AFRGA1 A023

See risk, seize opportunity.

● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

www.afr.com | Tuesday 28 May 2019

Special Report

Risk re-imaginedSponsored by

Governance model needs a rethink● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Management Newpressures are exposingthe old lines of defence.

● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

James Dunn

SOURCE: ALLIANZ

Top 10 risks to business in Australia (% of respondents)

Big threats

(%) (%)2019rank

2018rank

1

2

3

4

5

6

7

8

9

10

Risk factor

Changes in legislation and regulation (eg trade wars and tariffs)

Business interruption (including supply chain disruption)

Cyber incidents including data breaches

Market developments (including volatility and M&A)

New technologies (including impact of increasing connectivity)

Natural catastrophes

Loss of reputation or brand value

Climate change/increasing volatility of weather

Shortage of skilled workforce

Fire, explosion (new category)

36

32

30

30

27

23

22

18

11

9

3

2

1

7

3

5

5

9

9

-

28

46

49

21

28

26

26

10

10

If you makecommercialdecisions, you shouldbe thinking risk andreward.Stephen Allen, KPMG consultant

Sally Herman says the risk function isthe combination of people and data.

As companies in all industries grapplewith a business environment in whichthe risk management function is beingchallenged, traditional models of gov-ernance are being upended.

The standard corporate governancemodel of three lines of defence – start-ing with front-line staff, through therisk management and compliancefunction, and then to the internal auditdepartment – has been exposed by anew era of higher regulatory scrutiny,increased public expectations andheightened social media exposure.

Companies face the challenge of bal-ancing cost pressures and creatingshareholder value while accepting fargreater involvement of broader stake-holders, and vastly higher visibility oftheir every action.

Risk has had to be reimagined, as acore function of the business, at alllevels.

Essentially, the new environmentdictates that the risk function is‘‘brought out of its silo’’, says SallyHerman, a non-executive director atSuncorp Group Limited, BrevilleGroup Limited, Premier InvestmentsLimited and Evans Dixon Limited.

‘‘Any organisation has to think aboutrisk as a core part of doing its job,which means it can’t be the responsibil-ity of some faceless department in thecentre. It’s like HR, in that managersoutsourced ‘people leadership’ to theHR function, but that’s now beendevolved back into the front line; riskhas to be, too.’’

Herman says the risk function willalways be a combination of people anddata to produce insights: ‘‘Insights intowhat could go wrong, and where therecould be an opportunity to do better forcustomers.

‘‘You’ve got to have the senior riskpeople involved at the outset aroundstrategy-setting, but you also have to

have the people who are interactingwith the customer day in and day outthinking about risk in terms of the com-pany’s risk appetite, not just in terms ofrisk elimination. Because you still needto grow; companies can’t stand still.”

David Clarke, chief risk officer atQueensland Investment Corporation(QIC), says risk needs to be managed inreal time – which heightens the riskmanagement challenge for risk teams,for boards, and for the executive. Thisalso means that an understanding ofrisk has to be built-in to an organisa-tion’s training.

‘‘The HR and risk functions must beon the same page about training,’’ hesays. ‘‘I work very closely with our exec-utive director of HR, we do joint train-ing, joint inductions, teach people all

the policy framework, risk appetitestatements, work hand in glove on theboard HR risk committee.

‘‘In the last few years, the risk teamand the human capital team havebecome very much in concert.’’

Risk management ‘‘is essentiallyManagement 101’’, says Grant Mur-doch, a non-executive director at ALSLimited, Lynas Corporation Limited,Redbubble Limited and OzForex.

‘‘We institutionalised risk and madeit the responsibility of the chief riskofficer, but now we’re saying, ‘We’vegot to move some of this responsibilityback to the front line.’ That is effectivelytaking it back to Management 101,because the front line are the peoplethat are managing both the opportunit-ies and the threats.’’

Stephen Allen, consultant at KPMG,says this internalisation of the riskfunction is problem that has been ruth-lessly exposed, by forces such as theroyal commission in the financial ser-

vices industry, and in general, the newera of higher scrutiny on business byregulators, governments, stakeholdersand the public, with social media astheir lens.

‘‘As organisations have gotten big-ger, there’s been more formalitydevelop around the risk managementfunctions, but then you get an abdica-tion of responsibility,’’ he says.

‘‘Grant calls it ‘Management 101’, Icall it ‘first principles’ – if you makecommercial decisions, you should be

thinking risk and reward. Where thereis a central risk management function,and it becomes seen as ‘The Cops’, well,it’s easier for front-line people to simplysay ‘no’ to opportunities, and it doesn’twork.’’

The challenge is to ‘‘make sure yourpeople are thinking both sides of thefence’’, Allen says. ‘‘This involves therisk function having that commercialelement – what’s the risk, what’s thereward we’re getting, what are ourboundary conditions – but you alsowant your front-line people thinking interms of, ‘What’s doable?’

‘‘You have parameters – you’re obvi-ously not going to break the law, you’renot going to do things that are bad andthat have an obvious reputational dam-age, and you want a win-win outcomefor you and your client; because at theend of the day, you’re in business.’’

Allen says the interface between thefront line and the risk function shouldwork like this: ‘‘The front line proposesdoing something: risk comes back andsays, ‘Actually that doesn’t work, andhere are the reasons why, but we coulddo A, B or C. It’s your client, and youown the risk.’

‘‘What you’re hoping for – becauseyou hope you have bright people – is for

the front-line person to come back andsay, ‘If I could get D, does that work?’And you say, ‘Sure, actually that does.’

‘‘That’s ideally the way you want arisk function to work, but the challengeis promoting that among all your staff.’’

The risk function’s key role is to beindependent, he says: it is not emotion-ally wedded to the product or the deal,but it sets the parameters for the frontline.

‘‘You’re saying, as the risk function, ifyou want to launch a product or do adeal, you’ve got to care about the repu-tation and risk – and you’ve got to careabout all the pieces,’’ says Allen.

The optimum risk function is wherethe risk people have the credibility to beseen as partners of the front-line busi-ness, says Matt Tottenham, director,audit, assurance and risk consulting atKPMG.

‘‘Where the risk function becomesreally valuable is where it has the cred-ibility, experience and gravitas that canactually challenge the front-line busi-ness – and then the business wants itsview,’’ he says. ‘‘Where the business issaying, ‘I still make the final decision,but I really want your opinion,’ that’s apartnership, and that’s when it reallyworks well.’’

AFRGA1 A024

Let’s turn challenges into positive outcomes for your business, stakeholders and customers.

AFRTuesday 28 May 2019The Australian Financial Review | www.afr.com

24 Special Report Risk re-imagined

Diversity of skills key to tackle challenge● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Problem-solving● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

James Dunn

At the end of the day,there’s no magic to it– it’s about thinkingthrough the issues.Stephen Allen, consultant at KPMG

Anna Hopley says risk people can’tsimply be focused on quantitativeanalysis. PHOTO: JEREMY PIPER

With the broadening array of risks thatorganisations face working to increasethe importance of the risk function, themix of skills that are utilised in thatarea is changing.

And with non-financial (at least, inthe first instance) risks becoming moreprominent, risk is no longer seen asexclusively a quantitative speciality.Diversity of skills base, background andthinking is increasingly demanded.

“How successful organisationshandle risk has matured and changed alot, just in recent years,” says DavidClarke, chief risk officer at QueenslandInvestment Corporation. “Diversityand different modes of thinking isincreasingly central to the risk func-tion, to make sure ethical and moraldecision making is front and centre.”

With the business world evolving atthe rate that it is, one of the biggestchallenges for anybody in a risk role ishow to “keep open-minded enoughand diverse enough in your views”,says Stephen Allen, consultant atKPMG. “That’s at absolutely everylevel.”

Allen offers two examples from hisown career. “One, because I don’t hap-pen to be a big social media user, I hadto be warned by other people who weremore tuned into it than me how bigsocial media would be in terms ofreputational risk.

‘‘Second, I was involved in a businessin the US, in California, that lent moneyat high interest rates to people to buysecond-hand cars. It was easy to just

look at the interest rate and say, ‘Wow,that’s high, is this a sustainable busi-ness?’ But I had a couple of people onmy team who were from a socioecono-mically less affluent background, whomade the point to me quite strongly,that in those parts of California, if youdidn’t have a car, you didn’t have a job.So, it was a good business.”

The problem for many organisations,says Allen, is that historically, risk mayhave been seen as more of a “back-officefunction”. “You definitely want to makesure that your risk function is seen as a

good place to work at – that it’s not apenalty to work there,” he says. “Obvi-ously core skill sets of being able to ana-lyse a problem are critical, but at the endof the day, there’s no magic to it – it’sabout thinking through the issues. Youwant diversity of thinking.”

The rising importance of non-financial risk – such as conduct risk,ESG (environmental, social and gov-ernance) risk and modern slavery – hasto be matched by the skills available tothe risk function, says Anna Hopley,partner, audit assurance and risk con-sulting at KPMG. “This means that yourrisk people can’t simply be focused onquantitative analysis,” she says. “Theyneed to be comfortable in ambiguity,they need to be highly resilient, and they

need to be comfortable in qualitativedata that supports a measurement not afinancial risk. That’s very much a shiftthat we continue to see. As long asthere’s the ability to have broader inter-action between people with differentbackgrounds, then you’re going to get amuch better risk outcome.”

Sally Herman, a non-executive dir-ector at Suncorp Group, BrevilleGroup, Premier Investments andEvans Dixon, agrees. “Things like cli-mate risk, reputation risk, are fairly

new concepts, certainly for risk com-mittees, to deal with, because they’requite hard concepts and issues to actu-ally measure.” That can require freshviews and ways of thinking, she says.

Matt Tottenham, director, audit,assurance and risk consulting atKPMG, says there is a deep shift in risk,around ethics: in all industries, busi-nesses, when contemplating a transac-tion with a customer, or a new productor mandate, ask themselves ‘‘Shouldwe?’’ instead of ‘‘Can we?’’

“‘Should we?’ is essentially an ethicalquestion. The risk and compliance func-tions have sometimes been historicallyabout risk elimination,’’ he says.

‘‘The new world is around risk assess-ment, it’s not around elimination, youcan’t eliminate it, but ‘Is this the rightthing to do?’ That’s a hard skill set, itrequires judgment. If you’re someonewho’s spent your entire career trying toeliminate risk by making people adhereto policies and procedures, you prob-ably haven’t developed the skill sets tolook at a situation and judge it.”

Herman is keen to see curiosity inrisk professionals. “There has to be acuriosity about how customers interactwith the business: you have to have thatalways pretty much at the front of yourmind, about what will be the customerexperience of this product or service.”

Ultimately, however, an effective riskfunction still comes down to data andinsights, she says. “What we want ischief risk officers [CROs], and risk func-tions, to be reimagining risk all thetime, which is how they use artificialintelligence, how they use data moreeffectively, and how they evolve andpartner with the business to bring bet-ter insights to boards,” she says.“Because ... boards are only going to bemore inquisitive, not less, about therisks that are within the business.”

Allen knows what he wants in a riskprofessional: “Smart, hard-working,driven people, who are analytical andintellectually curious, and I want themfrom a whole range of backgrounds.”

Social condition of businesses fundamental to success● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Company culture● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Mark Eggleton

Continued p26

Australia’s largest banks, insurers andsuperannuation licensees might bemanaged rather well in a financialsense but the industry is grappling tomanage non-financial risks, such asculture and accountability according toa report released late last week by theAustralian Prudential RegulationAuthority (APRA).

The report followed a period of self-assessment undertaken by 36 of thenation’s largest financial service pro-viders carried out in response to last

year’s final report of the PrudentialInquiry into the Commonwealth Bankof Australia.

According to APRA, one of the con-sistent themes of the self-assessmentprocess was “risk culture is not wellunderstood, and therefore may not bereinforcing the desired behaviours”.

APRA deputy chairman John Lons-dale said the self-assessment processmade clear that many of the issuesidentified within CBA are not unique tothat institution.

Lonsdale said the findings would beused to help APRA better target itsefforts to lift standards of non-financialrisk management.

“Boards must be committed to uplift-ing governance and management ofnon-financial risks. Where this com-mitment is not forthcoming, APRA willconsider the need for further regulat-ory action,” he said.

APRA’s report follows the release ofa paper prepared for the ActuariesInstitute last month outlining theneed for Australia’s major financialinstitutions to better understand theirsocial risks and the social condition oftheir business.

The thought leadership paper, titledThe Social Condition Report, was pre-pared for the Actuaries Institute byauthors Ian Laughlin, a former deputy

chairman at APRA, and Hadyn Bernau,a principal at Finity Consulting. It saidthe “social condition” of a financial ser-vices business – the state of its relation-ships with its customers, employees,regulators, intermediaries, politiciansand the wider community – is “no lessimportant to a company’s long-termsuccess than its financial condition”.

“The basic premise underlying thispaper is that relationships with keygroups in society are so fundamental tothe success of a financial services busi-ness, and of such great value, that thereshould be a systematic approach to themanagement of those relationships,”the paper states.

The authors argue many social risksare being “poorly managed – perhapsnot even being identified”.

According to the paper’s co-authorHadyn Bernau, loss of social capital hasoccurred suddenly and quickly in Aus-tralia’s financial institutions, with littleor no warning provided by currentmanagement indicators and reporting.

He suggests there is a lot of publicrelations speak involved in reportingbased around jargon such as “net pro-moter scores” but they are shallow andunderdeveloped.

He says social capital is just as signi-ficant as financial capital but social

AFRGA1 A025

As your environment rapidly evolves, you need holistic risk management from the Board to the front line. From culture to governance, technology to data, our innovative approach will help you seize the opportunity in risk.

AFR Tuesday 28 May 2019www.afr.com | The Australian Financial Review

25Special ReportRisk re-imagined

Pace of change agenuine threat

● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Liability● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

James Dunn

Grant Murdoch says companies must be attuned to reputational risk, especially dueto the influence and speed of social media. PHOTO: JEREMY PIPER

Not only does the range of risks themodern company faces get everbroader, risk comes at the moderncompany fast. And that can become anadditional risk in itself.

“The pace of change now has to be afundamental part of the way that anorganisation thinks about risk,” saysGrant Murdoch, a non-executive dir-ector at ALS Limited, Lynas Corpora-tion Limited, Redbubble Limited andOzForex.

“That’s the additional risk that’s inthere. A number of risk analyses noware putting velocity in risk philosophyalong with consequence and likeli-hood, because a risk that has a highvelocity means that you’re going tohave to deal with it very differently toother ones.”

Reputational risk is at the forefrontof this change, Murdoch says.“Reputational risk is now much moreimportant because of the pace.

‘‘The pace means that if you’ve got areputational risk, it’s on social mediawithin minutes. And that’s somethingthat the organisation’s risk function isgoing to have to learn how to deal with,as well.”

Matt Tottenham, director, audit,assurance and risk consulting at

KPMG, says social media has broughtwith it the additional risk of losing con-trol over the narrative – unless they arevery alert and ready to respond.

“You just have no control over themessaging anymore once it gets intothe public domain. And it’s there inseconds – potentially very largereputational risk.”

Traditionally, when the risk functionhas mapped its risks, the two axis havebeen about likelihood of the risk occur-ring, and the dollar impact, but pre-paredness to respond is now a criticalelement.

“A reputational risk can be only asmall financial outcome but a dis-astrous reputation outcome. These arethe things that good risk people areable to bring some clarity to,” says SallyHerman, a non-executive director atSuncorp Group Limited, BrevilleGroup Limited, Premier InvestmentsLimited and Evans Dixon Limited.

Cyber risk is another new risk thatcan be on a company before it evenknows it.

“Take modern financial institutions:how long can they survive withoutbeing connected to the internet? Two,three hours? If all of a sudden all yourapps stop working and your customerscan’t get in, it could be a modern-day‘run’.

‘‘That is a very big risk,” says StephenAllen, consultant at KPMG.

Data risk is another risk that hasemerged to become a major considera-tion for the risk function. “One of themost interesting conversations we’vehad on one of my boards is about datarisk: not cyber risk, but data in its ownright,” says Herman.

“Just some key questions along thelines of who owns our data, where is itheld, how old is it. There are all sorts ofinteresting conversations, where peo-ple who aren’t normally interested inrisk say, ‘Oh gosh, I had better get

involved in that’,” says Herman.The rate at which new risks are being

added increases the complexity of therisk palette all the time, says Totten-ham. “It isn’t only the number of risks,it’s the rate that they’re being added is asignificant factor. You only have to lookat climate risk. Just five years ago, coalwas a major employer in Australia, amajor export industry.

‘‘Now you’ve got a situation wherefinancial institutions won’t invest in it,and that’s come about very, very

quickly. And as of this year, modernslavery and the risks in the supplychain is a new risk of which boardmembers, on top of all of their obliga-tions, need to understand the intrica-cies,” Tottenham says.

Cultural risks are rapidly being reas-sessed in the hierarchy of risk, particu-larly in the financial services sectorpost-royal commission, as the industrygrapples with the misconduct and eth-ical lapses that were laid bare.

“The non-financial risks around con-duct and compliance are very much onthe minds of boards and management,and they’re looking at things like cyberrisk, modern slavery and ESG [environ-mental, social and governance] risks,”says Anna Hopley, partner, audit assur-ance and risk consulting at KPMG.

“They’re trying to look 10 years out,and what regulation risk managementwill look like in response to those non-financial risks, but also in the here andnow, trying to refocus their minds tonon-financial risk management, andwhether to integrate the reportingthrough to the boards on non-financialrisks.”

David Clarke, chief risk officer atQueensland Investment Corporation,says his organisation is continuouslycategorising risks as operational, stra-tegic, and emerging. “Cyber risk is cer-tainly a risk [that] has moved fromemerging to operational. There arealways new risks.” Ultimately, Clarkesays, companies must be wary aboutthinking in terms of “non-financial”risk – despite the comfort it mightimply – because risk broadly comesback to financial outcomes. “I think allrisks lead into reputational risk, andthat in turn has an impact on financialoutcomes. So, there’s definitely a link-age between the non-financial and ulti-mate financial risks,” he says.

ESG principles increasingly embedded in capital markets● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Strategy● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Mark Eggleton

You want to see whatdrives each of theindividual sectors.Thomas Reif, State Street GlobalAdvisors portfolio analyst

Investors are increasingly talkingabout ensuring companies have envir-onmental, social and governance (ESG)principles embedded into their opera-tions but at present there is a lack ofsolid data around how financiallymaterial ESG is to performance.

According to the Financial Times,more than a third of the asset man-agers and pension funds in attendanceat MSCI’s recent annual investing con-ference said they expected to see theshare of global assets operating on ESGprinciples to more than double fromabout 25 per cent today to between 50and 65 per cent in the next five years.

Part of the reason is up until about adecade ago ESG was a fairly niche activ-ity but in the last few years issues suchas climate change, corruption, waterusage, diversity and executive remu-neration have risen in terms of theirimportance for investors globally.

State Street Global Advisors portfolioanalyst Thomas Reif says because ofthe recent interest in ESG metrics thereare not statistically significant num-bers around how important they are ina company’s market performance.

“Ideally, you want to have 30 to 50years of data to look at – the smart betafactors which persistently drive return.These classic smart beta factors such asvalue, quality and low volatility areproven over time but ESG, is not spe-cifically, smart beta. It hasn’t been

proven to the same level of rigour assmart beta,” Reif says. “For it to be sta-tistically relevant you want to havemore than 10 years’ worth of data.”

He says SSGA, which is the invest-ment division of asset managementbehemoth State Street Corporation,believes ESG is here to stay and is a sig-nificant risk factor. More pertinently,companies that have embedded ESGprinciples into their business areoutperforming those that have not.

Bearing this in mind, SSGA has builtan “R” or responsibility factor into itsmetrics, which is designed to focus onthe financially material factors of a com-pany in respect of its “R” score. To workout the score, SSGA first looks at howfinancially material environmental andsocial issues are that “we believe are

industry-specific, but market-agnostic”.‘‘You want to look per sector and see

what drives each of the individual sec-tors. You don’t apply the same E and S,the same factors for all industries.However, governance is a bit tricky, it’sindustry-agnostic, but market-specific.

‘‘What we’ve done is work with anumber of best-in-breed data providersto uncover an R-score and then appliedit to the Financial Accounting Stand-

ards Board’s definition of materiality,’’Reif says.

As to what the FASB’s materialityframework actually entails, Reif says‘‘it’s a bunch of guys out of the UnitedStates that have created a frameworkfor how to look at companies, that isunique, to each particular industry’’.

He says companies can choose toignore the R-score but ‘‘they’re choos-ing to ignore suggestions, of things wethink are financially material’’.

He says companies that have embed-ded ESG principles into their businessare generally well-managed, high-quality companies. ‘‘By betting againstESG, it’s almost like, you want to bet ona crook and maybe that will provideyou with a short-term return but it’slikely to come back to haunt you.’’

AFRGA1 A026

To learn more about how our Audit, Assurance and Risk Consulting team at KPMG can help, visit KPMG.com/au/RiskReimagined.

Anticipate tomorrow. Deliver today.

See risk, seize opportunity.

© 2019 KPMG, an Australian partnership. All rights reserved. 321440840AARC.

AFRTuesday 28 May 2019The Australian Financial Review | www.afr.com

26 Special Report Risk re-imagined

Social condition offirms vital to success

Distant relationshipsis affecting socialcapital more thanbad conduct.Hadyn Bernau, Finity Consulting

From page 24

risks are considered intangible and dif-ficult to measure and quantify.

Bearing this in mind, the ActuariesInstitute paper proposes companiesundertake an annual social conditionreport broadly modelled on the man-datory financial condition report – areport that is highly valued by insur-ance company boards and APRAbecause it provides a comprehensiveview of the financial dynamics of com-plex businesses.

“The social condition report (SCR)could be as valuable for boards, ASICand APRA because of the insights itwill provide into the quality of the rela-tionships with society, and the risks tothose relationships.”

Bernau says the first part of thereport would be about measuring rela-tionships. “You can start one relation-ship at a time. It might be with thecustomers, or a group of customers, orit might be your internal relationships.

‘‘The point is to get a better under-standing of them, measuring them andmanaging them.

“Once you get really good at under-standing the social risks, or relation-ship risks, then you would of coursereport on it comprehensively.

“It’s a two-step process. Step one ismapping out all your different stake-holder groups, and understanding howsignificant each of those groups is toyour business.

“You can almost rank them anddivide each group in terms of their stra-tegic significance to your business andthen measure the risk they pose,”Bernau says.

For Bernau, these risks apply to anybusiness that has significant value in itsintangible assets and relationships,which he suggests is most companies.

And like the financial conditionreport, Bernau says the SCR should bepresented directly to the board in anunfettered and independent way so theboard has impartial reporting aroundthe state of an organisation’s social cap-ital and social risks.

“Importantly, it’s just good hard-headed business to understand yoursocial capital and it will generate a fin-ancial return if you do so.”

He says Australian business arelaggards when it comes to factoring insocial risk factors and it is somethinghis co-author Ian Laughlin noticed atAPRA where social risks are not featur-ing in risk frameworks.

Bernau believes this might bebecause Australian business is toofocused on short-term profit.

He says his company measured thesocial capital in the big four banks overthe last few years and their conclusion

was they had lost almost all of theirsocial capital in the last three years.

Moreover, this loss of social capitalcan be factored into their marketcapitalisation over the same period asthe short term does not illustrate thewhole picture.

Bernau says in the good times, abank’s total value for example is madeup of about 40 per cent in financial cap-ital, about 20 per cent in human andintellectual capital, and 40 per cent insocial capital.

Comparing the good times of threeyears ago to now, Bernau says thebanks have lost 30 to 40 per cent oftheir value “but they didn’t lose anyfinancial capital, they didn’t lose anyof their human or intellectual capital,so it must have come out of their socialcapital”.

Interestingly, he does not attributethis fall in social capital to perceivedcorporate malfeasance because their“conduct and behaviours didn’t sud-denly fall off a cliff”.

“I think it’s more like that their stake-holder relationships have become a lotmore distant.”

He suggests technology such as arti-ficial intelligence, machine learningand the growth of call centres has putmore distance between banks and theirstakeholders.

The upshot is people are less forgiv-ing because there is not a personal edgeto relationships with banks anymore.

“When you’ve got a close relation-ship with a customer and you make amistake or something goes wrong, thecustomer might even overlook it,understand these things happen, orthey’ll work through it and solve it withyou together. But when it’s a distantrelationship, you’re much less likely tounderstand, you’re more likely to pointthe finger and think badly of them.

“I think the rise of distant relation-ships is affecting social capital morethan bad conduct because conducthasn’t got much worse.”

Furthermore, Bernau says the hugefocus on “customer centricity” is alsoaffecting social capital across businessbecause it often means neglectingother stakeholders such as service pro-viders, suppliers, regulators and eventhe media.

“We’ve had a period of shareholdingprimacy and shareholder focus andwe’re now in a period of customer-primacy and customer-focus but themore mature approach would be tojust consider all the stakeholders,”Bernau concludes.

Trade disputes between the United States and China, if they continue, could slow the global economy. PHOTO: AP

Macro factors can act ashandbrake on markets

● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Economy● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●

Lydia Maguire

The continued tough talk emanatingfrom China and the United Statesaround trade is just one of the majormacro risks currently acting as a hand-brake on global markets.

Adding to the trade tensionsbetween the world’s two largest eco-nomies is the continuing kerfufflearound Brexit and the United States’muscle-flexing with Iran. Throw in thedisparate reactions to climate changeand the added threat of technologicaldisruption and the risks to a slowingglobal economy appear challenging.

Yet while in the past, business hasalways been able to navigate aroundmost risks because individual busi-nesses place different values on differ-ent types of risks, the current politicalturmoil seem altogether different.

As former US Treasury secretaryHenry Paulson remarked late last year,politics has always been a risk factorbut what sets the current wave of popu-lism apart is its a contagion sweepingthrough the normally stable invest-ment environments of the US, Europeand possibly elsewhere. According toPaulson, it ‘‘threatens to disturb thefoundations of the global system’’.

Speaking at Bloomberg’s New Econ-omy Forum in Singapore late last year,Paulson warned the US-China politicaland trade divide alone could see bigparts of the global economy closed offto the free flow of investment and trade.

‘‘I now see the prospect of an Eco-nomic Iron Curtain – one that throwsup new walls on each side andunmakes the global economy, as wehave known it.’’

Beyond the US-China divide, it wouldseem the consensus around global freetrade is weakening in a number ofcountries and with it, disruption toglobal supply chains. Bearing this inmind, the head of global strategy atAberdeen Standard Investments,Andrew Milligan, says we are lookingat a period where ‘‘a higher politicalpremium must be priced into the out-look for corporate earnings’’.

Closer to home, Australian businessalso identified big political risks as agrowing concern according to resultsfrom the 2019 Allianz Risk Barometer,based on the insights of 2415 riskexperts across 86 countries, includingAustralia.

Looking at Australia, the top risknominated was changes in legislationand regulation incorporating every-thing from trade wars to the disintegra-tion of the Eurozone. Thirty-six per

cent of respondents rated it as the No.1risk in 2019, with business interruptionsuch as supply chain disruption rankedsecond and cyber incidents third.

Last year’s No.1 risk was a potentialcyber incident and while it had moveddown in the rankings, it is still a majorconcern for Australian businesses with61 per cent of Australian respondentsciting cyber incidents as the cause ofbusiness interruption they fear themost.

Furthermore, sentiment around theimpact of ‘‘new technologies’’, whichranks as the fifth-highest business riskin Australia for 2019, is seen as adouble-edged sword.

When asked which new technolo-gies are the most useful or valuable fora company, the top answer by Austra-lian respondents (80 per cent) was arti-ficial intelligence.

Yet when asked which new techno-logies pose the greatest risk on a busi-ness, Australians again answered withAI (66 per cent).

Speaking on the release of the report,CEO of Allianz Global Corporate & Spe-cialty Pacific, Willem Van Wyk, said theincreased pace of change, both in termsof legislation, regulation, market dis-ruption and new technologies, is heav-ily influencing business risk concernswithin the Australian market.