IRM Risk Predictions 2020
Global conflict, bushfires, flooding and political unrest – the Institute of Risk Management asks its senior members what their predictions for 2020 are.
*Please note the view expressed below reflect the individuals rather than their company views.
- Charities and the Third Sector
- Climate change
- Cyber risk
- Financial services
- Nuclear industry
- Supply Chain
- Technology (including cryptocurrency)
Alyson Pepperill, CFIRM chair of the IRM Charities Special Interest Group
Client Projects Director at Arthur J.Gallagher
As the new decade dawns we are at a point where charities as entities set up for public benefit are vital to the UK and global social care and other systems. Challenges in maintaining current levels of public expenditure for such systems and the pace of change do not seem to be slowing; charities are having to innovate and maximise efficiency at the same time as they need to meet increasing demand. Against this backdrop, some are suffering from reduced volunteer numbers, an ongoing squeeze on service contracts, continued scrutiny of regulators and the media. We believe difficult times involving difficult choices will continue throughout 2020.
On the positive side, those who can innovate and have the scale to do so in a compliant manner are likely to survive and even thrive. Smaller charities - being more nimble and perhaps under less under scrutiny from the media - are also probably in a good place. Middle sized charities may struggle; they need to reflect on their core values and perhaps look for mergers or other partners in order to survive and thrive.
The key individual risks charities will be tackling in 2020 – as identified by the SIG team - include raising and/or maintaining high quality safeguarding standards, establishing the right risk culture within the organisation, and tackling emerging risks in a more systemic and less reactionary way. All of this can be summarised as ‘building risk resilience’ and taking an “agile” approach to cope with the ever-changing society around us.
Paul A J May CFIRM, Chairman of Concordia Consultancy Ltd, a member of the IRM Climate Change SIG and a former IRM Board Director
This time last year I started the 2019 predictions with the following:
“Although there is a lot of discussion about the extent and effects of global warming it is likely that neither insurers nor risk managers will commit to research at the level and depth required to reach a clear consensus as to the problem and the short and medium term solutions to protect assets and businesses.”
Before proffering some other predictions, I would like to briefly trace the history of the climate change debate especially with a view to highlighting the extent to which perception is now far more important than the continual need for ever more categoric proof.
Over 30 years ago in July 1988 the New Scientist journal published a paper “The Challenge of Global Change” by M. McElroy a Harvard University Scientist. He brought together some relatively unfamiliar phrases such as:
- Greenhouse gases
- Ozone hole
- Combustion gases from fossil fuels
- Rising ocean levels
- Ice sheet instability
He foresaw the need for an international body with unprecedented power and autonomy to raise tax and transfer resources to reduce the expected consequences of continued global warming.
Two months later, surrounded by World leaders, the British Prime Minister Margaret Thatcher delivered a speech to the Royal Society in London. She referred to the hole in the ozone layer that had recently been discovered by the British Antarctic Survey. Having raised the perception of the problem though, Mrs Thatcher then said “we must ensure that what we do is founded on good science to establish cause and effect”. That is perhaps an understandable statement from a science trained speaker stressing the need for proof.
However, it seems to me that the quest for proof as opposed to accepting the view of perception remains one of the fundamental differences in approach to the issue of climate change today.
The UK recently legislated a net zero carbon emissions target to be achieved by 2050. That is yet another 30 years in the future.
Therefore at least six decades will have passed since the perception of changes in the climate were registered by many scientists and governments. The quest for proof continues and there are some notable politicians who continue to press for proof.
This very slow progress in global recognition, commitment and action might once have been described as taking place at a “glacial pace”. However, with many of our planet’s glacier’s thawing, disintegrating and retreating, this may no longer be an appropriate phrase to use.
The IRM has during this year established a Climate Change Special Interest Group which is in the process of establishing its remit and role within the wider objectives of IRM such as:
- Thought leadership
- Insightful events
The outgoing Governor of the Bank of England, Mark Carney, speaking to the United Nation’s Secretary General’s Climate Action Summit in September this year mentioned:
- Cutting down unsustainable activities
- Accelerate the transition to a low carbon economy
- That providers of capital all need to improve their understanding and management of climate – related financial risks
- A step change in reporting, risk management and return
- Time for every country to get involved
- Insurers and Re-Insurers are on the front line of managing the physical risks from climate change
- Physical risks of climate change are being felt across the globe with a plague of extreme weather events
- The world needs much more investment in infrastructure.
Infrastructure investment has always historically been seen as an important driver of economic growth. However, the production and use of concrete is considered after Transport and Energy Generation to be the third largest producer of man-made CO2…
In many areas the response to climate change now appears to have shifted to acceptance of a real and urgent problem based on perception built upon physical observations such as:
- Increasing temperatures
- Increasing rain intensity
- Increasing hurricane strengths
- Deterioration of glaciers
- Shrinking of ice sheet
- Rising sea levels
- Longer periods of drought
Fossil fuels for some time have been identified and targeted for their negative contribution to the environment. Consumers, some businesses, arts organisations, investors as well as some insurers are increasingly withdrawing support for industries involved with fossil fuels. There is an increasing tendency for a similar approach to be taken towards the aviation industry and the meat, dairy and agricultural industries.
Warren Buffett has heavily invested in the wind turbine industry in the USA. He has bluntly admitted that the investment was not a matter of “doing well by doing good” but because the US government was paying him to do so. This suggests that the “carrot” of government financial support can deliver transfer to renewable energy sources, as compared perhaps to the use of the “stick” suggested by Mark Carney through the proposed “stress testing”.
The balance to be aimed for can perhaps best be seen in Carney’s statement:
“Changes in climate policies, technologies and physical risks in the transition to a net zero world will prompt reassessments of the value of virtually every asset. The financial system will reward companies that adjust and punish those who don’t.”
- Neither insurers nor risk managers will commit to research at the level and depth required to reach a clear consensus as to the problem and the short and medium term solutions to protect assets and businesses.
- The “international body” suggested by M. McElroy in 1988 will not be established.
- The newly formed Climate Change SIG will be inundated with new member applications.
- Extinction Rebellion will decline an invitation to speak to the Climate Change SIG.
- A new commercial stream of “box – ticking” protocols will emerge to deal with the administration of the stress testing exercise.
- Public perception will increasing continue to lead opinion and raise demands for removing the causes of climate change.
- Profit, pragmatism and other practicalities will dampen, deter and delay initiatives by organisations, industry sectors and governments.
- Funding for “carrots” will be inadequate.
- Measurement of “resilience” will assume more importance than the resilience measures themselves.
- Organisations will not, unless obliged by corporate governance and audit changes, give main board director role and responsibilities to a Chief Risk Officer.
- The Climate Change SIG of the Institute of Risk Management will become a leading “thought leader” especially in relation to the risks, and opportunities, from the transition of the UK to a carbon neutral and climate resilient country.
Vinay Shrivastava, CFIRM, Director, UK Infrastructure Risk Management, Turner and Townsend and Non-Executive Director at the Institute of Risk Management
With the recent General Election in the UK, BREXIT can now be treated as a certain outcome and therefore maintain its position as a topical concern for the UK construction industry. The reinstatement of border controls will most certainly impede the free flow of construction materials into the UK and disrupt ‘just in time’ deliveries. Further, already constrained megaproject schedules will have to adopt innovative methods to absorb these delays and maintain expected completion dates. Last year the UK imported close to £5b of construction materials, fixtures and plant from the EU with the most commonly imported items including soft timber, sawn wood, lighting fixtures, boilers, AC units and wiring.
Tied to this issue and potentially of greater concern is the reliance of the UK construction industry on skilled European trade labour. Whilst European trades people already in the UK are protected, BREXIT will likely have an impact on the willingness of those already resident to remain so and will certainly make living in the UK a less attractive proposition for those considering moving to the UK. Approximately 32% of the construction trade jobs in London, for instance, are held by EU citizens. In addition, once the UK exits the EU, there will probably be less market competition for major construction projects. Whilst this may benefit contractors and workers, clients could begin to incur cost premiums due to this environment of reduced competition.
There are potential upsides to BREXIT too. Now that three years of economic uncertainty is nearing an end, it is likely that the newly installed government will turn on the infrastructure spend, especially as it is a prominent manifesto pledge. The Sterling is also, so far, proving the pundits wrong and holding its value against the Euro which means that cost spikes due to, say, sharp increases in the price of imported material are not likely in the short to medium term.
Mark Clegg, SIRM, Director of Safety, Risk & Resilience, NG Bailey
IRM Board member
Cyber risk has established itself as a key feature of risk in the 21st century. In its Global Risks Report for 2019, the World Economic Forum listed cyber-attacks and data theft/fraud in the top five global risks in terms of likelihood. This top five inclusion signified the second year running for those risks and, given the raft of high-profile data breaches during 2019, they look likely to feature highly for the foreseeable future. In addition, to the growing list of legal and regulatory frameworks (GDPR, DPA 2018, NIS, HIPAA, CCPA and many more) for organisations to acknowledge as they define their own cyber risk management strategies, there looks set to be a continued threat of cyber-attacks against organisations of all types.
This remains concerning due to the potential impacts including data loss, availability of IT systems and interruption of operations, all of which have undermined reputations and eroded public confidence. In response, an approach which builds the resilience aspects of cyber risk management, acknowledging the frequently used truism that it’s not whether organisations will suffer an attack, but when has gained acceptance. One UK governmental report in early 2019, examining cyber governance of FTSE 350 companies, highlighted a range of findings including that boards frequently didn’t understand the potential impact of a cyber-attack on their businesses. Further, although incident plans often did exist, they were rarely subjected to rigorous testing. The report highlighted that only ‘around 1 in 5 boards of FTSE 350 businesses have undertaken a crisis simulation on cyber risk’ in the previous 12 months.
Looking forwards, and if recent high-profile incidents are anything to go by, efforts to prepare for, respond to and recover from cyber incidents are of profound importance and are at the heart of business survival and this should serve as a warning to businesses which perceive cyber risk as an issue to be solved by IT departments. It has long-been accepted (if not always implemented) that IT departments cannot manage cyber risk alone; however, building truly cyber resilient organisations requires engagement across the full breadth of our enterprises and at all levels of management. Enhancing education and awareness from the top to the bottom and building ‘muscle memory’ through a range of appropriate training and exercising must be part of cyber risk management strategies for all organisations.
The importance of getting the basics right
When discussing cyber risk, conversations can quickly shift onto exciting and novel concepts such as digital transformation, cloud migration, Internet of Things, Artificial Intelligence, Machine Learning, 5G and so on. As we look forward to 2020 and beyond, such issues are undeniably worthy of our attention and are often seen as both causes of risk as well as methods of help manage risk. However, businesses do still first need to get the basics right; basics, which in turn serve as solid foundations upon which to meet the challenges of such important, contemporary issues. Einstein is often quoted as saying that real genius is about making complex ideas simple. This certainly applies to cyber risk management. It’s often-technical language can be impenetrable to the non-technical which, in turn, can impact on critical conversations regarding the most important element – communicating the actual business risk. Consequently, as we look forwards, we will no doubt see continued focus on new, exciting concepts which will have cyber implications. Yet, in absorbing them into our future plans, one of our most fundamental challenges will be to follow Einstein’s advice in order to translate those complex issues into what they mean to our organisations’ risk profiles.
In summary, the good news is that, against a backdrop of high-profile incidents, increased legal and regulatory frameworks and a growing recognition of cyber risk issues within organisations of all types, the basics have not changed. In a sense, the art of managing cyber risk, comes down to turning what is often seen as a complex range of issues, into a simple, business-oriented plan; a plan which follows the basic tenets of cyber risk management. For its part, the IRM recognises the importance of addressing cyber risk and has long-been engaged in this area. Most recently, with the relaunch of its own Cyber Special Interest Group as well as the IRM’s Digital Risk Management Certificate.
Alex Larsen CFIRM, President/CEO of Baldwin Global Risk Services and Chair of the IRM Energy & Renewables Special Interest Group
The energy sector has seen oil prices stabilise in the last couple of years following the crash and this trend is set to continue in 2020. Oil prices will either stabilise or increase slightly allowing companies to complete the recovery process and continue building on new projects and diversification. Nonetheless, the industry could face a very turbulent year in 2020 with the potential further deterioration of USA/Iran relations and the threat of major conflicts. This could lead to an increase in regional conflicts in a number of places.
These regional conflicts could leave oil companies that are operating in these countries with numerous risks. This may include major security events, mass exodus of staff, increased costs to manage both security as well as staffing levels, and in some cases, a need to abandon projects or leave operational plants as a result of the security situation, profitability or political pressures.
Oil Price Increase
A consequence of an escalation of USA/Iran tensions or regional conflicts would be an increase in oil price. This increase could potentially be drastic. The majority of oil companies will benefit greatly from this having spent the last few years restructuring, cost cutting and increasing efficiencies. Expect profits to soar and a potential ramp up of new projects.
The potential increase in price may also spur the renewable sector, with increased investment activity (as a result of the increased oil prices) by the major oil companies, who may be looking to further diversify into the renewable sector.
The renewable sector may also face a further boost as a result of the devastating forest fires of 2019 in Brazil, Australia, as well as across Europe. Europe has seen a significant increase in both the number of wildfires, hectares of forest damaged, and the length of the forest fire season, and few will be unaware of the devastation across Brazil and Australia that has been reported in the media and shared across social media. These fires could spur new regulation, and in some cases, an acceleration of green energy programs. The fires will also put the oil and gas companies in a more negative light, forcing them to diversify into greener technology in order to improve their image.
Economic Downturn and the risk of Brexit
In the IRM Energy survey, one of the top risks communicated by energy companies was an economic downturn. Whilst the global economies are expected to continue improving, there are still a number of triggers which will be important to follow. Brexit is one of them. The uncertainty of Brexit has been a burden since the vote to leave, and with Boris Johnson and the conservatives securely in power, it is unlikely that anything will stop Brexit. On the one hand this is a major positive. The uncertainty of whether or not Brexit will occur has disappeared, however the threat to the EU economy is now bigger than ever. The loss of the UK as a major trading partner and contributor to the EU, is likely to have an impact to the EU economy, whilst the loss of the EU as a major trading partner to the UK is likely to have an even bigger impact to the UK economy. Whether these economic impacts occur in 2020 or even occur at all, and whether they have a knock-on effect to other economies is yet to be seen.
Darius Mayhew SIRM, Head of Finance Risk, Assurance & Advisory at Direct Line Group speaking on behalf of the IRM Financial Services Special Interest Group
Is there more peace in the Financial Services industry given the results of the December 2019 General Election? The reality is that there will still be some uncertainty in 2020 as the UK parliament tries to finalise the vote on the Brexit Withdrawal Agreement and negotiate a free trade agreement with the European Union. Underpinning these is still the possibility of a no deal Brexit given the ambitious time-scales or a lack of clarity with regards to financial services arrangements as part of a future trade deal. Hence, although there is some respite in the short term, firms will need to continue to monitor any potential risks that arise due to negotiations or lack thereof.
Given the proliferation in the use of digital technologies within certain financial services segments, the sustainability and competitiveness of the business model would be undoubtedly an upside and downside risk related discussion in Boardrooms. The adoption of some of these various technologies were widespread in 2019, such as distributed ledgers and or mobile technology. Implementation is somewhat disjointed especially for larger firms where investment is targeted at particular operations. Larger firms are likely to reflect on the success of these technologies and continue to consider how best to stay competitive with the smaller, newer, and more efficient digital savvy firms. As such, we may see a further embedding of these technologies by looking at end to end processes or applying a Systems Thinking approach to their operations.
It is not unusual to focus on technological or economic factors when thinking about risk factors. However, let’s not forget the people element which could be equally disruptive from a sociological or firm specific perspective. As firms think about their business models, there would undoubtedly be an impact on people and the on-shore / off-shore dynamic. With the move to greater digitisation of the end to end processes or applying a systems thinking approach to operations, firms may have to recruit much more individuals with a different skillset and there is likely to be a continued decrease in the off-shoring presence. In either scenario, you are likely to see an increase in demand for fewer higher skilled roles across economies.
If such a shift becomes more systemic then this can have unexpected impacts on the wider economy which could impact other parts of the financial services sector – this however is equally dependent on the continued appetite of consumers for such developments. After all, we have seen digital savvy challenger banks focussing on face to face interaction as part of their business models. Perhaps these firms are seeing a consumer shift in wanting this more personalised approach combined with the tools that allow 24-hour banking capability. This differentiation can cause competitive issues for the larger players which are reducing their human interfaces.
In the 2020 US Federal supervisory priorities, the Federal Reserve Board and the Office of Controller of the Currency both highlight operational risk as threats to the safety and soundness of the financial system. This is not dis-similar to the UK’s regulatory approach given the recent consultations from the Prudential Regulation Authority and Financial Conduct Authority. A key consideration for financial services firms in 2020 is how they can effectively demonstrate resilience given potential changes to business models, increasing complex digitisation, cyber security threats, and reliance on third parties including the continued move to concentrated cloud providers.
AI in particular will continue to become more sophisticated and firms are likely to place even more reliance on the algorithms. As regulators become more up to speed which such technologies, there is likely to be an increase in scrutiny in these areas. As the regulators increase scrutiny, firms may struggle to demonstrate how their technology may or may not be working to the benefit of the consumer. This is particularly the case given the privacy agenda, the debates that we have seen in relation to bias, and the discussions around how you can teach ethics to AI.
In summary, there is unlikely to be any significant disruptions in 2020 but the continued evolution of the existing digital agenda and the philosophical questions that this raises in terms of the people element. Firms will continue to be slightly cautious given the continuing uncertainty but may take bigger risks around digital implementation to sustain their business models and reduce cost while balancing their resilience given the cyber security landscape in order to maintain customer outcomes.
Steve Treece, CFIRM
Head of Corporate Risk, Corporate Portfolio Office, NHS Digital
The health sector faces manifold risks and opportunities in 2020. As a headline, the sector is undergoing huge but essential transformation whilst managing enormous operational pressures, recovering from large financial deficits and addressing major performance difficulties.
Continually rising demand for health care, arising largely from advances in medical science and an ageing population, requires the sector to change its direction of travel. The sector is adopting a range of measures to meet future needs, including new models of care; increased system working; establishing parity of esteem between mental and physical health; and moving care out of hospital, closer to the community.
In the NHS the required changes are underpinned by the Long Term Plan, which provides for the first time, as the name suggests, a long term strategic direction. The objectives are ambitious and implementation will require time and clear prioritisation, headlines are:
- More focus on prevention;
- Increased investment in mental health;
- Improved outcomes for children and in specific disease groups: cancer, diabetes, cardiovascular, respiratory, stroke and mental health;
- Growing the workforce;
- Mainstreaming digital access to care;
- Balancing the books and delivering efficiencies; and
- Rolling out Integrated Care Systems across the country by 2021.
Successful implementation has several critical dependencies and gaps, including:
- Delivering a sustainable solution for social care, where a promised green paper is still awaited;
- Publishing the final version of the national workforce plan and demonstrating how this will deliver required increases in nursing and GP numbers;
- Fully resolving capital funding, going beyond promised new hospitals by addressing the growing backlog in maintenance of vital health infrastructure;
- Resolving the increased emphasis on prevention with cuts made over several years in public health budgets;
- Recovery of performance targets, including ambulance response times, A&E waiting times, time to elective treatment, cancer waiting times; this in turn has dependencies on the outcome of the Clinical Review of Standards and the workforce plan;
- Ensuring that promised funding is received and deployed in an effective manner; and
- Delivering legislative changes required to fully deliver system working; interim work arounds will bring risk, especially if maintained over a lengthy period.
In terms of system working, the NHS is moving to a less devolved, more centralist managed approach, driven by the coming together of NHS England and Improvement and their establishment of seven new regional teams.
Specific illustrations of system working include collaborative arrangements between Hospital Trusts and the centralisation of some specialist services, for example, acute stroke services; and bringing together separate “back office” functions, such as procurement. The benefits from success are considerable, in terms of both improvements in patient care and efficiencies in delivery, however, these will need to be balanced against inconvenience arising from centralisation of services and pressure from local communities, which understandably wish to retain a full range of health services within their immediate locality.
A further example is the establishment (to be completed by 2021) of Integrated Care Systems (ICS), to establish one strategic health and care commissioner per ICS, better aligned to local government. There are significant opportunities from removing silos and duplications in activity, however, risks may arise from disturbing established vested interests and the potential for, at least short term, ambiguity in accountabilities creating confusion.
Successful delivery of the level of system working required will entail significant cultural change, improved relationships across the system, and different (perhaps less competitive) behaviour from leaders and managers.
The government’s commitment to increased long term funding, to be embedded in law in 2020, is clearly to be welcomed, however, there are risks to the effective deployment of this funding. In addition, until the issue of social care provision and funding is resolved this will continue to present problems to the NHS, for example, by delayed discharge of patients at the end of hospital stays.
There are also risks to the funding provided keeping pace with exponentially increasing demand, enabling performance and deficit recovery and transforming the NHS. The 3.4% growth in funding only represents a return to the long term average of funding the NHS since 1948: there was a 4% annual average real terms increase between 1948 and 2010, which reduced to 1.4% between 2010 and 2018. Since 1948 annual demand/cost has risen by between 3.5% and 4.5%.
Workforce risks needing to be addressed include resolving high numbers of nursing and GP vacancies, supply uncertainties (both domestic and international, with the latter impacted by Brexit and immigration policy), and the resulting pressure on existing staff which in turn is impacting on existing staff morale and retention. The finalised national workforce plan is a vital piece of this jigsaw, as are the resolution of complex divisions in workforce responsibilities and initiatives to spread health care demand across other parts of the system and reduce pressure on Accident and Emergency departments etc. (e.g. increased capacity and use of pharmacists and the 111 service).
Further opportunities to improve patient care and drive efficiencies in operation will arise from smarter use of data and increased digitisation of services. These are essential for the future of the sector, however, these benefits will need to be balanced with ensuring strong levels of personal data and cyber security and ensuring that those at the “sharp end” of delivering health and care have the ability and resource required to implement digitisation locally, in an effective and optimal manner.
Kathryn McCloghrie, CMIRM, Head of Corporate Strategy, Sellafield Ltd
Chair IRM Nuclear Industry Special Interest Group
The growing importance of climate change is a big opportunity for the nuclear industry. After a long period of public reluctance, nuclear could have a renaissance as the stable baseload element within a green energy mix. The window of opportunity is narrow, with only one new build currently in construction and older stations coming towards the end of their operational lifetimes. The government's ongoing work on developing the Regulated Asset Base as an alternative funding model for new nuclear power stations may create a change in context which nuclear operators could exploit. Development of Small Modular Reactors and Advanced Nuclear Technologies could bring new models and new markets for the industry. Application of traditional nuclear skills and knowledge into new technologies, such as carbon capture or hydrogen are also opportunities.
With a decommissioning focus, the increasing focus on environmental remediation brings an increased interest in site end states and potential for re-use of sites. This is a complex blend of opportunity and threat, challenging operators to get the right balance between public expectations, regulatory requirements, re-use benefits and cost-effectiveness. The level of remediation and corresponding level of ongoing institutional control will vary by site - one size will certainly not fit all.
Developments in technology, for example robotics and automation, could provide significant opportunity for increasing the amount of remote operations, with safety, security and cost benefits. Working closely with technology developers could enable early development which is suitable for nuclear operations. Effective digitisation of business processes will also bring benefits which will need to be managed with the increased burden on cyber security.
Skills remains a key topic, as for many sectors. With our focus on the long-term and significant dependence on science, technology, engineering and mathematics, the nuclear industry will be seeking talent amongst some areas of scarcity. Appropriate investment in education and development, both internally and with partner organisations could be a significant risk mitigator. Bringing more diversity into the industry is a key opportunity, appropriately balancing the value of experience and knowledge with new ideas and different ways of thinking.
Supply chain capability and capacity are a key focus. Delivery of major projects and programmes is always challenging, and depends on the skills and expertise of major suppliers. Recent learning from other challenging projects reminds us how difficult it is to adequately forecast project out-turns when dealing with complex long-term requirements. Working effectively with suppliers to maximise the collective capability and ensure incentives are aligned is critical. Understanding the stakeholder landscape will also be important for project success, as with many large infrastructure investments, stakeholder expectations are diverse and evolving. Managing the project success criteria to maximise perceived value without damaging scope creep will require early work to obtain an effective understanding of the wider risks from the programme and context.
Change management is the other driver of risk - many of our nuclear sites are undergoing significant mission changes; ramping up construction, moving into de-fuelling, post-operational clean-out or care and maintenance. Organisations will be changing the way they operate, moving between routine processes and more dynamic balancing of risks and priorities. For many, the risks associated with cost-effective management of aging assets will be key. Times of change are hard for people, bringing threats and opportunities; supporting our workforces through change is an important element of maintaining an unrelenting focus on safety and security throughout.
Nick Wildgoose, Supplien Consulting Limited, content contributor to IRM’s new Supply Chain Risk Management Certificate
There is an economic exposure(GDP@Risk) of $584 billion representing1.55% of relevant 2020 GDP, an increase of 3% from the 2019 Risk Index, according to the University of Cambridge’s Centre for Risk Studies, latest 2020 Global Risk Index which quantifies the impact of future catastrophe shocks on the world's economy. This is based on the most prominent cities accounting for 41% of global GDP. The index quantifies the risk to economic output from 22 types of threats providing GDP@Risk estimates as a standardised metric for 279 different cities. The threat highlights of the 2020 update include the continued rise of cyber-attack risk, the likelihood of continued commodity price volatility, heatwave, freeze and sustained levels of high risk from geopolitical events. A more detailed analysis of coastal cities has also resulted in an increase in terms of the GDP@Risk related to flood risk. Many of these risk threats are relevant to supply chains and they reinforce the need to ensure that risk management is appropriately prioritised within any supply chain sourcing and management activities.
The recently published Business Continuity Institute Supply Chain Resilience Report 2019 also provides further insights into likely risk threats in 2020 the top three causes of disruption being Unplanned IT or telecommunications outage, Adverse Weather and Cyber-attack. One of the disappointing findings from this survey is that despite 51.9% of organisations still experiencing disruptions only 25.6% reported high level top management commitment to managing supply chain risk. It is also important to understand that 37.1% of the disruptions arise as a result of issues beyond that of tier 1 or the direct supplier (sub tier).
In the last 30 years, digital pipelines have developed to move capital and data around the world and supply chains or networks continuously cross international boundaries. These complex supply networks keep the global economy running. These networks may appear to have multiple redundancies and to be decentralised, they in reality contain several choke or single points of failure. Complex supply chains can be dependent on a handful of components. This has been evidenced by several incidents such as the hard disk shortages caused by the Thailand floods, brake challenges for the whole automotive industry coming out of an explosion at a single German chemical plant and shortages of drugs as a result of a factory fire in China. The creation of more of these single points of failure in the context of increasing geopolitical interference in global supply chains mean we should also not be underestimating the financial impact this can have on supply chains. Organisations compete in terms of their supply chains including this sub tier exposure, and it is those that understand exposures to their critical supply chains who will be able to best protect their financial performance.
There will also continue to be the routine supply chain disruptions caused by factory fires and corporate insolvencies. Given economic growth challenges and potential recession supplier insolvency risk will need to be carefully monitored.
Finally, as was also pointed out in the IRM supply chain risk predictions for 2019, the need to take corporate social responsibility seriously continues to grow in importance across the supply chain given the impact it can have in terms of brand value, customer and employee loyalty.
There will be organisations supply chains impacted in terms of the 2020 risks predicted above. It will be important for anybody involved in supply chain risk to have the support of top management to drive the proactive risk management required to protect financial performance.
IRM has launched its new Certificate in Supply Chain, more here: www.theirm.org/scrm
Alex Larsen CFIRM, President/CEO of Baldwin Global Risk Services and Chair of the IRM Energy & Renewables Special Interest Group
The technology industry is finding itself under growing public and government pressure. A number of high profile scandals (think Facebook, Cambridge Analytica, etc.) have put the industry under the spotlight.
In Europe, there is a clampdown on technology companies not paying their fair share of tax. Expect to see more such clampdowns in the coming year. In the USA meanwhile, trump has previously threatened to break up companies like Google/Alphabet into separate entities in order to avoid a monopoly and to avoid force feeding ideas to the public. Indeed, governments around the world also fear the power of social media, with many claiming that social media is being hijacked by foreign powers to manipulate elections or public sentiment. With the elections in the USA coming up, we may very well see the first war on tech companies or social media companies from a government. This could be in the form of law suits, regulation, investigations and fines.
The presidential election in the USA may also see the introduction of deepfakes being used for the first time in a major misinformation campaign. Deepfakes can take a video of any person and manipulate their actions and words to make it look like they are saying or doing things that never happened. The technology is scarily convincing and in a world of headlines and twitter, a simple short video (deepfake) of a candidate may swing an election.
We can expect to see an increase in regulation in 2020. The EU has already led the way with the introduction of GDPR which has already been implemented across the EU and companies are adapting to this new reality. Fines have already been issued and we can expect more to come. GDPR doesn’t only impact the EU however. Countries now have to decide if they introduce similar requirements in order to allow businesses in their country to more easily do business in the EU, ensuring competitiveness in an ever increasing industry.
GDPR is only one example of regulation however, and there are many more on the horizon.
Privacy plays a major part in the regulation drive; however, we may see many tech companies following Apple’s footsteps in focusing on security and privacy in order to protect their reputation. Having said that, many tech companies pride themselves in their open sourced approach to their platforms and software, which offers unprecedented levels of freedom, something that privacy and security can often limit. Look for blockchain technology to potentially offer a solution to this.
2019 has been a tough year for cryptocurrencies with no improvement in price from the crash in 2018. Most prices are down 90-95% and have been for over a year with what looks like final confirmation of the cryptocurrency bubble having burst, and as predicted (only days before it happened) by the IRM in the risk predictions of 2018.
2020 will almost certainly see the collapse of a large number of cryptocurrencies, leaving only the legitimate projects alive and could well see the rise of the “stable coin” crypto currency. Stable Coins are essentially cryptocurrencies that are “pegged” to a specific currency. Estonia, Sweden, France, China and other countries have all indicated their interest in such coins, and many stable coins already exist, most notably Tether which is “pegged” to the USD. Tether has faced many controversies however, and a stable coin backed by countries will be a big leap forward in adoption of cryptocurrencies and use case for alternative crypto currencies that are not pegged. It will also allow a much easier onboarding platform for regular people to purchase cryptocurrencies. This could help the legitimate projects to make significant gains in price.
How stable coins will be used by governments and banks is yet to be seen, however, the most likely scenarios are:
- A means to transfer funds instantly, and fee free, across the globe internally within banks or from bank to bank
- Acting as a more secure digital currency than the current digital systems in place
- Allowing further tracking of citizens
- Better tracking and automation of taxation
A rise and acceptance of stable coins could also lead to the development of global stable coins that are “pegged” to a number of currencies such as Facebook’s project, Libra, which is currently facing a lot of regulatory pushback. All this opens up to a future where standalone cryptocurrencies such as Bitcoin could live side by side with and be accepted as a valid alternative to Fiat or Fiat Stable coins.
Asia Pacific (APAC)
Gareth Byatt IRM Global Ambassador for APAC and Principal Consultant, Risk Insight Consulting
Whilst we cannot predict the future, one thing is fairly certain – we face continued change in 2020 and the next decade. From climate change and natural disasters, to geopolitical matters of concern and economic threats and opportunities, the Southern hemisphere has many interconnected macro and micro factors which continue to result in uncertainty for businesses, the economy and society as a whole. Some of this uncertainty can lead to opportunities to be seized, whilst much of it continues to represent threats that need to be dealt with as proactively as possible.
I’d like to highlight four questions relating to businesses in the region:
1. Will capitalism truly change, as more businesses of all shapes and sizes become more purposeful in their role for society, and their place in the world? (“Capitalism 2.0”, as some people refer to it, linked to the UN Sustainable Development Goals)
2. How will organisations ensure they are flexible and adaptable to fast-changing circumstances, including technology advancement (e.g. Industry 4.0), to capitalise in a sustainable way on opportunities they see and create?
3. How will local and national government policies, and intergovernmental agreements, help to foster new innovation and better ways of working, including encouraging businesses to have closer linkages to society?
4. How can businesses be truly purposeful for society and the environment in which they operate?
These questions lead me to think about the following elements that risk professionals in the Asia Pacific region (and indeed other regions) can, I hope, help organisations with in 2020 and in the ensuing years to come:
1. Let’s help leaders in organisations to deliver purposeful growth and to succeed with purposeful objectives – and in doing so, ensure that risk management is seen as an enabler to achieving objectives, not “a blocker” to doing things
2. Let’s help organisations to ensure they have a strong and healthy culture
3. Let’s help organisations with good resilience management
4. Let’s help organisations be purposeful and achieve sustainable outcomes
1. Let’s help leaders in organisations to deliver purposeful objectives
Risk professionals need to help the leaders in their organisations to understand uncertainty as part of working out how to deliver purposeful and sustainable objectives and growth. We often talk about how Risk professionals can be “the glue” to stick different parts of organisations together. We can also be “re-framers” if we approach our role properly, as the political scientist Angus Hervey described to me in a Q&A interview about the future in December 2019. We should be enablers, not “the people who say no”.
In terms of economic opportunities across Asia-Pacific to deliver purposeful and sustainable growth, let’s look at some macro-level indicators:
• The World Bank, in its East Asia and Pacific Development Update, says that economic growth in the region is expected to continue to decelerate in 2020 but it will still be at an average of 5.7%.
• An annual Regional Risks for Doing Business Report published by the World Economic Forum in November 2019 talks about ever-increasing complexity and more interconnections to the global economy. It highlights key risks facing companies in the Asia-Pacific region over the next decade. Political and economic concerns still predominate among businesses in the region, with cyber-attacks continuing to be a key concern.
• Similar to 2019, China’s policies and actions, and particularly its political and economic relationship with the US, will continue to influence geopolitical and economic risks in Asia-Pacific in 2020.
What are some implications of these and other economic and geopolitical forecasts for risk professionals in Asia-Pacific? We know that managing risk well is about spotting and capitalising on opportunities as well as managing the threats that matter to us. So we need to help our organisations to understand economic opportunities whilst being able to manage the threats they face (and understand the controls they can use to do so).
2. Let’s help organisations to ensure they have a strong and healthy culture
Organisational culture will, I think, continue to be an important area of focus for risk professionals in 2020. It sets the platform for sustainable performance. We saw examples in 2019 (and in previous years) of good organisational culture, and examples of where culture has been exposed to be inadequate – for example, what was revealed about the Australian financial sector in the Australian Banking Royal Commission Final Report, which was released in early 2019.
Risk professionals can play a valuable role in helping their organisations to nurture a positive and healthy culture – where speaking up is welcomed, and a clear “line of sight” about risks exists, with accountability clearly understood and actions taken to lead to good outcomes. As organisations continue to increase their agility to respond to fast-changing economic, geopolitical and societal demands, ensuring these organisations have a healthy culture is key. Good risk management approaches such as proper use of risk appetite can help organisations to ensure they have a strong culture and that good decision-making is consistently applied.
3. Let’s help organisations to have good resilience management, and to be ready to assist communities and society in the event of matters such as natural disasters
Resilience is required in many ways in today’s world, from managing complex supply chains to being prepared and ready to respond to natural disasters and a changing climate. Will we see more natural disasters in the Asia-Pacific region (as well as elsewhere) in 2020? The WEF Regional Risks Report of November 2019, mentioned above, ranks it as the Number 1 Regional Risk. We witnessed many natural disaster events in the Asia-Pacific region in 2019 (and, indeed, in the years before), and we are seeing a continuation of them continue in 2020. Recent examples are the terrible and catastrophic bushfires in Australia, which are unprecedented in their scale, plus the continuing relentless drought in that country, and the devasting flooding in Jakarta, the worst seen there in a decade.
I think an important element that Risk teams in different organisations can focus on is to help all stakeholder groups in their organisations, and those that work with them, to prepare for such events in the most appropriate, risk-informed way. Also, can businesses be in a position to assist major relief efforts when major natural disasters occur, as part of having a societal purpose? This question applies to all businesses, large and small, and organisations such as government bodies and community organisations.
4. Let’s help organisations be purposeful and achieve sustainable outcomes
This fourth point relates to my first point, on achieving purposeful growth (circling around to our “starting point”).
There are only ten years left to achieve the targets set for the United Nations Sustainable Development Goals (SDGs). In September 2019, world leaders at a global SDG Summit called for “a decade of action and delivery” (2020-2030) for sustainable development. What can businesses do to play their part in this?
Businesses in Asia-Pacific, large and small, need to work out how to be mindful and considerate of society, and how to achieve relevant sustainability objectives. It’s not easy to change the ethos of an organisation to embrace objectives that are more holistic than shareholder financial returns, but ensuring organisations re-orientate their purpose towards societal and sustainability outcomes, together with appropriate financial targets, is going to be key.
This fourth point I am making encompasses climate change (SDG #13), and the other 16 SDGs. It is about helping people in our organisations to understand all aspects of sustainability, and as a result, to help people to develop and implement specific action plans to achieve specific, successful outcomes. As I mentioned earlier, we can be “re-framers” for organisations, working with sustainability teams and leaders at all levels.
Will we see an increased demand from Boards of companies (listed and non-listed) to use good risk management to help them plot a path forward for a purposeful and sustainable strategy, perhaps using some of the World Business Council for Sustainable Development (WBCSD) advice?
Sonjai Kumar CMIRM, IRM Global Ambassador
On the economic front, India witnessed slowdown during 2019 and this likely to continue during the first quarter of 2020. However, the Government of India has taken initiatives to stimuli the economy like reduction in corporate taxes, Central Bank have mandating linking of bank lending rates with Repo Rates, Government funding to boost the reality sector where housing projects are stalled etc. These initiatives may show results after second half of 2020. Given the need to boost the economy, the Central bank may further cut the repo rate by another 25 bps to 50 bps during 2020.
In an effort of bring more investment into the country, the liberalization in the insurance sector may continue with the expected increase in foreign equity from current 49% to 74% during the budget session (Feb) 2020.
Ever since the global ransomware attack in 2017 the focus on addressing cyber risk has increased. According to reports India's cyber security market is expected to grow around 15% (USD 3 billion) by 2022 from close to USD 2 billion in 2019. The transaction value of digital payments in India is estimated to grow annually at a rate of 20% from about USD 64.8 billion in 2019 to USD 135.2 billion in 2023. On a one hand the increasing digitalization is likely to bring customer’s delight; however on the other hand this is also likely to increase cyber and digital risk during 2020.
The trend of extreme weather conditions started few years back likely to continue during 2020. Over the last couple of years, flooding due to excessive rain during the monsoon season is spreading in different parts of the country. Due to lack of preparedness in these cities to handle such high volume rain may result in loss in lives and properties. The adverse impact of excessive rain could be on agriculture commodity leading to increase in food prices.
The current government has come to power after gaining majority in the general election so political instability unlikely. The people have given the mandate to the present government in 2019 for five years.
The chances of cross border conflict given the current situation seem unlikely, however the current tension may continue.
India is dependent upon crude oil import for meeting its domestic fuel needs, if there are international conflict that adversely impact the Gulf region, this may lead to rise in fuel prices impacting the inflation.
Given the vast size of population and increasing middle class presents excellent opportunities for global players to invest in India.
Zanele Makhubo CFIRM, Director Enterprise Risk Management and Business Continuity in Public Sector – South Africa IRM Regional Group Chairperson
Extreme weather phenomenon
The unpredictability of weather patterns due to climate change pose a serious risk across the globe.
South Africa is currently experiencing extreme whether unpredictability varying from drought, severe heat wave, thunders storms, floods etc. happening at any given point. This will continue beyond 2020 and the critical questions that the country must ask its self to mitigate this risk are:
- What Resilience Strategies are in place to be implemented in the short term and long term?
- What multidiscipline disaster management strategies and competencies needed that are smoothly coordinated across the spheres of government and the private sector.
- What Investments in New technology and disaster risk management resources are critical to keep up with forever changing climate?
- How do we make sure that there is smooth interaction between humanity, animal, plant, water and the environment?
- What Communication strategies and awareness campaigns needed to educate communities on how to respond to such phenomenon in order to save human life?
- How much efforts are put in place to maintain depilating infrastructure such as bridges, drainage system, roads etc.
Extreme drought, unmaintained infrastructure and uncoordinated effort to manage national drought renders a Country to be more exposed.
To mitigate the risk by
- Ensuring that more coordinated efforts and resources at national level are coordinated smoothly.
- Providing more communication strategies, education and awareness campaigns to communities to use water economically.
- Addressing and maintain the depilating infrastructure.
Water shortage due to extreme droughts leads to lack of access to food of sufficient variety and quality. Food production, agriculture and farming is greatly affected.
South Africa needs to strengthen its food security strategies to ensure availability, access, utilization and stability by:
- Improve farming.
- Increase crop production by increasing the amount of agricultural land or enhancing productivity on existing agricultural land.
- Encourage Permaculture and Permagardening.
- Promote Permaculture three guiding ethics: “People Care, Fare Share and Earth Care”.
Governance and ethical risk
Both in Government and Business, Leadership is tested in relation to individual integrity, ethical behaviour and failing governance structures.
To mitigate this risk an introspection is needed at an Individual level and Organisational level. The Leadership must set a “Tone at the Top” by building governance structures that are fit for the purpose to govern organisations with more dignity and values that uphold the rule of law.
South Africa is currently experiencing low economic growth rate, high unemployment, continuous social inequalities and break down in governance structures both in the private and public sector. The risk of Rating Agencies rating South Africa to junk status in the future is looming.
South Africa’s quick wins to mitigate this risk is to:
- Implement governance structures that are resilience and prone to fraud and corrupt activities
- Stabilise the rising debt to GDP ratio
- Address high unemployment and low economic growth
- Address leadership failures at the Board, Executive and Management level both in the private and public sector organisations.
The land debate will continue to gain momentum in 2020 and beyond. It is still a very sensitive debate for all concern and must be treated with caution and sensitivity that it deserve. It is about restoring dignity and equality.
Darren Mullan, CFIRM, Head of Risk & Compliance, Bahri (National Shipping Company of the Kingdom of Saudi Arabia)
Chair of the IRM Regional Group for KSA & Bahrain
For my risk predictions last year, I selected several trends which presented both risk and opportunity across the Middle East.
For this year’s risk predictions, I have provided an update against these trends within the wider context of continued regional socio-economic and political reform, as well as some of the well-publicised political and security tensions.
Globally the IMF expects economic growth for 2020 to come in at 3.4%; and whilst this is up from 3% growth in 2019, the lowest growth since the financial crisis, it is well below the 3.8% growth achieved in 2017.
Whilst the Middle East countries are expected to follow the same overall upwards trend in 2020, their relative increase in 2020 is expected to be much higher due to a difficult 2019 in the region. For example, the IMF expect Saudi Arabia’s economic growth for 2020 to be 2.2%, which is a large uplift from 0.2% in 2019.
Whilst this regional economic growth will unsurprisingly continue to be driven by oil-related revenue, non-oil growth will continue to strengthen (e.g. several major Saudi Arabian Vision 2030 infrastructure projects and sporting/tourism initiatives are building momentum, and Expo 2020 will take place in the United Emirates). The recent budget statement from Saudi Arabia’s Ministry of Finance (MoF) provided further insight into this split where, during the first half of the year, non-oil GDP increased by 2.5% versus a decline of 1.0% for oil GDP.
Whilst the Middle East enjoys much lower overall taxation compared to the global average (e.g. some research indicates 25% regional versus 45% global taxation rates), taxation reform continues to play a key role in the wider economic reform across the Middle East (e.g. Bahrain introduced VAT during 2019, following the UAE and Saudi Arabia who did so in 2018).
Whilst any further taxation reform is expected to be incremental, some of the expected areas to be targeted during 2020 include increasing taxation on wealth, property and assets. Another expected area of increased taxation will be the so-called ‘sin taxes’ (e.g. Saudi Arabia recently introduced a 50% tax on sweetened beverages).
Across the Middle East region, the bulk of the population is predominantly below 30 years old. In last year’s predictions, I highlighted that this factor will present both opportunity (e.g. meeting the needs and aspirations of these emerging consumers) and risk (e.g. meeting the increased demand for degree-level education and associated professional employment opportunities).
My own observations in the region indicate that governments, in particular Saudi Arabia, are successfully responding to this increased demand for professional employment opportunities (e.g. broader Saudisation of, combined with increased female participation in, the local workforce), which in turn is fuelling consumer-led economic growth across non-oil sectors.
In conclusion, the Middle East is a fascinating region and will continue to present trends with both upside and downside across 2020. I also suspect that 2020, like 2019, will also provide some unexpected political and security events in the region, which are always difficult to predict but must still be managed.
Unsurprisingly, as a profession we must therefore continue to help our respective employers and clients to navigate these risks and opportunities.
Linda Conrad, SIRM, IRM Global Ambassador for USA. Adjunct Masters Professor at Robert H. Smith School of Business
Hindsight is 20/20, but foresight will be essential in 2020. Our overarching theme for the new decade should be: expect the best, prepare for the worst, and plan to be surprised! Risk and resilience professionals should help business partners to assess what might happen and evaluate how to respond to minimize negative impact and maximize opportunity.
Managing emerging risk issues will be critical, as many global trends and local issues will have strategic relevance for businesses and individuals in the United States, including:
Technology, Digital transformation and Cyber Risk
Firms will increasingly embed digital transformation into corporate strategy as an essential competitive advantage to transform and modernise services and analysis capability.
Cyber security expertise will expand as a critical capability. Additional staff training will be vital as the first line of defence.
Third party vendors are emerging as a cyber threat vector.
Sophisticated actors will continue to deploy malware against notable targets, to include critical infrastructure.
The much-anticipated European Union legislation on data protection (GDPR) became law in May. Although GDPR has not yet had a major direct impact, it is indirectly influencing global regulators and compliance costs.
Technical developments will multiply, offering significant business opportunities but also considerable future risks. Additional adoption should occur in applications of Machine Learning, Artificial Intelligence (AI), the Internet of Things (IoT), robotics, and the roll out of 5G mobile technology.
There will be more awareness of, and concern for cyber fraud, synthetic content and deep fakes.
Privacy and data manipulation concerns grow, especially around medical information, data transmitted wirelessly, and vehicle operating systems.
Technology will become even more personal, more individual data available to people and companies,
Individual scoring can curate the content we see, glasses, bracelets, watches supplement mobile phones.
Technology fluency and media literacy will become a more essential skill, both personally and professionally.
It will be critical to attract and retain personnel with analytical, data science and risk capabilities. There will be an increased demand to create complex quantitative models.
The IRM’s new certificate in Digital Risk Management can improve the ability to identify and proactively manage these transformational risks.
Supply Chain, Manufacturing and Trade
Cost pressure brings increased reliance on global suppliers who may have lower quality and be less reliable.
Online sales continue to threaten “brick and mortar” stores.
Super stores are taking over small businesses, causing changes to local economies.
American nationalism and a hardening of positions on trade with China, and new tariffs are stimulating repatriation of manufacturing and local sourcing but we must guard against inflation.
Finance and the economy
The capital markets had a banner year, and the major stock indices should continue setting records.
Continued low interest rate environments in the US, EU and UK might affect trade, investment flows and western currency devaluation.
Financial Institutions feel the push for free services which puts pressure on margins.
FinTech and InsurTech growth will continue.
Political and social environment
The presidential impeachment proceedings challenge the ability to uphold the rule of law and push the collective and consultative decision making process.
The upcoming presidential election is promoting deepening divisions between parties and hostility between individuals.
Gun violence is on the rise and mitigation tactics are unclear Social media and gaming may lead to increased isolation.
Tension may rise as the US opposes many previously supported UN positions and challenged NATO over its funding and resource provision.
The US increased its political support for Israel, while violence escalate between Israeli forces and Palestinian protesters in the disputed territories
Challenges may continue Iran nuclear deal support was withdrawn and contentious top-level dialogue occur with Russia and North Korea
The unpredictability of weather patterns continue, posing a serious risk across the globe.
The need for and investment in Green Energy is growing Natural disasters are becoming more severe, demanding coordination of private, local, state and federal resources.
Disaster risk assessment and continuity scenario planning should be conducted to inform the resilience strategies.