompted the UK to launch a 1.9 billion GBP national cybersecurity strategy. Additionally, The FBI has started issuing warnings to organisations of the increase of cybercrimes including their concerns for the recent outcome of the US presidential election.
Some organisations are already spending up to 500 million dollars on cyber security whilst organisations such as Bank of America have stated their budget is unlimited when it comes to fighting cybercrime. These attacks will keep coming however, and now more than ever, organisations need a strong business continuity plan that includes media management .
Paul May, Chairman Concordia Consultancy Ltd, FIRM
The increasing trend of damage and interruption by flood waters is a dead cert rather than a possibility for the UK and many locations in countries around the world.
In the UK alone, four out of five of the wettest years on record have occurred since the year 2000. Insured losses in the UK have been in the region of £5 billion, and there will have been significant uninsured losses. There seems little likelihood that the cost of flood will reduce.
Also likely is that many organisations – big and small - will fail to fully prepare for flood damage whether to their own premises or their suppliers and customers.
Such preparations could include: pre-nominated restoration contractors; amended purchase and sales contracts; life-saving equipment at premises; alternate premises and logistics plans pre-agreed; and even water craft such as inflatable dinghies on hand at the premises with suitably trained staff. Many organisations have effective fire drills, often supported by internal fire marshals and fire-fighters. Extending those procedures and teams to be dedicated “flood responders” may receive a little more consideration within the risk community.
Assessment of exposure and flood damages by drone and satellite observation will increase. Most organisations with factories will actively consider having their own drone for ease of inspection. Use of such technology to record the condition of property before a flood incident can greatly increase the speed of claim settlement.
Organisations will probably not invest as much as they should in flood alterations such as threshold protections, pre-installed pumps and hoses, sandbags or staff.
Engineering / Infrastructure Risks
Derek Salkeld, FIRM, Senior Analyst, DS+A Ltd
My prediction for risk management in 2017 as it applies to engineering, and in particular to projects based on engineering such as infrastructure and product development, is that distinct qualitative and quantitative risk management practices will emerge and then diverge.
Like the way innovations sometimes become commodified, the qualitative side of risk management will become a general technique project managers and engineers will carry out themselves, and no longer something they will hire a specialist to do. If the data sets become large and the databases complex then they may hire clerical support but qualitative risk management will become and remain a skill of the project manager and the engineer.
I think it will be different on the quantitative side. Risk managers with quants skills will be hired by project funders and developers, perhaps before the project manager and engineer has even been appointed. They will be hired to describe and to enumerate the exposure of a proposed development to risk, and to propose how it should be managed, in a way that informs the investment decision. This will remain a job for an RM specialist. A consequence of this will be that the practice of quantified risk management will be started earlier in the development cycle, where it will become an important component of a business case.
Alyson Pepperill CFIRM ACII, Client Projects Director for Arthur J Gallagher and Chair of the IRM Charities Special Interest Group talks about risk and how she thinks it will affect the third sector
Fundraising will remain as a major concern and risk area. Charities are working through their responses following revised regulation and a new regulator (that the sector now has to pay for!). The impact of the changes will be felt throughout 2017 but many are predicting falling income from fundraising and the need to fundraise differently. This will result in new and different risks being identified, evaluated, assessed and managed.
Part of the new regulatory regime for fundraising but a risk that goes far beyond just this one aspect is information governance and cyber security. With the General Data Protection Regulation (GDPR) coming in 2018 and the ICO devoting time to provide guidance specific to charities this must be a key risk theme for 2017. Some suppliers have pointed out that the required information governance is impossible for many charities to comply with in view of the various and non-connecting CRM databases in general use so this area may require capital expenditure that will detract from delivering the charity’s mission.
Regulation generally and compliance will be a larger theme for 2017 that will go beyond both of the first two areas and include duty of care, health & safety, safeguarding amongst others. Trustees will need to be playing a more active role in challenging organisations and how they comply with legislation and regulation.
Supply Chain Risk
Carolyn Williams, Director Corporate Relations, IRM discusses supply chain risk.
According to the Risk Index produced by the Chartered Institute of Purchasing and Supply together with Dun & Bradstreet, the level of risk faced by global supply chains is moving rapidly upwards as we enter 2017. Firms have long been conscious of the need to manage their supply chains to ensure continuity and efficiency, but recent years have seen two significant shifts.
First the trends towards globalisation, outsourcing, offshoring and specialisation have introduced an additional degree of complexity and uncertainty to supply networks. And secondly, widespread adoption of social media and rapid means of communication mean that reputation is constantly exposed. One recent tweet by Donald Trump, questioning the cost of the US F-35 fighter jet project, knocked more than £4 billion in one day off the value of the three defence companies concerned, including BAe Systems. Organisations are increasingly called to public account for their decision-making, which includes the behaviour of those with whom they choose to do business, directly or indirectly. All organisations need to be alert to issues of supplier viability, robust contracts, disruption from natural catastrophes, fraud, bribery and corruption, slavery and working conditions.
The recent disintegration of the political consensus in respect of globalisation and trade introduces even more instability. In Western Europe we will probably wait for some time for clarity on post-Brexit trade arrangements and there is clear potential for further destabilisation of the EU customs union. Companies with significant international business will need to keep a close watch on trading arrangements and exchange rates, regularly constructing and analysing a range of possible scenarios, which must also include opportunities.
The first step towards managing these risks is understanding them. We would expect to see a rising interest in mapping, quantifying and modelling risk exposures beyond simple supply chains to the complex extended enterprises that deliver goods and services across the world today.
Psychology and Human Risk
Geoff Trickey, Affiliate member of the IRM, is Managing Director of Psychological Consultancy Ltd and a Chartered Psychologist. He sums up by talking about the impact of psychology and human risk.
‘'In this world nothing can be said to be certain, except death and taxes” - a widely cited sentiment originally accredited to Daniel Defoe. If further confirmation on this point is needed, ask Michael Fish, Sir Mark Walport, the Government Chief Scientific Adviser, or see the Financial Times article informing us that “The record of failure to predict recessions is virtually unblemished.”
Estimating the probability of a risk is one thing; predicting exactly when that risky event will happen is a very different matter. The best we can do is to reduce those probabilities and be well prepared. In 2017, when the political and economic landscapes are as uncertain as ever, the need to prepare is critical.
Perhaps surprisingly, one of the most predictable factors in the risk equation is the risk dispositions of the people involved. These dispositions tend to be stable over time and have a pervasive influence on behaviour. Whether contributing to risk identification, risk prevention or dealing with the aftermath of a disaster, the personalities of those in a position to impact events will be crucial.
Risk disposition is not something that can be measured on a simplistic linear scale from extremes of risk aversion and risk taking. More than 20 facets of personality make their contribution to the complex mosaic that defines your position on a spectrum of risk types that reflects both emotional and cognitive factors. By assessing individuals’ risk dispositions, organisations can ensure they put the right people in the right place to prepare for and respond to the unavoidable and unpredictable.
We also asked our international members for their views:
Cyber Risk growing in the Asia Pacific Region
Saman Bandara, Head of Insurance, and Forensic Consulting Practice (Vietnam,Cambodia and Laos)
In the wake of recent cyber-attacks on financial services companies around the region, cyber risk is going to be a major risk topic that going to catch the attention of the news headlines in the year 2017. This has become a very serious threat to the financial services industry and it will have a serious impact on the confidence in the financial services sector.
Currently everyone in the financial services sector is talking about going digital (digital banking/ digital insurance) to conquer the completion, bring about customer satisfaction etc., etc.; however, only a handful of companies pay enough attention to increasing Cyber risk threats consequent to going digital or excessive penetration in digital space without realizing the risk of going digital. Financial services companies may need to consider cyber risk as one of their top five risks in the coming year that they have to carefully manage. Companies, whether or not they like it, will need to have stringent mechanisms to manage cyber risks in the coming year.
Secondly; there have been global events during the year 2016 where political leadership of some nations have occupied by leaders who do not seem to appreciate the significance and the seriousness of the level of cyber risk facing the world today. These and other serious cyber incidences that have unfolded during the year 2016 will set the tone for 2017 which is going to make risk management professionals busy during the coming year 2017.
Africa: The emergence of social vs. economic risk exposures
Joachim A Adenusi MSc CFIRM, Founding Partner – Inspirational Risk (UK)
2016 will be as recorded a very dramatic year in history, where the impossible became the norm. African countries now have access to the internet with the exponential growth of mobile social media. Young and upcoming Africans now have access to Facebook, twitter LinkedIn, etc. and are able to get instant breaking news around the globe within seconds and minutes. They have seen what happened in the UK (the Brexit), they have watched the impossible move by Donald Trump (Brexit ++) and they are watching the demands from the electorate to see what is done by the governments.
The African population is significant, and with growing levels of poverty and inequality, I too predict that 2017 will see the beginning of the fight against established ways of doing things which has subjected a large number of Africans to abject poverty. I believe we could see a new set of strong leaders emerging without previous political experience. Emerging entrepreneurs who are tired of the way the government is run today daring to challenge the status quo in more democratic and intelligent ways using social media.
I believe social risks must be managed effectively in order to solve the current economic crisis. The demand for equality, transparency and public accountability will begin to emerge and if resisted, could lead to multiple political instabilities in the region. If African leaders can begin to address some of these socials issues, I believe the continent will begin to see exceptional rapid growth all round.
Ian Livsey, Chief Executive of the IRM summarises:
“2017 brings its own particular risks with Brexit, political change, cybercrime / security and financial risk. Risk is embedded in all facets of our lives and organisational risk is no different – the nature of risk is changing as is evident by today’s macro and micro environments. Risk in inherent in everyday lives and it is fascinating to see just how far this reaches across industries around the world”.