NEW YORK – According to a new KPMG International survey report, regulatory pressure is consistently one of the biggest threats facing companies across industries, and the number one challenge facing financial services and energy and natural resources companies. Regulatory, namely government pressure to contain spending, was the top risk in health care.
Survey respondents in all industries other than health care say the most threatening risk scenario, defined as issues potentially on the horizon, is the possibility of another global economic crisis or geopolitical instability. But the biggest risk scenario for health care executives is a sharp slowdown in health care spending.
A full seventy percent of c-suite executives, across all industries, say that regulatory changes have caused either substantial or moderate changes in their risk management and reporting processes in the past two years.
- 59 percent of c-suite executives at financial services companies and 53 percent of c-suite energy and natural resources executives identified regulation as their top threat
- 50 percent of health care executives said government pressure to contain spending was their biggest threat
- 49 percent of executives in diversified industrials said an economic slowdown in OECD markets was their biggest risk
- 44 percent of executives in technology media and telecom said a slowdown in demand was their biggest threat.
“We found that risk management is not advancing fast enough at most companies in the face of an array of threats in an increasingly complex global economy,” said Mike Nolan, KPMG International’s Global Leader for Risk Consulting. “But companies can transform these challenges into a competitive advantage. All of their competitors are in the same boat, but very few are going to take advantage of the regulatory onslaught to become more competitive. The companies that do will be in a strong position to turn regulatory risk into an advantage.”
The survey, Expectations of Risk Management Outpacing Capabilities—It’s Time For Action, provides unique insights about the risk-related issues most critical to the c-suite, with nearly half of the more than 1,000 respondents serving as chief executive officers or chief financial officers and the balance including chief information officers, chief risk officers, chief audit executives, general counsel and other key officer and board member positions. The report also includes real-world insights from top executives with risk management responsibility at major companies. Additionally, the report puts a spotlight on several industries including financial services, health care, energy and natural resources, technology/media/telecom and diversified industrials.
When asked to rank the top-three threats facing their industry, 46 percent of overall respondents included regulatory risk in comparison to:
- Reputational (41 percent)
- Credit/market/liquidity (34 percent)
- Supply chain (28 percent)
- Information protection/security/fraud (17 percent)
- Disruptive technology risks (17 percent)
- Data governance and quality (13 percent)
- Legal risk (12 percent)
- IT infrastructure (11 percent)
- Social media (9 percent)
- Natural disasters (9 percent)
- Climate change (7 percent)
According to the KPMG report, in the financial services industry, banks and other financial institutions face a plethora of new regulations, especially in Europe and the United States, where international banks face at least 40 major sets of new regulations that affect everything from how retail customers are treated to the way derivatives are traded. In addition, new global regulations for bank capital and liquidity, known as Basel 3, came into effect in January 2013.
The survey also revealed:
Despite their awareness of the risk environment and devoting more resources to risk management, many companies struggle to communicate their risk program with stakeholders, link risk management with compensation and build an enterprise-wide view of threats.
- 86 percent of survey respondents said risk management is factored into strategic planning decisions
- Two thirds of respondents said they will invest more in risk management as a proportion of corporate revenue in the next three years than they did in the previous three
- Almost half profess difficulties in understanding their enterprise-wide risk exposure
- Less than one fifth have developed a formal risk appetite statement, yet this is an important step in risk management
- Less than half believe their organization is effective at developing stakeholder’s understanding of the risk program
- 43 percent said there was a weak link between risk management and compensation
“While the global financial crisis has created significant challenges for businesses, one positive outcome is boards’ desire for greater understanding of integrated risk management,” said Nolan. “As trusted advisors, handling strategic risk is not about compliance and box-ticking, it is a critical investment companies make that can underpin an organization’s long–term growth, value and sustainability. It’s all about risk optimization and aligning an organizations’ risk appetite with desired returns.”
Within the key areas covered by the survey, KPMG has outlined opportunities for leaders to foster a risk-resilient culture within their organizations, including:
Define, operationalize and articulate risk appetite
With today’s complex and changing risk environment, it is essential that companies clearly define and articulate their appetite for risk. Only then, can they begin to integrate risk management into the overall corporate strategy, making it an essential part of collaborative decision making, discussion, debate and learning.
Improve communication across the enterprise
By clearly defining roles in the three lines of defense (.i.e. business units, risk management and compliance functions, and internal audit) companies can close gaps in managing priority risks and eliminate duplication of efforts. Also, by improving the quality and visibility of risk information through greater sharing, companies can create a seamless flow of information that will benefit all lines. Effective communication with stakeholders will enhance their understanding of the risk program and positively impact value in the minds of the board, investors and regulators.
Develop and reward your people
Technology is an enabler of the convergence of risk and control functions, but human skills are essential if companies are going to manage the complexity of this kind of convergence. The setting of common goals for risk and compliance can only be done with sufficient numbers of people with the right skills. Furthermore, by including risk management as an important attribute for leadership with the ability to manage risk as part of regular performance reviews, companies can reward employees for prudent decision making, not just for aggressively hitting financial targets.
Clearly define Return on Investment
One clear trend in the survey is that companies are spending more to strengthen risk management despite their struggle to estimate its ROI. By understanding the link between risk management and corporate strategy and how identified risks threaten the achievement of business objectives, executives can move risk management from a theoretical exercise to a business tool.