The impact of the Covid pandemic and uncertainty of a possible third wave is yet to be ascertained and quantified for effective risk management across businesses. Beyond doubt, the stakes have gotten higher due to a lack of visibility into risks and difficulty in measuring the risk-adjusted performance. For almost 18 months, public and private sector organizations have faced an unforeseen and unfamiliar risk landscape with no precedence to look at. Every decision, however small, has the potential for dire repercussions that extend beyond high cost and loss of business. Enterprises, more than ever, have been challenged with managing cascading events and an entirely new risk profile.
The consequences of a poor response to any crisis include a sharp decline in shareholder value, adverse impact on brand reputation, customer loyalty, employee retention, and more. The volatile business environment and technology disruption has dramatically expanded the risk profiles of organizations while adding new dimensions in parallel.
Cybercrimes have jumped almost fourfold during the pandemic, with Covid-19-related ransomware and spear-phishing campaigns impacting institutions as diverse as hospitals, local governments, and banks. Hackers struck Honda in June, forcing the automaker to temporarily halt its production lines. HDFC Bank had a severe outage not long ago. Even a few Indian tech companies have been subjected to ransomware. Many IT departments with inadequate control over security opened up to new attack vectors. Remote working in organisations has opened up new fronts in IT risk management with an explosion in the number and type of devices used for official purposes.
The risk in modern enterprises has become more complex in the recent past, mainly on account of the web of connected businesses, decentralization of business units, increase in regulation, and the embracement of new generation technologies such as third-party cloud infrastructure and services. AI/ML models, new-gen databases have made the collective risk capability more interconnected than ever. With the resurgence of COVID-19 in several parts of the globe, we are currently grappling with the biggest black swan event of our lifetime.
The crisis continues to unfold, shattering the existing paradigm of siloed risk management across IT, operations, finance, HR,compliance, etc. In this precarious and rapidly escalating situation, Enterprise Risk Management has re-emerged as a potent interventional mechanism to have a holistic view of risk spread across the organization's numerous departments and divisions.
Let us examine this change in the context of India's banking and financial services sector – a mission-critical sector that has not been spared by the pandemic. Traditionally the focus has been on credit and liquidity risk management. Operational risk mitigation was seen more as a support function consisting of audit and compliance. Now, the regulatory emphasis has drawn increasing focus to enterprise-level GRC (Governance, Risk & Compliance) encompassing numerous facets like Enterprise Risk Management (ERM), Information Technology Risk, Cybersecurity Risk, Business Continuity risks in addition to Credit Risk. Moreover, far from being a cost centre, Enterprise Risk is now seen as central to business, as evident from recent trends like the incorporation of ESG, criteria for investments into organizations. It has fueled a more comprehensive outlook towards GRC, in turn impacting the mindset of the CROs.
For instance, Credit Risk Management is undergoing a transformation wherein banks and financial institutions are increasingly preferring solutions such as Real-Time Early Warning Systems (EWS) for credit monitoring, to tackle Non-Performing Assets (NPAs). As a specialist in risk management solutions, we have been helping top banks tackle the vexing problems of asset quality and credit fraud. This is doneby our AI/ML-enabled EWS solution, having the potential to detect and prevent suspicious or fraudulent transactions, effectively by paving for a transition from detective to preventive credit risk monitoring.
While the above may be a specific example, what it highlights is the need for prudent risk management today at an enterprise level, as the lines between traditional risk management, crisis management, and resilience are rapidly blurring. ERM in today's context is highly evolved as a function and its success is rooted in an organization's ability to foster productive partnerships with key stakeholders. Banks are also investing heavily in technology to enhance their risk management capabilities. They are increasingly using risk intelligence from external sources and data visualization techniques to improve decision-making and risk mitigation, among others.
Add to this the digital revolution which has increased the availability of data, degree of connectivity, and speed at which decisions are made. While they offer transformational promise, they also bring in the potential for large-scale failure, frauds, and security breaches, threatening a rapid cascading of consequences.
The billion-dollar question on everyone's minds today is how financial institutions can optimize their risk management teams for today's fast-changing environment characterized by short business cycles. In the current scheme of things, cultivating stakeholder trust would be paramount. It calls for the risk leaders of banks and FIs to think of innovative ways to engage the bank's diverse stakeholder ecosystem and empower them in decision-making.
Top management and other stakeholders are also realizing that ERM is part of their overall governance process. Internal controls, IT Risk, operational risk, resilience, are integral to the overall governance system. The focus now is on honing the governance's risk management capabilities, especially using technology, to enhance monitoring, and not just make it a set of policy guidelines that are cumbersome to interpret and difficult to enforce and track.
What is needed today is a strong Governance, Risk, and Compliance (GRC) product suite that will help in strategically complying with various GRC objectives of an organization. The need of the hour is a cloud-enabled suite covering a wide array of business functionalities such as Enterprise Risk Management, IT Risk Management, Incident Management, Business Continuity Management, Compliance, and Audit Management, Data Privacy Management, Cyber-security and Conduct Management.
To be sure, an effective management system can only complement strong governance designed and developed on governance principles. While the board may establish enterprise governance through the definition of processes and structures, the GRC suite should be able to review, revise, reset and reframe the enterprise goals after considering the impact of the environment, say currently COVID-19 on the enterprise.
Pertinent use of such a technology product will only empower enterprises to meet disruptions to their businesses – from both everyday challenges and as well as the once in a century challenge like the pandemic – and ensure greater resilience while providing a structure for achieving enterprise objectives.
Author
Jaya Vaidhyanathan, CEO, BCT Digital
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.