In a rapidly evolving financial landscape, organisations are having to operate within ever tighter regulatory frameworks where the consequences of non-compliance are increasingly painful. Fines, litigation and withdrawal of licenses, as well as significant commercial and reputational damage from which it can be hard to recover all await the unwary.
Given these downsides, compliance teams and risk managers have been turned from back-office players into front of house heroes responsible for protecting and defending their organisation’s very existence. It is their responsibility to identify existing and emerging risk event triggers that makes them an increasingly vital component of the business machine.
While there are many potential risk triggers, any effective risk management strategy must give close consideration to the following seven.
1 - Inadequate internal processes that lead to non-compliance
With economic and regulatory landscapes changing so quickly, every organisation has to continually develop its compliance procedures. These must include robust and in-depth assessment processes that factor in ever greater global economic and regulatory convergence.
Complex regulatory requirements must also then be translated into simple, action-focused language that minimises scope for error or confusion.
Unfortunately, four in ten companies still aren’t putting an annual compliance risk assessment in their diaries, which means they can’t properly mitigate risk because they don’t know it’s there. In which case how can you properly identify, prioritise and assign accountability that’s needed at every level?
2 - Discontinuity in the supply of essential goods or services
The inadequacy of internal practices, over which an organisation does have control, will make it more difficult to manage external risk triggers, over which it has potentially much less control. Globalisation, for instance, has created a myriad of complex supply chains each of which could be disrupted at any point by conflict, sanctions and tariffs or the failure of a previously unrecognised key supplier. It is often problems with a single sub-contractor that bring down a whole project, rather than the collapse of a ‘big beast’ in the supply chain.
When things go wrong, customers and clients blame the organisation they can see in front them, not the suppliers that sit behind it. This kind of reputational risk cannot be outsourced.
So, accurately identifying where such threats might lie requires compliance teams to take an evidence-based approach to identifying vulnerabilities in a timely and consistent fashion.
3 - Financial failure of key players
With over 300,000 business failures a year in the UK, it is imperative that businesses are aware of the financial state of those they deal with. That’s not possible if you monitor just one or two Financial metrics. In fact, doing so can mislead you into thinking that all is well when it’s not. If you want a much clearer picture, you need to track a range of performance indicators and financial ratios then benchmark these against industry averages.
One of these metrics should certainly be ‘current ratio’ as this reflects a company’s ability to generate sufficient cash to meet all its debts when they fall due. A current ratio of between 1.5 and 3 is considered healthy. However, in nearly 300,000 UK companies that figures falls to between just 0.1 and 0.5. If you are to understand the risk that these companies pose to your business, you need up-to-date and relevant data.
4 - Excessive credit risk exposure
Whenever credit is offered there is the potential for non-payment. That means it is crucial to understand the counter-party’s credit risk status before entering into any contract. A rising credit risk, for instance, could indicate that a company’s financial health is less than robust. So, if you deal with some of the 162,325 UK companies currently with a high credit risk rating (source: DueDil 2019), it’s something to look out for.
5 - Avoidable cost increases
Controlling the cost of raw materials and services is important for any organisation, but especially so for those operating in highly competitive industries where margins are tight. Conflict, sanctions and world events can have an immediate and consequent impact on commodity prices, for instance. Effective risk management teams will have ‘thought beyond the obvious’ and already factored into their calculations such events as far as possible. However, that’s something they can only do consistently if they have access to timely political, economic, financial, social and environmental information. Without that, managing risk could largely be down to guesswork or luck.
6 - Legal non-compliance and regulatory lapse
Failure to comply with regulatory obligations is something from which many businesses never recover. Organisations can be especially vulnerable to non-compliance when new legislation is introduced, the residual risk remaining until their internal processes - see Risk Trigger 1 - adapt to the new regime. There is also a need, particularly at times of change, to monitor suppliers who perform a regulated activity to ensure they have all the correct permissions necessary from, for instance, the FCA, If they don’t - and currently, there are well over 7,000 companies in the UK who have had their FCA status suspended, revoked or cancelled - they may not be able to fulfil their legal obligations. That could have a knock-on effect on your organisation. If they are to avoid issues particularly during this period, compliance teams and risk managers need the tools to make the best decisions in what could be worse case scenarios.
7 - Non-transparent company structures
Complex overseas ownership structures that obscure the true identity of the ultimate beneficial owners (UBO) are potential compliance blind spots for regulated companies. There are over 5,600 companies in the UK, for example, that have a parent company located in the Bahamas, British Virgin Islands or Panama (source: DueDil 2019), all countries where it is difficult to identify UBOs. Doing business with any one of them might complicate standard on-boarding processes or require a review by the company’s compliance and ethics committee.
Whatever the risk event trigger, one thing always stays true of all risk - you will not be able to avoid or mitigate the risk if you don’t know it exists. In other words, risk cannot be managed without being measured. This is something that can only be done when you possess the data and tools to see beyond the horizon. Since predicting the future is dependent upon having good information, organisations need to make sure they are optimising the use of the data they have through predictive data analytics and advanced statistical methods.
As risk changes over time, mechanisms are also required for accessing information from a wide range of sources and then using this to continually update the risk management process.
From initial customer on-boarding through to developing long-term relationships with your key suppliers, effective risk monitoring and management is not possible without access to the right information.
Only then will you be able to create a ‘knowledge baseline’ that enables you to proactively identify, assess and deal with risk triggers, rather than being a helpless bystander who is hit by them.
For more information about managing risk, or to find out how we generated the insights in this article using DueDil, please get in touch.