Why Risk Management Needs a Transformed Perspective for 2022 and Beyond – Corporate/Commercial Law


UK: Why risk management requires a transformed outlook for 2022 and beyond

To print this article, all you need to do is be registered or log in to Mondaq.com.

In 2022, as businesses face the challenges of evolving disruptive forces – societal, technological, environmental and regulatory – it has become clear that a paradigm shift in risk management is urgently needed. This change should mitigate risks for organizations and consumers, in addition to allowing companies to
take the right risks – a fine but achievable balance.

As a result, businesses find themselves grappling with an increasingly complex array of risks. A new approach is needed that puts “risk management by design” and therefore business resilience at the heart of enterprise-wide decision-making.

The critical risk exposures facing businesses today are constantly changing. They include:

  • The ever-changing regulatory landscape:Regulatory readiness is non-negotiable and has been proven to drive tangible business value. How companies proactively manage and respond reactively to regulatory requirements is critical.

  • Technology and Data Risks:

    • Data quality, confidentiality and ethics: The criticality of the data is underlined by the multitude of regulatory requirements applied to their processing. Likewise, when robustly managed, data can be leveraged to improve operational efficiency, good customer outcomes, and business benefits.

    • Technological risks: These risks, including technology infrastructure resilience, technical debt, unsupported systems, and project delivery risk fundamentally threaten the ability of businesses to operate.

    • Cyber ​​security: An accelerated risk zone during the pandemic, organizations need to understand their inherent risks and vulnerabilities here and strengthen their prevention, detection, and incident response and recovery preparedness. Cybersecurity is a risk that is becoming increasingly important as businesses continue to push their digital boundaries in response to competition and customer trends.

  • Operational resilience: The ability of businesses to prevent, adapt, react, recover and learn from previous operational failures will mitigate any future impact on consumers and their own reputation.

  • Supplier Risk Management (SRM):The vulnerabilities can be extensive and compounded by unknown vendor risks. Knowing your suppliers and ensuring that the appropriate mitigation measures are applied in the event of an issue are key to protecting a business and its customers.

  • Fraud and financial crime: Businesses must meet requirements to have effective systems and controls in place to detect and reduce the risk of fraud and financial crime.

  • The emergence of ESG in the strategic battlefield of a company: A topic at the top of the boardroom agenda, spanning multiple areas that present a new set of risk challenges with unique characteristics.

Each of these areas of risk (which we will explore in more detail in future articles) has the potential to have a significant impact on organizations if not managed proportionately – whether invite unwanted scrutiny from regulators or divert a company from its strategic objectives. Additionally, companies with international interests will also need to keep an eye on the associated inherent risks, such as the global regulatory landscape.

To successfully negotiate the myriad of risks we see today, organizations should consider three key practical points in 2022:

1. The traditional risk toolbox – controls, limits, measurement tools – is inadequate to manage all the simultaneous disruptive forces a business will face. While these tools are still essential, companies must also develop an adaptive enterprise-wide risk awareness and mitigation culture. Risk management is not just about response and recovery and it is not about defending a business against all risks that may arise. It is more about better understanding risk and long-term resilience to risk through constant adaptation and evolution.

2. Risk cannot be isolated or simply left to a CRO or the ExCo. There must be a company-wide understanding of the need to generate practical solutions to mitigate risk in order to achieve positive business results. Risk-mitigated outcomes, if developed with a “risk-by-design” approach, can preserve organizational value in addition to providing operational and business benefits. There are signs that a wider range of senior executives – from COOs to CIOs – are increasingly willing to embrace and embrace the need to embed a pragmatic mindset when it comes to risk and subsequent approaches in their functions. Ultimately, it is a matter of survival, facilitating the growth of consumer trust, operational efficiency and the delivery of business value if implemented effectively and efficiently. Risk mitigation is not just a 2nd line control function seeking to mitigate the risk taking of a 1st line focused on revenue growth – it is a responsibility and a duty of the entire organization to be addressed. In the face of so much rapidly evolving disruption, only companies agile enough to adapt will survive and continue to thrive.

3. Risk should not be seen as something to be minimized. In our experience, many companies make the mistake of viewing risk as inherently separate from innovation and value creation. When risk management is aligned with the achievement of strategic objectives, significant value can be achieved – whether by removing the threat of punitive fines from regulators, innovating with new offerings and processes, building trust consumers and achieving good results for customers, or taking actions that can help the company succeed in new markets. For example, the misuse of data is clearly a major risk for businesses, but when data is captured and used correctly and in accordance, it can be a source of enormous competitive advantage.

Effectively managing risk and building organizational resilience in 2022 is imperative. It’s about integrating “risk management by design”, regardless of the industry or geographic market in which you may operate. If silos can be broken down to help each function understand the risks they are exposed to, including focusing on enterprise-wide risk aggregation, commonalities in operational controls, and developing structures to foster ownership and effective governance, then a true culture of resilience can be embedded in an organization’s DNA to successfully manage the challenges ahead.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR ARTICLES ON: UK company law / commercial law

What is an Employee Share Ownership Trust?

Wrigleys Lawyers

This article briefly summarizes the typical role and responsibilities of the employee ownership trust in hybrid and indirect ownership trust structures…


About Author

Comments are closed.