2018 has been a turbulent and unpredictable year for businesses. Risk managers have been managing the introduction of new GDPR legislation, dealing with more and more ‘big data’, and planning for political uncertainties.
With 2018 behind us, we can look towards what risks we will bring with us into 2019 and what new ones will likely become the focus for Risk managers during the year ahead.
Here are five top priorities for Risk managers in 2019.
As in 2018, cyber risk will remain top of mind in 2019. The way that cybercrime is evolving means that risk managers and IT teams must constantly be looking for ways to improve security. Largely opportunistic, cyber criminals have developed ingenious ways to exploit technology flaws. And regulation cannot keep pace with changes.
One of the big stories in 2017 was the WannaCry virus that affected organizations globally but had the biggest impact on the NHS in the UK when their lax approach to applying software patches allowed criminals to access their systems with ease. This obviously highlights the importance of maintaining IT security.
Information Age has identified the top trends in cyber security risk to look out for in 2019. In terms of what risk managers need to consider, one key focus is to plan for the event of a breach. This means things like:
Read our article ‘Now is the time to manage your cyber risk’ for a more in-depth discussion on the role of a risk manager in cyber security. Airmic research found that their members lacked confidence in their organization’s cyber risk management practices—with less than a third being satisfied (Airmic transformation of the risk profession survey, 2017). There clearly is more to be done in 2019 to address cyber security as a risk.
You also need to have a good risk management information system (RMIS) in place to manage your organization’s information; have a look at our article ‘Will your insurer contribute to a new risk management information system (RMIS)?’
It has been more than six months since GDPR, the sweeping new European data privacy regulation, came into force. Along with Airmic, Scott Wilson, our own Chief Information Security Officer, recently hosted a webinar that looked at how GDPR has changed the commercial landscape, and in practical terms, what this has meant for businesses. Although we are still in the early stages of seeing the impact of GDPR, data protection bodies from across Europe are seeing an influx of complaints, and the first convictions are coming through.
Looking to 2019, data governance regulation will continue to be a hot topic. As other places tighten their own legislation, such as India and California, it will become harder for organizations to avoid changing their practices.
In order to maintain a trusting relationship with staff and customers, implementing robust data protection processes is vital.
Even for compliant businesses, data protection legislation can be tough. Here in the UK, Morrisons supermarket was recently the subject of a lawsuit from employees over a breach of their data when a disgruntled staff member posted personal details online in 2014. Despite Morrisons handling the breach efficiently and fully complying with authorities (and the ex-employee being jailed for fraud, securing unauthorized access to computer material and disclosing personal data), they have still been found liable for compensation to staff.
This presents a dilemma for risk managers in 2019. How can they sufficiently protect their business from internal threats without creating a culture of distrust and implementing big brother style tactics? The balance between trust and compliance is going to be a hard one to handle.
In terms of having the underlying practices in place to handle data protection, technology can play a key role. Software, such as Ventiv’s Data Governance module, can help organizations to ensure they remove a lot human error. Examples of what the module can do include automatically anonymizing personal details when data retention deadlines are reached, creating an audit trail for how data has been collected, and recording explicit consent to it being processed.
The impact of regulatory compliance on any business will vary from industry to industry. However, every business is subject to ever-changing rules that govern their products, services, and business operations. There are laws surrounding everything from employee rights and health and safety to financial reporting and consumer protection.
Cyber security and data governance are two key areas businesses must focus on for compliance. Cyber attacks and data breaches can lead to loss of trust from customers and markets as well as reputational damage. However, they can also lead to huge fines and prosecution from regulatory bodies if a company is found in breach of regulatory laws. For GDPR, this is up to €20 million or 4 percent of annual global turnover, whichever is greater. The proposed data protection bill in India looks like it will enforce similar fines. Consumers are becoming well versed on their rights and are increasingly security conscious. Companies are required to be more open about their operations and policies, which is a positive message, although in practice, it is hard to fully comply 100 percent of the time.
It’s not just data and cyber security that is governed by legislation. Insurance and other financial services companies, for example, are heavily regulated, and large corporations will all be subject to financial reporting rules. Companies all have a responsibility to the board of directors, their relevant stock exchange, and government regulatory bodies.
Regulations often change, making it a task to keep up with new rules and understand what they mean for the company. Not complying can result in fines running into millions, or even billions. According to Regtech provider JWG, since the 2009 global financial crash, more than 60,000 regulatory documents have been published—essentially tightening all rules that financial services must comply with.
Compliance is not just a box-ticking exercise. To be truly compliant, and able to adapt to rules as they change, a business needs to implement a risk-based culture with a focus on integrity, flexibility, and efficiency.
Predicting regulatory risk is one way that businesses are trying to stay ahead of the game and reduces losses from non-compliance or significant change. In 2019, risk managers need to ensure processes are in place to capture all regulatory announcements and analyze what these mean for their business in practical terms. Regtech companies are increasingly popular choices for organizations, who want to use technology to monitor regulation and remove the laborious task of manually gathering data.
EY’s whitepaper “The digitisation of everything” highlights the epic importance of digitization, describing it as “a step change even greater than the internet”.
Digitization means converting everything into a digital form—from paperwork to sales to customer and employee communication. In its most basic form, this means saving information on computers rather than on paper. However, it also means everything from using social media to talk to customers to allowing purchases online with integration of the website with a system where sales information is automatically processed.
The new generation of customers expect all channels (and business systems) to talk to each other so that no matter how a person contacts a company, they will be able to pick up from their previous interaction. This sees companies moving from a traditional face-to-face model to (eventually) a meaningful cross-channel convergence style of interaction.
One such tool that helps to digitize processes across an organization is Ventiv Digital. If you perform loss-control inspections, conduct surveys, or collect exposure values or certificate requests, you can easily start this on a computer, tablet, or smartphone and complete it on a different device. Even if you don’t have an active data connection, the information will automatically synchronize at a later time.
While it is likely that most businesses have a digitization strategy in place, there continues to be new ways to integrate systems and use technology to create a better customer and employee experience. 2019 will see risk managers exploring new techniques.
Innovation with AI takes digitization one step further. While all businesses need digital technology to survive, being innovative will give them the competitive edge.
Even in the most forward-thinking of organizations, innovation does not happen overnight. It requires a long-term strategy designed to meet SMART objectives (that is, specific, measurable, achievable, relevant, and time-bound). While the technology is beginning to catch up with the aspirations for how businesses can innovate, most management teams have been slow to take the risk.
Robotic process automation (RPA) integrates intelligent bots into existing systems and automates many tedious, repetitive tasks. This allows skilled workers to concentrate on the higher-value aspects of their role – thus saving time, increasing motivation and essentially, better return on investment.
Risk managers can be at the forefront of driving this sort of innovation within an organization. It requires putting together a strong business case for the benefits. While many people are worried about automation and ‘robots’ taking away jobs, one of the biggest factors to overcome is the cost and time to implement.
Genevieve Gonzalez, Ventiv’s Director of Professional Service, Asia-Pacific, talks about the challenges versus the benefits in her insightful article ‘Don’t fear the robots!’.
At Ventiv, we have embraced RPA and work with clients to identify the easily automated tasks. During 2019, we expect innovation, and RPA, to become a much bigger focus for businesses who are trying to manage escalating costs and improve margins.
Read our article ‘Can artificial intelligence (AI) and machine learning help risk managers?’ for more on how risk managers can use AI.
As you will notice, most of today’s risks are interrelated and will require an integrated approach to manage all of them effectively. If you are looking for support in managing your enterprise risk in 2019, speak to Ventiv about our range of technology products that can take the uncertainty out of risk management.
Steve Cloutman is the Managing Director here at Ventiv Technology. If you would like any further information on the topics discussed here please contact him at firstname.lastname@example.org
Jan 14, 2019