Replacing a Broken Model
In this hyper-connected, globalized world, the traditional risk management model—in which risk is assessed on an annual basis and interaction with an insurance broker is typically limited to claims filing and policy renewal—is outdated. In practice, this operating approach limits the field of vision for many risk practitioners and endangers the very firms it was meant to protect.
These dangers are not theoretical. Take the example of Knight Capital: over the course of 45 minutes on Aug. 1, 2012, the company was brought to its knees by an untested, “rogue” algorithm it developed for its high-frequency trading platform. This resulted in $440 million in losses as the company was forced to back out of billions of dollars of unwanted trading positions. Surely, one of the largest equity traders in the United States would have a best-in-class risk management program that would abate these problems. And yet, Knight Capital’s very survival was in question as it was forced, cap in hand, to seek liquidity to cover its losses and stay afloat.
The proliferation of algorithms and blinding processing power across numerous sectors is supplanting common managerial sense as firms grapple to keep pace with competition and markets. The result is a new category of information risk—which, as evidenced by an almost-constant stream of hacking incidents—is among the fastest-growing perils causing incalculable financial and reputational damage. Meanwhile, the traditional 12-month business cycle lulls risk managers into a false sense of security.
So what might replace the traditional approach to risk management? Incident and experienced-based loss triangulation works well to predict expected losses, but it is a containment strategy at best. A single miscalculation can cripple or kill an organization over time.
Consider Apple’s predicament. Competitors are now crowding once-empty product categories, forcing Apple to engage in lengthy IP infringement battles, while contending with a strained supply chain unable to meet customer demand. Stock prices have dropped and a once-devoted fanbase is increasingly flirting with competing brands. As sage investors advise, companies cannot be decoupled from countries, and Apple’s fate seems to be perilously intertwined with Foxconn’s in China.
Properly evaluating the risk of expanding operations into emerging markets may have allowed Apple to avoid product shortages and highlighted the need to diversify their supply chain. When the company was unable to provide enough products to meet customer demand due to last year’s Foxconn labor strikes, it saw sales siphoned off by competitors offering similar products. Accounting for disruptions in supply chains and conducting pre-investment due diligence are pivotal to ensuring a company’s viability, especially when expanding operations into emerging markets. As this can often fall outside a company’s scope of practice, engaging an insurance broker or other qualified risk management firm is advisable.
As corporations continue to seek profits in emerging markets, so too must risk managers elevate their field of vision to properly account for the threats ahead. Performing routine risk management audits will help firms become more nimble and react faster to an ever-changing and dynamic risk landscape.
While risk managers must accept the inherent volatility of risk, few programs properly address this high degree of variability. Most of the mitigating factors organizations employ are managed by static agreements to transfer risks to third parties in cases where they are not absorbed or retained. This set of static tools, policies and procedures are dusted off during times of crisis to determine precisely how they will respond in the face of a new normal. While there is no substitute for managerial decision-making and company resilience in these cases, creating an adaptive risk management system that encompasses pre-investment due diligence and ongoing risk management audits will ensure that firms are not caught off guard.