Organisations with ‘digital first’ approach are mushrooming across the globe on the backdrop of explosive growth in the digital and communications technologies. Banking, Financial Services and Insurance (BFSI) sector in India has been at the forefront of this transformation. Many leading Indian corporations have come a long way in their transformational journey from merely being technology adapters to innovators.
As a result, data and analytics security has become one of the most critical strategic functions of large corporates. In previous decades, a risk management function for businesses and corporates usually meant dealing with theft, geopolitical concerns, international price fluctuations, policy changes and online data security. But the modern corporate landscape has evolved rapidly and over the past decade a range of risk factors—compliance, technological disruptions, trade-related protectionist policies, cyber security, environment and safety issues, rapidly changing business models and even social media perceptions— are all, pushing corporates to think differently.
Rapid globalization has created global corporations that stretch and reach unknown corners of the world. But this has also exposed them to universal risks. The Volatility, Uncertainty, Complexity And Ambiguity (VUCA) of this new global environment collectively poses unique challenges for the risk managers as it constantly presents newer roadblocks in an ever-changing environment.
Large corporates have separate risk teams keeping a pulse on everything in the company. The roles of a CISO (Chief Information Security Officer), CRO (Chief Risk Officer) and CCO (Chief Compliance Officer) have become inclusive in nature for every large corporate.
The first session of Forbes India Risk Management series, in association with HP, had an eminent panel of risk management experts, discussing the theme: ‘Risk Management in a VUCA World’.
The roundtable conference, moderated by Forbes India’s Associate Editor Salil Panchal, saw a lively discussion from Nikunj Thakkar, (Document Solutions Consultant) at HP, Ajeet Lodha, Chief Risk Officer at Edelweiss Tokio Life Insurance, Anurag Jain, Chief Risk Head (South Asia) at Thomson Reuters, Vivek Kumar Bajaj, Chief Risk Officer at Singapore-based United Overseas Bank (UOB), Chief Representative (South Asia), Raiffeisen Bank International Anupam Johri and Bikash Choudhary, Appointed Actuary and Chief Risk Officer at Future Generali India Life Insurance.
One of the critical points of discussion was India’s position on the issue of risk management. Thakkar assessed that the India Inc. wasn’t at the extremes. “It is not that we (the country) do not want to talk about risk and it is not also that we would like to really invest on everything which is actually risk identification. But we are, of course, learning and following the Western economies very rapidly,” Thakkar said.
Jain from Thomson Reuters opined that India’s corporate landscape had now evolved to a PE-layered professionally managed from promoter-led businesses. In that scenario, he felt, it was vital to know the customer, supplier, employee, so that risk management programmes can be improved and digitised.
On the point of India being risk-averse, Lodha expressed that, sometimes, unlike in previous decades, there had been some compromises on the risk management but with time, the processes and the frameworks on risk management had evolved and definitely improved. Most companies, according to him, had their own framework on compliances, corporate governance and corporate leaders realised that if they did not get it right, the business would be negatively impacted in the long run.
UOB’s Vivek Kumar Bajaj felt that from a regulatory perspective, India was quite well-regulated. On the conundrum of deteriorating asset quality of Indian banks, Bajaj believed they didn’t fail in their assessment. “To say that bankers were not aware of the concern is insulting their intelligence”, he said. The bankers were aware of the concern but still sanctioned loans driven by multiple factors. Bajaj also mentioned that when he started his career in the year 2000, there was only credit risk. “Now there is credit risk, operations risk, market risk, liquidity risk and reputational risk disciplines. The organizational culture and the leadership at the top is the only central force which drives risk management and how companies succeed by coping with it,” he added.
India has over the past two decades transitioned well to being risk conscious and hence better risk managed. Lodha of Edelweiss Tokio said, “So people have now become more conscious of risk management. I would say largely, as a country, we believe that the intent is there and there really has never faced the need of showing it to the outside world that we are doing it right. [It is known and accepted.]”
The speakers also discussed the unique way in which some financial institutions were structuring their organisations, where CISOs and CFOs reported to the CRO and the CROs reported directly to the board, independent to the CIOs. But Thakkar was of the view that, for proper risk assessment and management to take place, the culture from the company’s top management should be that IT is an equivalent concern [for a company], besides risk.
Speakers also discussed the degree to which technology was disrupting the system. Thakkar highlighted the fact that first it was important to understand what had to be protected on the technology layer and what the weak points were, whether it be the entire network, the endpoints or anything else. He also stressed that there were several ‘unknown unknowns and hence this assessment should be left to the experts. Another critical factor for companies is that they needed to understand and identify costs versus risks involved.
The panel also reflected on the subject of the stringency of regulations in India. Experts said that the difference between regulators in the United States and those in India is that the United States had a set of regulations reasonably detailed, which specified the things one was prohibited from doing. In India, the regulation [through the RBI] was very detailed and whatever that was permitted to be carried out, would be penned down, making it very comprehensive.
Discussing the potential areas of businesses which faced risks, Thakkar claimed that the insurance businesses were at risk, as the data recorded and stored over the years, was not just financial data but also health and ailment-related. Jain from Thomson Reuters added that the law firms and the system they operated in, was also vulnerable to various risks.
Jain also stressed the point that as the system was moving towards a concept of enabling and empowering the digital identity—not just for individuals but also the assets and corporate. “The theft of digital identity will become the biggest risk in the time to come.”
The panellists touched upon a variety of issues that the BFSI industry faces today and also glided on the roadmap to tackle them.
So far, the BFSI industry was focusing on leveraging technology to grow faster and make customers happy. But now it’s well-perceived that the technological innovations and adaptations must be backed by the sound risk management function. Else, the digital transformation will always be vulnerable to systematic risks. Clearly, the consensus is building among industry leaders on making risk management the foundation of the digital transformation.