Airmic
Log in Join now News & media

Emerging risks: are you the victim of progress or do you define it?

Emerging risks are too often being ignored by boards who prefer to focus on easier-to-manage visible risks, according to Airmic and Marsh in a joint paper published this summer. Why have emerging risks become so important, and why do businesses struggle to deal with them? Jessica Titherington speaks to risk experts and Airmic members to get their views.

Boardrooms are increasingly aware that changes in global politics, societal opinion and technological innovation are having a far greater impact on their business models than ever before - and at a much faster pace. Businesses have always been vulnerable to emerging risks, but in today's volatile and uncertain environment, disruption to established businesses is becoming more widespread.

The UK Corporate Governance Code, which was introduced by the Financial Reporting Council last year, now requires boards to specifically address emerging risks alongside principal risks in their annual reports, and to explain what procedures are in place to identify, manage and mitigate them.

And yet despite this, boardrooms are still not paying enough attention to emerging risks, according to Airmic's member guide to emerging risks, published in June. According to the report, which was produced with Marsh, businesses tend to focus on visible threats where useful data sets exist and where boards feel they have control.

As a result, there is a real danger that emerging risks are being filed in the "too hard" or "less important" folder, leaving businesses highly exposed to changing winds that can fundamentally alter their course. The report argues for a "recalibration" of risk management, to provide more balance between addressing both traditional and new risks, and it provides practical guidance on how to achieve this.

Why now?

New and emerging risks have, almost by definition, always existed, so why this call to action now? Richard Smith-Bingham, director of Marsh & McLennan Insights, and co-author of the report, observes that, after the 2008 financial crisis, the increased emphasis on risk management was focused on processes, reporting, governance and core analytics. "But while risk management became more robust, it wasn't necessarily more sensitive or responsive to a changing risk environment, especially with regard to technological innovations, political and societal disruption, climate or environmental challenges."

Risk management, he adds, shouldn't just be focused on stable operations, but rather it should help executive teams position their firms for the future, to "capture opportunities associated with new developments and consider resilience to adverse scenarios that may seem extreme but are nonetheless quite plausible."

Alison Hill, an Airmic board member and senior risk professional, agrees that today's risk environment necessitates a greater focus on emerging risks than in the past. "Things are changing very quickly. When it comes to regulation, digitalisation and globalisation, the situation can change a lot in just a year. Addressing these risks is no longer just a 'nice to have' but key for strategy. If you don't address them you get left behind."

The emerging risks guide, written in partnership with Marsh can be downloaded here

Free your mind

One of the key messages from the Airmic and Marsh report is that managing emerging risks requires an entirely different approach to dealing with traditional risks. Emerging risks are far harder to define, quantify and map and require a different, more imaginative approach, the report stresses.

Formal assessments and heat maps should be exchanged for structured, creative discussions across business units. Boards and risk professionals need to "create space to think the unthinkable and speak the unspeakable."

"This is a really important message," says Julia Graham, the author of the report, and Airmic's deputy CEO and technical director. "Emerging risks are different in nature and you need new techniques and new tools to deal with them. It's not easy, but our report gives clear practical advice for risk managers on the different approaches they can take."

Ms Graham also stresses that emerging risks are not necessarily new risks: "They can also be known risks which take on a different profile or characteristic," she explains.

Ms Hill agrees that emerging risks are a challenge: "They are very difficult to see; you can't get your hands around them. They're like fog - you know they're there but you can't quite see what form they're taking."

The key to dealing with them, she adds, is not to systemise things too much. "You have to have a free mind. That's where boards come in. They have different backgrounds, the perspective of different companies and can bring a new lens."

Airmic member Matt McEwan, director, risk management at Coca-Cola European Partners PLC (CCEP), believes that a blend of creativity and analytics is important. He explains: "Emerging risks are more about art than science, requiring a more creative and curious mind set, but you can still build reasoned assumptions around them. There may be less scope for modelling than with traditional risks, however the data and analysis can still provide useful trends and indicators."

He stresses that it is important not to forget the "here and now" of more traditional risks. "You should certainly bring emerging risks to the forefront, but a lot of risk today is still linked to traditional sources such as fire and nat cat events. We cannot afford to take our eye off these risks."

Emerging opportunities

An important theme of the Airmic and Marsh report is that managing emerging risks is not about avoiding bad events or limiting risk taking. It's about creating a "risk-intelligent" organisation, where risk is closely linked to strategy and opportunity.

Mr McEwan agrees. "Risk by definition is a deviation from an expected outcome. This can be both positive and negative, so emerging risk can also be an emerging opportunity. For example, the recent introduction of sugar taxes in the UK resulted in the business taking a number of innovative steps, including reformulation of product ranges and the introduction of new packaging formats leading to greater customer engagement and market share."

Indeed, the debate is often too heavily skewed towards risk, says Ms Hill. "I prefer to use the phrase 'emerging trends' rather than emerging risks, because it is more neutral in terms of risk and opportunity."

The risk community must be alert to all possibilities, she says. "For example, climate change and Brexit are big threats but you can use them to your advantage. They don't have to be a noose around your neck."

Her advice to risk professionals is to keep an open mind: "We need to open our ears, know what our peers are doing, ask how we can do better. We need freedom of thinking. Do you want to be the victim of progress or to define progress? It's about creating the future."

Culture is king

Mr McEwan believes that, ultimately, company culture is the most important factor in whether a company can take a successful approach to emerging risks. "The leadership afforded via our board of directors embraces diversity, encouraging curiosity and challenging the status quo by asking 'what if' questions. This is critically important and means the organisation is continually assessing emerging risk scenarios without detracting from the lens on traditional risks."

He adds: "It's as much about the culture and DNA of the business rather than specific processes. It is key to encourage a platform for this to happen."

Mr Smith-Bingham agrees. "These risks are hard to analyse. The data is often patchy, and intelligence may be conflicting. But, at the end of the day, the greater challenges are cultural. Company leaders need to embrace imperfect information and be cognisant of multiple eventualities as they make key decisions."

Be your organisation's conscience

Emerging risks present an excellent opportunity for risk professionals with ambitions to gravitate from the back-office to the centre stage of decision-making, the report stresses.

Indeed, Mr Smith-Bingham explains that ownership of emerging risks should lie at the c-suite or board level, but risk managers can play an important role. "There are opportunities for risk managers to become risk leaders and champion exploring how material these more broad-ranging threats might be. If someone else is already doing this, risk managers may well be able to add greater rigour and creativity."

Or as Ms Hill puts it, risk managers should be the "catalyst" for getting the board to address this challenging subject. "At the end of the day, it's the board's decision and they have to care. But as the risk manager, you should be the businesses' conscience."

Download the Airmic and Marsh guide to emerging risks here.

Richard Smith-Bingham is director of Marsh & McLennan Insights