From Risk to Strategy : Embracing the Technology Shift

The role of the risk manager has always been to understand and manage threats to a given business. In theory, this involves a very broad mandate to capture all possible risks, both current and future. In practice, however, some risk managers are assigned to narrower, siloed roles, with tasks that can seem somewhat disconnected from key business objectives.

Amidst a changing risk landscape and increasing availability of technological tools that enable risk managers to do more, there is both a need and an opportunity to move toward that broader risk manager role. This need for change – not only in the risk manager’s role, but also in the broader approach to organizational risk management and technological change – is driven by five factors.

Marsh Ex 1

The rapid pace of change has many C-suite members questioning what will happen to their business models. Research shows that 73 percent of executives predict significant industry disruption in the next three years (up from 26 percent in 2018). In this challenging environment, risk managers have a great opportunity to demonstrate their relevance.

USING NEW TOOLS TO MANAGE RISKS

Emerging technologies present compelling opportunities for the field of risk management. As discussed in our 2017 report, the three levers of data, analytics, and processes allow risk professionals a framework to consider technology initiatives and their potential gains. Emerging tools can support risk managers in delivering a more dynamic, in-depth view of risks in addition to potential cost-savings.

However, this year’s survey shows that across Asia-Pacific, risk managers still feel they are severely lacking knowledge of emerging technologies across the business. Confidence scores were low in all but one category, risk management information systems (RMIS). These scores were only marginally higher for respondents in highly regulated industries (financial services and energy utilities), underscoring the need for further training across all industries.

Marsh Ex 3

When it comes to technology, risk managers should aim for “digital fluency, a level of familiarity that allows them to

  • first determine how technologies can help address different risk areas,
  • and then understand the implications of doing so.

They need not understand the inner workings of various technologies, as their niche should remain aligned with their core expertise: applying risk technical skills, principles, and practices.

CULTIVATING A “DIGITAL-FIRST” MIND-SET

Successful technology adoption does not only present a technical skills challenge. If risk function digitalization is to be effective, risk managers must champion a cultural shift to a “digital-first” mindset across the organization, where all stakeholders develop a habit of thinking about how technology can be used for organizational benefit.

For example, the risk manager of the future will be looking to glean greater insights using increasingly advanced analytics capabilities. To do this, they will need to actively encourage their organization

  • to collect more data,
  • to use their data more effectively,
  • and to conduct more accurate and comprehensive analyses.

Underlying the risk manager’s digitalfirst mind-set will be three supporting mentalities:

1. The first of these is the perception of technology as an opportunity rather than a threat. Some understandable anxiety exists on this topic, since technology vendors often portray technology as a means of eliminating human input and labor. This framing neglects the gains in effectiveness and efficiency that allow risk managers to improve their judgment and decision making, and spend their time on more value-adding activities. In addition, the success of digital risk transformations will depend on the risk professionals who understand the tasks being digitalized; these professionals will need to be brought into the design and implementation process right from the start. After all, as the Japanese saying goes, “it is workers who give wisdom to the machines.” Fortunately, 87 percent of PARIMA surveyed members indicated that automating parts of the risk manager’s job to allow greater efficiency represents an opportunity for the risk function. Furthermore, 63 percent of respondents indicated that this was not merely a small opportunity, but a significant one (Exhibit 6). This positive outlook makes an even stronger statement than findings from an earlier global study in which 72 percent of employees said they see technology as a benefit to their work

2. The second supporting mentality will be a habit of looking for ways in which technology can be used for benefit across the organization, not just within the risk function but also in business processes and client solutions. Concretely, the risk manager can embody this culture by adopting a data-driven approach, whereby they consider:

  • How existing organizational data sources can be better leveraged for risk management
  • How new data sources – both internal and external – can be explored
  • How data accuracy and completeness can be improved

“Risk managers can also benefit from considering outside-the-box use cases, as well as keeping up with the technologies used by competitors,” adds Keith Xia, Chief Risk Officer of OneHealth Healthcare in China.

This is an illustrative rather than comprehensive list, as a data-driven approach – and more broadly, a digital mind-set – is fundamentally about a new way of thinking. If risk managers can grow accustomed to reflecting on technologies’ potential applications, they will be able to pre-emptively spot opportunities, as well as identify and resolve issues such as data gaps.

3. All of this will be complemented by a third mentality: the willingness to accept change, experiment, and learn, such as in testing new data collection and analysis methods. Propelled by cultural transformation and shifting mind-sets, risk managers will need to learn to feel comfortable with – and ultimately be in the driver’s seat for – the trial, error, and adjustment that accompanies digitalization.

MANAGING THE NEW RISKS FROM EMERGING TECHNOLOGIES

The same technological developments and tools that are enabling organizations to transform and advance are also introducing their own set of potential threats.

Our survey shows the PARIMA community is aware of this dynamic, with 96 percent of surveyed members expecting that emerging technologies will introduce some – if not substantial – new risks in the next five years.

The following exhibit gives a further breakdown of views from this 96 percent of respondents, and the perceived sufficiency of their existing frameworks. These risks are evolving in an environment where there are already questions about the relevance and sufficiency of risk identification frameworks. Risk management has become more challenging due to the added complexity from rapid shifts in technology, and individual teams are using risk taxonomies with inconsistent methodologies, which further highlight the challenges that risk managers face in managing their responses to new risk types.

Marsh Ex 9

To assess how new technology in any part of the organization might introduce new risks, consider the following checklist :

HIGH-LEVEL RISK CHECKLIST FOR EMERGING TECHNOLOGY

  1. Does the use of this technology cut across existing risk types (for example, AI risk presents a composite of technology risk, cyber risk, information security risk, and so on depending on the use case and application)? If so, has my organization designated this risk as a new, distinct category of risk with a clear definition and risk appetite?
  2. Is use of this technology aligned to my company’s strategic ambitions and risk appetite ? Are the cost and ease of implementation feasible given my company’s circumstances?
  3. Can this technology’s implications be sufficiently explained and understood within my company (e.g. what systems would rely on it)? Would our use of this technology make sense to a customer?
  4. Is there a clear view of how this technology will be supported and maintained internally, for example, with a digitally fluent workforce and designated second line owner for risks introduced by this technology (e.g. additional cyber risk)?
  5. Has my company considered the business continuity risks associated with this technology malfunctioning?
  6. Am I confident that there are minimal data quality or management risks? Do I have the high quality, large-scale data necessary for advanced analytics? Would customers perceive use of their data as reasonable, and will this data remain private, complete, and safe from cyberattacks?
  7. Am I aware of any potential knock-on effects or reputational risks – for example, through exposure to third (and fourth) parties that may not act in adherence to my values, or through invasive uses of private customer information?
  8. Does my organization understand all implications for accounting, tax, and any other financial reporting obligations?
  9. Are there any additional compliance or regulatory implications of using this technology? Do I need to engage with regulators or seek expert advice?
  10. For financial services companies: Could I explain any algorithms in use to a customer, and would they perceive them to be fair? Am I confident that this technology will not violate sanctions or support crime (for example, fraud, money laundering, terrorism finance)?

SECURING A MORE TECHNOLOGY-CONVERSANT RISK WORKFORCE

As risk managers focus on digitalizing their function, it is important that organizations support this with an equally deliberate approach to their people strategy. This is for two reasons, as Kate Bravery, Global Solutions Leader, Career at Mercer, explains: “First, each technological leap requires an equivalent revolution in talent; and second, talent typically becomes more important following disruption.”

While upskilling the current workforce is a positive step, as addressed before, organizations must also consider a more holistic talent management approach. Risk managers understand this imperative, with survey respondents indicating a strong desire to increase technology expertise in their function within the next five years.

Yet, little progress has been made in adding these skills to the risk function, with a significant gap persisting between aspirations and the reality on the ground. In both 2017 and 2019 surveys, the number of risk managers hoping to recruit technology experts has been at least 4.5 times the number of teams currently possessing those skills.

Marsh Ex 15

EMBEDDING RISK CULTURE THROUGHOUT THE ORGANIZATION

Our survey found that a lack of risk management thinking in other parts of the organization is the biggest barrier the risk function faces in working with other business units. This is a crucial and somewhat alarming finding – but new technologies may be able to help.

Marsh Ex 19

As technology allows for increasingly accurate, relevant, and holistic risk measures, organizations should find it easier to develop risk-based KPIs and incentives that can help employees throughout the business incorporate a risk-aware approach into their daily activities.

From an organizational perspective, a first step would be to describe risk limits and risk tolerance in a language that all stakeholders can relate to, such as potential losses. Organizations can then cascade these firm-wide risk concepts down to operational business units, translating risk language into tangible and relevant incentives that encourages behavior that is consistent with firm values. Research shows that employees in Asia want this linkage, citing a desire to better align their individual goals with business goals.

The question thus becomes how risk processes can be made an easy, intuitive part of employee routines. It is also important to consider KPIs for the risk team itself as a way of encouraging desirable behavior and further embedding a risk-aware culture. Already a majority of surveyed PARIMA members use some form of KPIs in their teams (81 percent), and the fact that reporting performance is the most popular service level measure supports the expectation that PARIMA members actively keep their organization informed.

Marsh Ex 21

At the same time, these survey responses also raise a number of questions. Forty percent of organizations indicate that they measure reporting performance, but far fewer are measuring accuracy (15 percent) or timeliness (16 percent) of risk analytics – which are necessary to achieve improved reporting performance. Moreover, the most-utilized KPIs in this year’s survey tended to be tangible measures around cost, from which it can be difficult to distinguish a mature risk function from a lucky one.

SUPPORTING TRANSFORMATIONAL CHANGE PROGRAMS

Even with a desire from individual risk managers to digitalize and complement organizational intentions, barriers still exist that can leave risk managers using basic tools. In 2017, cost and budgeting concerns were the single, standout barrier to risk function digitalization, chosen by 67 percent of respondents, well clear of second placed human capital concerns at 18 percent. This year’s survey responses were much closer, with a host of ongoing barriers, six of which were cited by more than 40 percent of respondents.

Marsh Ex 22

Implementing the nuts and bolts of digitalization will require a holistic transformation program to address all these barriers. That is not to say that initiatives must necessarily be massive in scale. In fact, well-designed initiatives targeting specific business problems can be a great way to demonstrate success that can then be replicated elsewhere to boost innovation.

Transformational change is inherently difficult, in particular where it spans both technological as well as people dimensions. Many large organizations have generally relied solely on IT teams for their “digital transformation” initiatives. This approach has had limited success, as such teams are usually designed to deliver very specific business functionalities, as opposed to leading change initiatives. If risk managers are to realize the benefits of such transformation, it is incumbent on them to take a more active role in influencing and leading transformation programs.

Click here to access Marsh’s and Parima’s detailed report

How to seize the Open Banking opportunity

What is Open Banking and why does it matter?

The UK has long been recognised as a global leader in banking. The industry plays a critical role domestically, enabling the day-to-day flow of money and management of risk that are essential for individuals and businesses.

It is also the most internationally competitive industry in the UK, providing the greatest trade surplus of any exporting industry. The UK has a mature and sophisticated banking market with leading Banks, FinTechs and Regulators. However, with fundamental technological, demographic, societal and political changes underway, the industry needs to transform itself in order to effectively serve society and remain globally relevant.

The industry faces a number of challenges. These include the fact that banking still suffers from a poor reputation and relatively low levels of trust when compared to other industries. Many of the incumbents are still struggling to modernise their IT platforms and to embrace digital in a way that fundamentally changes the cost base and the way customers are served.

There are also growing service gaps in the industry, with 16m people trapped in the finance advice gap. In the face of these challenges, Open Banking provides an opportunity to

  • open up the banking industry,
  • ignite innovation to tackle some of these issues
  • and radically enhance the public’s interaction and experience with the financial services industry.

A wave of new challenger banks have entered the market with these opportunities at the heart of their propositions. However, increased competition is no longer the only objective of Open Banking.

Open Banking regulation has evolved from the original intent

The UK started introducing an Open Banking Standard in 2016 to make the banking sector work harder for the benefit of consumers. The implementation of the standard was guided by recommendations from the Open Banking Working Group, made up of banks and industry groups and co-chaired by the Open Data Institute and Barclays. It had a focus on how data could be used to “help people to transact, save, borrow, lend and
invest their money”. The standard’s framework sets out how to develop a set of standards, tools, techniques and processes that will stimulate competition and innovation in the country’s financial sector.

While the UK was developing Open Banking, the European Parliament adopted the revised payment services directive (PSD2) to make it easier, faster, and less expensive for customers to pay for goods and services, by promoting innovation (especially by third-party providers). PSD2 acknowledges the rise of payment-related FinTechs and aims to create a level playing field for all payment service providers while ensuring enhanced security and strong customer protection. PSD2 requires all payment account providers across the EU to provide third-party access.

open banking 1

While this does not require an open standard, PSD2 does provide the legal framework within which the Open Banking standard in the UK and future efforts at creating other national Open Banking standards in Europe will have to operate. The common theme within these initiatives is the recognition that individual customers have the right to provide third parties with access to their financial data. This is usually done in the name of

  • increased competition,
  • accelerating technology development of new products and services,
  • reducing fraud
  • and bringing more people into a financially inclusive environment.

Although the initial objectives of the Open Banking standards were to increase competition in banking and increase current account switching, the intent is continuingly evolving with a broader focus on areas including:

  • reduced overdraft fees,
  • improved customer service,
  • greater control of data
  • and increased financial inclusion.

Whilst there is little argument that the UK leads the way in Open Banking, it is by no means doing so alone. Many other countries are looking carefully at the UK experience to understand how a local implementation might benefit from some of the issues experienced during the UK’s preparation and ‘soft launch’ in January 2018. There are many informal networks around the world, which link regulators, FinTechs and banks to facilitate the sharing of information from one market to another. Countries around the world are at various stages of maturity in implementing Open Banking. The UK leads as the only country to have legislated and built a development framework to support the regulations, enabling it to be advanced in bringing new products and services to market as a result. However, a number of other countries are progressing rapidly towards their own development of Open Banking. In a second group sit the EU, Australia and Mexico, which have taken significant steps in legislation and implementation. Canada, Hong Kong, India, Japan, New Zealand, Singapore, and the US are all making progress in preparing their respective markets for Open Banking initiatives.

open banking 2

One danger in any international shift in thinking, such as Open Banking, is that technology overtakes the original intention. The ‘core technology’ here is open APIs and they feature in all the international programmes, even when an explicit ‘Open Banking’ label is not applied. In a post-PSD2 environment, the primary responsibility for security risks will lie with payment service providers. Vulnerability to data security breaches may increase in line with the number of partners interacting via the APIs.

The new EU General Data Protection Regulation (GDPR) requires protecting customer data privacy as well as capturing and evidencing customer consent, with potentially steep penalties for breaches. Payment service providers must therefore ensure that comprehensive security measures are in place to protect the confidentiality and integrity of customers’ security credentials, assets and data.

open banking 3

click here to access pwc’s detailed report

Les besoins verticaux définissent la marche à suivre pour les transformations de produits numériques et les stratégies

Les initiatives de transformation numérique se déroulent différemment selon les secteurs verticaux et les entreprises, en fonction des besoins métiers en jeu. Lorsque les entreprises subissent des transformations numériques, elles se concentrent souvent sur

  • les processus informatiques,
  • les ventes et le marketing

avant le développement des produits. Cependant, ce rapport expliquera aux DSI et aux directeurs de la technologie comment les entreprises de différents secteurs verticaux utilisent l’organisation produits comme catalyseur de leur transformation numérique, et comment cette décision améliore leurs relations avec les clients.

Principales conclusions

Les sociétés de produits physiques se concentrent sur l’IoT

Pour les organisations produits physiques, l’étape évidente vers une entreprise numérique consiste souvent à connecter des produits et des actifs. Il s’agit d’une tâche complexe qui nécessite

  • une infrastructure technologique intégrée,
  • une grande compétence dans la connectivité et l’Internet des objets (IoT),
  • ainsi qu’une logique claire sur la façon dont les produits connectés répondront aux besoins de leurs clients.

Les sociétés de services construisent des plates-formes numériques orientées client

Les entreprises du secteur des services basculeront vers le commerce numérique grâce à des plateformes numériques axées sur la clientèle. Ces projets doivent être

  • faciles à utiliser,
  • évolutifs
  • et intégrés aux partenaires de l’écosystème

afin de créer de la valeur pour les clients.

Diapositive1

Cliquez ici pour accéder à l’analyse détaillée de Forrester

Organizing and Orchestrating Digital Transformation

Organizing for a Digital World

What makes the shift to more robust digital offerings, channels and operations so tricky is the stress it puts on old-line companies’ operating models. Many new activities and capabilities—ranging from advanced analytics and rapid prototyping to cybersecurity and external partnership management—will need to be developed and located somewhere in the organization.

  • Who takes ownership for these activities
  • Who decides investment levels for each
  • And how they will work

are all major operating model questions.

In addressing these choices, companies usually start to realize that their legacy processes don’t move fast enough to keep up with changing customer demands and behavior, which are shaped by digital interactions in other parts of their lives. Decision speed also may be too slow, because it’s tied to budget cycles. Companies may find digital innovations hard to scale up beyond small projects. And certain kinds of digital talent have become very tough to source and hire. As a result, digital transformations are significantly harder to pull off than conventional change programs. Bain & Company recently surveyed 1,000 companies around the world to gauge their level of digital readiness. After comparing financial results for five categories of companies based on their degree of digital sophistication, we found that revenues for the digital leaders grew 14% over the past three years, more than doubling the performance of the digital laggards in their industries. Profitability followed a similar pattern. Yet while the payoff from digital transformation can be impressively high, the success rate is regrettably low. In our survey, just 5% of those companies involved in digital transformation efforts reported that they had achieved or exceeded the expectations they had set for themselves (versus a success rate of 12% for conventional transformations found in an earlier survey). A full 71% of these companies settled for dilution of value and mediocre performance.

Leading companies realize that making the transition to digital 2.0 or 3.0 requires systematically examining and adjusting each element of their operating model— the blueprint for how resources are organized and operated to get critical work done. The operating model encompasses decisions around the shape and size of the business, where to draw the boundaries for each line of business and function, how people work together within and across these boundaries, how the corporate center will add value to the business units, and what norms and behaviors should be encouraged. It entails choices in five areas:

  • Structure involves drawing appropriate boundaries for lines of business and functions, and defining centers of expertise and other coordinating units.
  • Accountabilities describe the roles and responsibilities of the main organizational entities, including ownership for profit and loss statements and a clear, value-adding role for the corporate center.
  • Governance refers to executive forums and management processes that yield high-quality decisions on strategic priorities, as well as budgets and incentives to align behavior.
  • Capabilities refer to how the company combines people, process and technology in a repeatable way to deliver desired outcomes.
  • Ways of working describe the expected cultural norms for how people collaborate, especially across the boundaries between functions or teams.

Executives should consider how each area will change in turn as the organization’s digital intensity rises.

Bain DigOrg

Click here to access BAIN_BRIEF_Organizing_for_a_Digital_World

 

Orchestrating a Successful Digital Transformation

Among the five categories of companies in the research, the most advanced digitally achieved the best balance between the inner and outer games. Those just embarking on digital transformations typically start from a set of isolated initiatives targeting their most acute pain points (the outer game), but they struggle to translate these prototypes into products and capabilities that can have a meaningful impact on the company’s economics. More advanced businesses do a good job of clustering digital initiatives around a common strategic ambition and start to focus on improving select enabling capabilities, particularly IT. But these initiatives also tend to plateau somewhere short of broad organizational impact or end up creating “two-speed” organizations that are responsive in limited respects but still held back by legacy systems.

The true digital leaders pull away from the competition by linking a bold strategic ambition to the specific inner game capabilities and behaviors that they will need to achieve it. First they translate their strategy into a clear set of digital initiatives that point the organization toward a clear vision of full potential. Then they invest heavily in the fundamental changes to their ways of working and culture that allow them to develop those initiatives rapidly and execute them at scale.

Bain DigOrchestration

Click here to access BAIN_BRIEF_Orchestrating_a_Successful_Digital_Transformation

 

Moving from best to better and better – Business practice redesign is an untapped opportunity

Under mounting performance pressure, many corporate leaders are looking to business process reengineering to improve performance, and in many ways that makes sense after all, processes give shape to an organization and are often useful for coordinating routine flows across large organizations. The routine work of a company should be done as efficiently as possible, which increasingly means incorporating automation.

But organizations may be missing a much greater opportunity to improve performance.

Here’s the thing: Much of the work of many organizations today—at least the work that typically offers the potential for differentiation—is no longer routine or even predictable. When conditions and requirements shift constantly, processes fail. While process optimization can still certainly help

  • reduce costs
  • and streamline operations,

leaders should consider a different kind of organizational rethinking for significant performance improvement. And in an environment of accelerating technological advances and rapid and unpredictable change, constant performance improvement is a must. Competition can come from anywhere—doing well relative to the competitors on your radar isn’t enough. Many barriers to competition are falling, and many boundaries, between industries and between markets, are blurring.

  • Consumers have more access to information and alternatives than ever, along with a coincident increase in expectations.
  • Workers have more access to information and alternatives—and increased expectations.

At the same time, many employees, in all kinds of environments, face increasing pressure to reach higher levels of individual performance. The useful life of many skills is in decline, creating a constant pressure to learn fast and reskill.

Many companies have struggled to effectively respond to these pressures since long before the Internet of Things and cognitive technologies added new layers of complexity. The average return on assets for US companies has declined for the past several decades, and companies find themselves displaced from market leadership positions more often than they used to. While the price-performance improvement in the digital infrastructure has increased exponentially, most companies are still capturing only a small fraction of the value that ought to be available through the technologies built on this infrastructure. Existing approaches to performance improvement appear to be falling short.

It begs the question: In a world of digital transformation and constant change, what does performance improvement mean? Many companies suffer from at least one of three broad problems that can misdirect their focus:

  1. Thinking of performance improvement too modestly. Leaders often think of performance advances as discrete, one-time jumps from A to B, or even a series of jumps to C and D. The initiatives that typically generate these bumps are similarly construed as pre-defined, one-time changes rather than as unbounded efforts that have the potential to generate more and more improvement. As we discuss in more detail, not only do most companies need to continually improve their performance— those that don’t start accelerating may fall further and further behind and become increasingly marginalized. Accelerating improvement, then, should be a goal of operations, not just one-off initiatives.
  2. Thinking of performance improvement too narrowly, focused only on costs. Process dominated much of performance improvement efforts for the past several decades, focusing largely on the denominator of the financial ratio of revenues to costs. But costs can be cut only so far, and technology-based process efficiencies can be quickly competed away, especially at a time when the changing environment and shifting customer expectations are making many standardized processes quickly obsolete. Further reductions can become harder to achieve and have less impact. The relevant performance might be more about an organization’s ability to create significant new value. Workers across an organization regularly encounter new needs, new tools for meeting needs, and opportunities to identify new ways of delivering more value and impact in multiple dimensions, including helping other parts of the organization generate more value. The potential for value creation isn’t confined to certain roles or functions, and is bounded primarily by an organization’s ability to create new knowledge and creatively address new problems. Focusing on new value creation may be the key to getting on a trajectory of accelerating performance improvement. Doing so would require an organization to move beyond efficiency and standardization and begin focusing on cultivating the behaviors—such as experimentation and reflection to make sense of what has been learned—associated with new value creation.
  3. Thinking of performance improvement at the wrong level. Most organizations manage performance where they measure it—which is to say where they have data: broadly, for the department and organization, and narrowly, for the individual. Both levels can miss where work, especially value-creating work, increasingly gets done: in groups. As a result, organizations can miss the opportunity to shape how work actually gets done. Focusing on performance where it matters most to the organization’s work might be a key to having a significant impact on the performance that matters.

The imperative to act seems simple: Today’s environment seems to offer no reprieve, no stabilization that gives us a chance to catch our breath and say, “OK, now we’ve got it figured out.” The methods and processes that led organizations to great success in the past seem to no longer be working. For sustained performance improvement, companies may need to change their focus and look in new directions.

Deloitte 1

Deloitte 2

Deloitte 3

Click here to access Deloitte’s detailed study

The Global Risks Report 2018

Last year’s Global Risks Report was published at a time of heightened global uncertainty and strengthening popular discontent with the existing political and economic order. The report called for “fundamental reforms to market capitalism” and a rebuilding of solidarity within and between countries.

One year on, a global economic recovery is under way, offering new opportunities for progress that should not be squandered: the urgency of facing up to systemic challenges has, if anything, intensified amid proliferating indications of uncertainty, instability and fragility. Humanity has become remarkably adept at understanding how to mitigate conventional risks that can be relatively easily isolated and managed with standard riskmanagement approaches. But we are much less competent when it comes to dealing with complex risks in the interconnected systems that underpin our world, such as organizations, economies, societies and the environment. There are signs of strain in many of these systems: our accelerating pace of change is testing the absorptive capacities of institutions, communities and individuals. When risk cascades through a complex system, the danger is not of incremental damage but of “runaway collapse” or an abrupt transition to a new, suboptimal status quo.

In our annual Global Risks Perception Survey, environmental risks have grown in prominence in recent years. This trend has continued this year, with all five risks in the environmental category being ranked higher than average for both likelihood and impact over a 10-year horizon. This follows a year characterized by high-impact hurricanes, extreme temperatures and the first rise in CO2 emissions for four years. We have been pushing our planet to the brink and the damage is becoming increasingly clear. Biodiversity is being lost at mass-extinction rates, agricultural systems are under strain and pollution of the air and sea has become an increasingly pressing threat to human health. A trend towards nation-state unilateralism may make it more difficult to sustain the long-term, multilateral responses that are required to counter global warming and the degradation of the global environment.

Cybersecurity risks are also growing, both in their prevalence and in their disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace. The financial impact of cybersecurity breaches is rising, and some of the largest costs in 2017 related to ransomware attacks, which accounted for 64% of all malicious emails. Notable examples included the WannaCry attack—which affected 300,000 computers across 150 countries—and NotPetya, which caused quarterly losses of US$300 million for a number of affected businesses. Another growing trend is the use of cyberattacks to target critical infrastructure and strategic industrial sectors, raising fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning.

Headline economic indicators suggest the world is finally getting back on track after the global crisis that erupted 10 years ago, but this upbeat picture masks continuing underlying concerns. The global economy faces a mix of long-standing vulnerabilities and newer threats that have emerged or evolved in the years since the crisis. The familiar risks include potentially unsustainable asset prices, with the world now eight years into a bull run; elevated indebtedness, particularly in China; and continuing strains in the global financial system. Among the newer challenges are limited policy firepower in the event of a new crisis; disruptions caused by intensifying patterns of automation and digitalization; and a build-up of mercantilist and protectionist pressures against a backdrop of rising nationalist and populist politics.

The world has moved into a new and unsettling geopolitical phase. Multilateral rules-based approaches have been fraying. Re-establishing the state as the primary locus of power and legitimacy has become an increasingly attractive strategy for many countries, but one that leaves many smaller states squeezed as the geopolitical sands shift. There is currently no sign that norms and institutions exist towards which the world’s major powers might converge. This creates new risks and uncertainties: rising military tensions, economic and commercial disruptions, and destabilizing feedback loops between changing global conditions and countries’ domestic political conditions. International relations now play out in increasingly diverse ways. Beyond conventional military buildups, these include new cyber sources of hard and soft power, reconfigured trade and investment links, proxy conflicts, changing alliance dynamics, and potential flashpoints related to the global commons. Assessing and mitigating risks across all these theatres of potential conflict will require careful horizon scanning and crisis anticipation by both state and nonstate actors.

This year’s Global Risks Report introduces three new series:

  1. Future Shocks,
  2. Hindsight,
  3. Risk Reassessment.

Our aim is to broaden the report’s analytical reach: each of these elements provides a new lens through which to view the increasingly complex world of global risks.

Future Shocks is a warning against complacency and a reminder that risks can crystallize with disorientating speed. In a world of complex and interconnected systems, feedback loops, threshold effects and cascading disruptions can lead to sudden and dramatic breakdowns. We present 10 such potential breakdowns—from democratic collapses to spiralling cyber conflicts—not as predictions, but as food for thought: what are the shocks that could fundamentally upend your world?

In Hindsight we look back at risks we have analysed in previous editions of the Global Risks Report, tracing the evolution of the risks themselves and the global responses to them. Revisiting our past reports in this way allows us to gauge risk-mitigation efforts and highlight lingering risks that might warrant increased attention. This year we focus on antimicrobial resistance, youth unemployment, and “digital wildfires”, which is how we referred in 2013 to phenomena that bear a close resemblance to what is now known as “fake news”.

In Risk Reassessment, selected risk experts share their insights about the implications for decisionmakers in businesses, governments and civil society of developments in our understanding of risk. In this year’s report, Roland Kupers writes about fostering resilience in complex systems, while Michele Wucker calls for organizations to pay more attention to cognitive bias in their risk management processes.

GRR2018 1

GRR2018 2

Click here to access WEF – Marsh’s detailed Global Risk Report 2018

Digital Strategy and Transformation

Digital Strategy for a B2B World

It’s easy to see why so many view companies like Uber, Amazon and Google as the business models of the future. They’ve redefined their industries. They’ve rewired the customer experience. They’re not afraid to fail fast, learn from mistakes and make the changes necessary to stay well ahead of the market.

None of this is news to leaders of industrial and other business-to-business (B2B) companies. But these executives also know full well that what works in the consumer realm doesn’t always translate in a B2B context. Failing fast? That’s problematic in industries such as chemical processing or offshore drilling, where the smallest mistake can trigger epic disaster. Moving quickly? We’ll get back to you when our channel partners get back to us.

Redefining the industry? Easier said than done in a business like aviation, where many stakeholders operate in a complex, interdependent ecosystem. The truth is B2B is different than business-to-consumer (B2C) when it comes to digital strategy, and it requires a different approach. There are many lessons to be learned from digital innovators like Amazon, and the opportunities are very real. But simple comparisons to what works for these digital standouts aren’t always useful in an industrial setting and often come off as naive or impractical, feeding the notion that digital is more hype than reality. This gets in the way of deciding how digital can, in fact, transform important parts of a business and makes it hard to create alignment around the right path forward.

Digital Destination

Click here to access BAIN_BRIEF-Digital_Strategy_for_a_B2B_World

Digitalization in Insurance: The Multibillion Dollar Opportunity

The business of property and casualty insurance— assessing risk, collecting premiums and paying claims— hasn’t changed much since 1861, when a group of underwriters sold the first policies to protect London homeowners against losses from fire. Recently, though, the insurance industry has embarked on a radical transformation, one spurred by a series of digital innovations whose widespread adoption is just a few years away. Bain & Company and Google have identified seven key technologies—namely,

  • infrastructure and productivity,
  • online sales technologies,
  • advanced analytics,
  • machine learning,
  • the Internet of Things,
  • distributed ledger
  • and virtual reality

—that have already begun to disrupt the industry and whose impact will accelerate in the next three to five years. These new technologies are likely to be a boon for consumers, bringing more choice, better service and lower prices.

For those insurers ready to seize the initiative, digitalization presents an immense opportunity. The companies that stand to benefit the most are those that use the impetus of digitalization to rethink all their operations, from underwriting to customer service to claims management. The impact on both revenues and costs can be enormous. An analysis by Bain and Google shows that a prototypical P&C insurer in Germany that implemented these technologies could increase its revenues by up to 28% within five years, reduce claims payouts by as much 19% and cut policy administration costs by as much as 72%.

These pioneers in digital technology can gain an edge over their rivals by becoming more effective and efficient. They’ll be able to trim costs and pass on those savings to their customers, thereby winning new business and gaining market share. The digital laggards, by contrast, will find themselves fighting an intensified price war and scrambling to protect their competitive positions.

Digital P&C

Click here to access BAIN_BRIEF_Digitalization_in_Insurance

Six IT Design Rules for Digital Transformation

Superior performance in the digital age calls for an adaptable technology infrastructure that manages the complexities of a multicloud environment, embedded security and compliance policies, and deep business alignment. Best-in-class IT operations and the software vendors that support them are adopting a playbook based on six core rules for IT design.

  1. Break boundaries across IT stacks. Given that companies are unlikely to achieve complete migration to the public cloud anytime soon, CIOs need monitoring, discovery and confi guration tools that function in hybrid, multicloud environments as well as up and down the stack, from legacy systems to consumer-facing apps.
  2. Embrace DevOps. As firms increase the cadence of their digital offerings, they have no choice but to integrate software development and IT operations. Already, as many as 60% of enterprises are using or planning to use a DevOps approach to building and installing software, according to a survey by Gartner. Modern IT organizations require software that works across the production chain and that’s designed for rapid testing and validation.
  3. Be open. No modern solution can be an island. As designers produce focused, best-in-class solutions instead of massive monolithic systems, openness becomes critical. Companies need modular, opensource and application-program-interface–friendly software that is designed for easy extensibility and integration with other apps. CIOs expect to be able to combine the capabilities of their disparate systems to serve new needs.
  4. Incorporate policy engines. Cost pressures have driven CIOs to seek to automate their IT operations. They want to escape the massive manual efforts that they currently rely on to monitor policies, including compliance, data governance and security rules. They need solutions that have builtin logic to identify and remediate against rules in order to enable policy management across a hybrid infrastructure.
  5. Induce insights. As digital apps proliferate, companies are becoming fl ooded with an abundance of data—some of it useful, some of it not. CIOs need analytical tools that use techniques such as machine learning to glean insights from disparate sources.
  6. Insist on user-friendly experiences and tools. In a complex world, IT professionals are demanding intuitive, easy-to-use software. They are no longer satisfied with hard-to-master, second-rate applications; they want a consumer-level user experience. They need solutions that are software-as-a-service (SaaS) capable, simple to install and have immediate, out-of-the-box functionality.

IT Transformation

Click here to access BAIN_BRIEF_Six_IT_Design_Rules_for_Digital_Transformation