New to RiskMinds International this year is a panel session, bringing together some of the leading CROs to discuss the common “pain points” in the industry today, and ultimately answer the questions, “What keeps you up at night?”
Ahead of this, the RiskMinds team spoke to our panel, and other CROs speaking across the event, to gain an exclusive insight into what might be discussed in December.
1 Cyber Security
Out of all CROs questioned, 53% responded with Cyber Security as a “top 3” concern.
This isn’t surprising, as our dependence on the internet has increased, so cyber-crime has moved from obscurity, into the spotlight for not only the consumer, but also for corporate and international security concerns. Former Scotland Yard Detective Superintendent, Charlie McMurdie, gives it straight, “Cyber-crime is cheap to commit and expensive to defend, criminals operate within the virtual environment and as such are not constrained by real world boundaries. It’s not by chance that they exploit the widely differing legal and regulatory regimes in place within different countries.”
One respondent elaborated further, “The sheer complexity and exponential growth make cyber-crime one of the most significant risks that keep me awake at night. I have spent a significant amount of time during the past year familiarizing myself with the nature and complexity of the treat vectors. It is incredibly difficult for organizations to protect themselves and I believe we are at a very early stage of the evolution of this risk type. We are bound to see significant incidents over the next few years.” Indeed, the recent breach of U.S. credit monitoring firm Equifax, which resulted in the leaking of personal information for around 143 million individuals, demonstrates that the scale and impact of data breaches are only increasing.
Another senior CRO discussed the risk of social hacking within the realm of cyber-security, “Often enough people speak about cyber security, compliance, policies, and procedures, forgetting that after drafting any policy they should also work on its effective implementation. It might be quite hard to hack a server, but a poor password policy may result in the very same data breach in a much simpler way.” The fact of the matter is, the methods of would-be hackers have not changed dramatically: phishing—increasingly spear-phishing—is still amongst the most popular attack vectors. Simple employee awareness remains a major challenge.
2 Geopolitical Instability
The CROs we paneled have a widespread geographical influence and responsibility, and so the current geopolitical climate was an expected top pain point. In fact, one third put it in their top 3 concerns, with some stating specific concerns with Trump and Brexit, and others pinpointing more localised pressures within their own markets.
Delving into this a little further, one respondent said, “In general any risk which is hard to measure and might have systematic effects, like geopolitical risks. When it comes to risks which are hard to measure the complexity of having an effective strategy to mitigate that risk increases exponentially.”
Recent election results in Germany, France, and the Netherlands may soothe the nerves of CROs concerned with the rise of right-wing nationalist populism, but that would ignore the strong showings by far-right parties like Alternative for Germany (AfD) and the National Front in France. The forces and attitudes that contributed to the victory of Donald Trump in the U.S. and Brexit in the U.K. are still very much present, and could continue to pose a risk to markets as well as political stability.
3 Regulatory Change
The third most popular pain point was regulatory change, with over 1/3 of our CROs stating this a pressing concern.
As many in the risk management industry are aware, several new regulations are coming through and are due to go live in the new year, including IFRS9 and MiFID and Volcker. Even for companies well placed to handle the changes needed to implement new processes and requirements, the sheer volume of adjustments necessary is keeping some CROs awake past bedtime.
“The burden of regulation is now monumental and potentially having unintended adverse consequences. While much of the regulation was proven to be necessary due to poor industry self-regulation as evidenced by the Global Financial Crisis, the overload of new regulations and their exhaustive implementation can impact the profitability of banks that is necessary for a strong well capitalized banking industry. Risk managers can also 'take their eye off the ball' of the commercial risks as they are distracted with the reporting, governance, and bureaucracy of compliance,” stated one CRO.
RiskMinds also ran a Regulation Digital Week, highlighting expert opinions on a range of regulations impacting the industry, through webinars and Q&As. Catch up on what was discussed, ahead of the conference.
Other Pain Points
While almost all the CROs agreed on at least one of the above risks as taking up prime real estate in the top three pain points, there were a variety of other responses which were highlighted too.
These include financial crime and fraud, risks arising from digitization and FinTech and traditional credit and market risks.
The below chart shows the full range of responses to the question, and emphasizes the growing number of risks CROs must keep on their radar in order to be effective and ensure a sustainable and profitable business.
