Can new regulations help you rebalance risk and reward scales?

(Source – Shutterstock)

Authors: Richard Watson, EY’s Global and Asia-Pacific Cybersecurity Consulting Leader and Chee Kong Wong, EY’s Asia-Pacific Risk Management Consulting Leader

  • A host of forces – technology, competition, regulation and globalization – are driving immense and rapid changes in the business landscape.
  • In response, regulators are tightening their compliance requirements and businesses are being exposed in new and challenging ways.

Business leaders have always faced uncertainty and change. But today’s global supply chains and communication channels are more interconnected than at any time in human history. Our geopolitics, our cross-border relations and our competitive dynamics are more complex. And technological disruption is driving change at an astronomical rate.

Governments are tightening their regulations in response to a rapidly changing world. China’s trilogy of cybersecurity, data protection and privacy laws – which came into full effect in September 2021 – may have grabbed the headlines and caused the biggest headaches among law enforcement officials. information security. But Singapore’s Cybersecurity Act, in force since 2018, and proposed updates to Australia’s laws protecting the security of critical infrastructure cover additional obligations.

It’s no surprise, then, that almost half (49%) of Asia-Pacific CISO leaders surveyed in the 2021 EY Global Information Security Survey say compliance can be the most stressful part of their job. More than half (57%) expect compliance to become more time-consuming and, in some cases, chaotic in the coming years.

Technology is transforming regulation, but other compliance requirements have been triggered by the COVID-19 pandemic. According to the EY Workplace Reimagined Employer Survey 2021, 82% of employers in Asia-Pacific say that adhering to new safety protocols to support the return to work will require “moderate to significant change”.

Then there is environmental, social and governance (ESG) compliance. Three little letters capture everything from climate change to modern slavery to social value transforming the way businesses operate.

How are boards and business leaders coming together to build operational resilience now and better prepare for future risks? How are companies rebalancing the scales of risk and reward?

Leverage technology and talent

Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader

Perhaps the simplest solution is to hire more people. But that’s not a sustainable strategy when the regulatory burden continues to grow at an exponential rate. The smart solution is to bring in skills and leverage technology to ensure process compliance.

Leaders ahead of the curve are already implementing next-gen technology to help them protect the safety, security, and privacy of their stakeholders — and, ultimately, their businesses. Because the consequences of non-compliance can be serious. Organizations risk hefty fines, criminal prosecution and, in the event of major non-compliance, closure of the business.

EY teams are working with clients across the region to apply artificial intelligence and machine learning to the compliance challenge. A critical infrastructure company in Australia turned to EY teams to help analyze the regulatory environment and map compliance and controls. EY teams identified gaps and introduced improvements in key controls across all types of security, from cyber to physical to supply chain. With the help of EY teams, a new security plan addresses the utility’s biggest risks – breakdowns, fines and reputational damage – and uncovered new rising risks and sources of income.

Something that may seem too difficult at first sight can, with good risk management skills and procedures in place, become a new business model. Just ask the airlines that have entered the financial services space with credit card offers, the electric car companies that have expanded into energy storage, or the ride-hailing apps that are turning to delivery services. of food.

A telescope on transformation

risk

Chee Kong Wong, Head of Risk Consulting for EY Asia Pacific

Many Asia-Pacific leaders have their eyes open and firmly fixed on the horizon. 52% of Asia-Pacific senior executives surveyed in the EY Global Board Risk Survey 2021 expect business model disruption to impact their businesses in the coming year , compared to only 32% of those located in the EMEIA region and 29% of those in the Americas.

Asia-Pacific boards worry about a wider variety of risk categories than their global counterparts – yet fewer see the importance of improving risk management. While 82% of boards in EMEIA and 87% in the Americas say improving risk management is key to protecting and creating value over the next five years, that percentage drops to 66% for Asia-Pacific.

Are Asia-Pacific companies already well prepared? Or are they underestimating the extent of the changing risk landscape?

Integrated and automated risk management platforms, although existing for more than a decade in other jurisdictions, are only now being deployed in Asia Pacific. Part of that is scale – a large organization in Asia Pacific can be a small organization by global standards. But part of it is also the state of mind. Many businesses in the region still view risk management as an overhead or a tax on doing business.

This mindset can be changed by shifting risk management from a centralized responsibility of the chief risk officer to a model that promotes the concept that “everyone” is involved in risk management. When risks are complex and interconnected, managing those risks should be on the KPIs and on everyone’s to-do list.

The transformation of the risk function depends on technology. It is simply not possible to decentralize risk management without an integrated platform that creates synergies, improves the agility of risk management functions and processes, and assigns clear ownership and responsibilities. But with the right tools and tactics, risk management can be transformed from a back-office obstacle into a strategic business opportunity.

A complex ecosystem of cross-border regulation and compliance can at first glance seem time-consuming and stressful to manage. But if armed with the right talent and technology, it can help business leaders identify sustainable, long-term value transformation opportunities to stay ahead.

The opinions expressed in this article are those of the author, and not of Ernst & Young and Tech Wire Asia. This article provides general information, does not constitute advice and should not be relied upon as such. Professional advice should be sought before any action is taken on the basis of any information. Liability limited by an approved scheme under professional standards legislation.




About Dianne Stinson

Check Also

The development of cyber warfare in the United States – part 6

Organic Air Force teams, cutting-edge Silicon Valley startups, or large traditional defense contractors are not …