Today, financial organisations are operating in highly dynamic business environments and are continually faced with disruptions that are both high-impact and frequent. These disruptions can come from many different angles and the challenges presented by
them have significantly increased the non-financial risk to businesses.
The financial losses and fines from non-financial risk incidents are large, visible, and immediate and are consequently reported more frequently to the public. Customers and markets are especially sensitive to non-financial risk events and this leads to
the much larger impact of long-term erosion of shareholder value.
A study by McKinsey & Company that sampled more than 350 operational risk incidents at financial institutions in the US and Europe found that the initial declines in total shareholders returns echoed the actual fines of $23 billion. However, over the next
120 days, the total returns to shareholders surveyed declined by a staggering $278 billion, which was more than 12 times the original fine and loss of $23 billion.
Clearly, non-financial risk incidents have a vast influence on shareholder value, so how does an organisation ensure their risk programme works to prevent a regulatory wrongdoing, but also to keep their shares in the green?
A proactive response strategy
A proactive response strategy is required to help curb the loss of shareholder value. This involves a deeper understanding of the impact of risk events, coupled with faster communication to customers and markets, to help slow down and decrease the erosion
of shareholder value. Organisations with a proactive response to immediate and possible losses and fines are able to quickly recover some of the eroded total returns to shareholder value.
A good example of a proactive response comes from the time Facebook’s stock price declined by 24 per cent, when information emerged about their data breach involving 87 million Facebook users and Cambridge Analytica. As this news broke, Facebook quickly
swung into proactive action and began to communicate that data protection was a priority and abuse was no longer tolerated. A short while after, Facebook started taking down and disabling 837 million pieces of spam, 2.5 million pieces of hate speech, 583 million
fake accounts, and pledging a task force of 20,000 people for security. As news of this began to spread instead, Facebook’s stocks rebounded by a staggering 32 per cent over the next three months.
Importance of an integrated risk programme
An integrated risk programme should be designed to focus on the optimisation of shareholder value rather than direct losses. It provides organisations with the unique ability to predictively identify and proactively respond to non-financial risk events.
While a risk programme focused on direct loss only ends up meeting and responding to specific obligations that emerge from regulations or policies, a shareholder value-focused integrated risk programme is designed with the objectives of:
- gaining insights from an integrated and prioritised view of risk-reward relationships
- proactively identifying and responding to obligations
- providing assurance that risk awareness processes are embedded in the fabric of the enterprise
Bridging the gaps between risk and shareholder value
Risk programmes within organisations are often fragmented and disjointed. Businesses have traditionally made investments in standalone risk programmes to meet specific needs arising from changing regulatory requirements. The sole focus of these patchwork
investments was to restrict direct losses. However, it’s because of these that most organisations now have multiple silos of information. This prevents the business from understanding the impact of material risks and market or regulatory obligations from a
shareholder value perspective.
Many organisations have understood the need to integrate their risk programmes, and some have already embarked on the path towards doing so. Building and aligning an integrated risk programme that is focused on shareholder value involves establishing programmatic
components which drive businesses to meet goals.
The process of bridging the gaps between these information silos involves combining the disparate data with the business’ strategic initiatives and objectives. By integrating these risk programmes, organisations set up an accountability loop. This data is
brought into an overarching programme and aligned to the financial and operational metrics that are being tracked by the business to drive shareholder value.
The result of an integrated risk programme
Many organisations are beginning to understand the need to integrate their risk programmes, and some have already embarked on the path towards doing so. Building and aligning an integrated risk programme that is focused on shareholder value involves establishing
programmatic components which drive the goals of integration, responsiveness, and pervasiveness through certain processes and technology infrastructural capabilities.
Following the steps listed above for a shareholder value-focused integrated risk programme will not only result in the firm maintaining its integrity and strong reputation, but will also enable the board of directors and heads of business units to gain faster
and richer insights. Enterprises can then use these insights to manage risks more effectively to avoid certain losses and, in turn, increase shareholder value.