The landscape for managing risk has changed. Following the 2008 financial crisis, people no longer have the same amount of trust in companies
Being perceived as trustworthy has become a priority for companies. Risk management is one of the most important functions of a board of directors. Boards are generally aware that the risk-management landscape has changed and they expect management to evaluate that risk differently.
Companies need systematic processes in place to identify and manage risk, especially in the face of increasing oversight and regulators seeking to rebuild credibility by using higher-profile enforcement activity. Regulators’ expectations of compliance programmes have changed dramatically in recent years and they are continuing to evolve.
The operating environment for companies has also changed. New technologies bring additional cyber-security risks. Social media has increased this risk exposure and local issues can rapidly become global. A company’s brand and reputation has, in the eyes of stakeholders, become symptomatic of how that company manages its risk.
Companies also need to consider their ethical obligations while complying with their legal obligations. Legislation dictates the minimum standards required of a company, whereas ethics is something that should be applied by all companies, even if they are not legally compelled to do so.
Companies need to find their “sweet spot” by considering their culture, values and conduct in order to determine what is reasonable, while balancing the need to remain profitable.
Increasingly, environmental, social and governance (ESG) awareness is becoming more relevant than the letter of the law.
Environmental issues would include: climate change; greenhouse gases; resource depreciation (including water); waste and pollution; and deforestation.
The social issues include: working conditions (including slavery and child labour); local communities (including indigenous communities); conflict; health and safety; and employee relations and diversity.
Governance issues include: executive pay; bribery and corruption; political lobbying and donations; forward diversity and structure; and tax strategy.
A supply chain is only as strong as its weakest link. A company must consider cyber security and data and privacy protection; ESG and sustainability; increasing regulation and regulatory scrutiny; and incident response and crisis management.
Risk management of the supply chain and logistics requires careful consideration of the company’s role in the supply chain and the exposure to various risks. Proper risk management involves considering the risks the other role players in the supply chain may encounter. These role players include the seller, buyer, logistics service provider, bank financing institution and underwriter.
Companies then need to understand the legal parameters of the various risks. These would include the contract of sale, the logistics contract, the banking or financing instrument and the relevant insurance policy. Within these legal instruments, the factors that give rise to risk must be identified.
Consider the nature of the cargo concerned, the types of carriage, the geography over which carriage will take place, the various international regimes and local laws, costs, cyber risks and new technology.
Cyber security as an integral part of a company’s risk-management system, and the impact of new technologies on supply chains creates fertile ground for new technology such as smart contracts, block chain and autonomous vessels.
These new technologies and their impact on cyber risk will be discussed separately in a series of upcoming articles.