Risk transformation requires a major change in skills and competencies. After all, one can restructure, rationalise and digitalise until the cows come home, but without the people with the right skills, competences, expertise and mindset, you will not be able to successfully transform your risk management. Your team needs to change.
In my previous blog, I explained how restructuring Risk resembles the refurbishment of an old building. In this blog I would like to put the people that live, and work, in that building in the spotlight. I will describe the kind of risk professionals I believe you need in order to make your organisation thrive. And I will give some advice on how to arrive at this ‘future Risk workforce’.
Cyber security attacks and data breaches are increasing in likelihood and magnitude. Effects of climate change may have an impact on a counterparty’s ability to pay back a loan, or may lead to a decrease in the value of collateral. Purpose, values and ethical behaviour are more and more on organisations’ agenda.
Does your Risk team have behavioural experts, cyber specialists and people with knowledge of climate change scenarios on board? People who can develop an approach for how to deal with things such as deep fakes, responsible use of artificial intelligence, or the loss of biodiversity?
In my opinion, as a starting point, the required skills of the ‘dream Risk team’ can be derived from the renewed risk taxonomy. Risk has traditionally been the domain of financial-economic experts, but that doesn’t cut it anymore. Nowadays Risk will need a wide range of expertise: technology, cyber, outsourcing, data analytics, climate change, (organisational) psychology, change management, social and customer behaviour and dynamics. To name a few.
Beyond diverse academic backgrounds, the future Risk workforce should be a good mix in terms of gender, age, cultural background, and personality and communication styles. In an ideal setting, teams are made up of different personalities, and these differences are more than just accepted - they are valued.
Such a change is not about numbers, but about having a healthy balance between for example feminine and masculine behaviour, and a blend of people with more introverted and more extroverted personalities. In risk management this is essential, as these different perspectives are needed to deal with today’s growing variety and complexity of risks, and diversity of opinion and thought can help to safeguard against ‘groupthink’.
Risk should enable an organisation to take on a healthy amount of risk, and not strive to avoid risk-taking at all costs. This requires a different mindset on an individual level: people who understand the relationship between an organisation’s strategy, the business processes, the risks involved in those, and the management thereof. People who are risk-aware, but are not risk-averse.
And Risk people must understand end-to-end business processes. They must be able to look beyond the silos of their own and other departments, and see the organisation’s bigger picture. And understand risks of a business on a much broader and longer time horizon than what the regulators require today.
They must have the ability to understand social, economic and environmental trends and predict their impact on the business and assess the risks related to that, linking Risk more closely to strategy execution.
Previously, I argued that Risk needs to have an advisory role vis-Ă -vis the business. Emotional intelligence, the ability for (self-)reflection, and the courage to speak up will - and should - be cherished and coveted skills in this respect. In addition, it will help to have people on board who can get an engaging story across about the true added-value of Risk. People who can bring strategy into practice by advising commercial teams on which risks to take and which ones to steer away from, and in what manner.
Another important Risk skill is responding with agility to volatility and sudden change. Chances are that change and disruption will keep on coming at us - and even at an increased pace.
This demands a mindset of continuous personal and professional growth, with a willingness to transform when the world asks for it, to thrive in an ever-changing environment. So that your team can continue to navigate the complexities of an evolving risk landscape.
Digitalisation is one of the most beloved buzzwords of recent years - and rightly so. Not only do you need to understand cyber and technology as an emerging risk, but digital-savvy staff is needed throughout the entire Risk organisation. First to get the right high-quality data available and ready for use, then to harness the power of that data and innovative technology to deliver better, faster, more accurate and more predictive risk insights.
However, on top of digital skills, I believe that there is a need for professionals who are able to see what may not be captured by the data, what is behind the available data, and what is not on the dashboard. Understanding where data comes from, how reliable it is, how it is used and what its impact is, what it means, is crucial to ensure that Risk and the business take informed decisions.
Risk data alone isn’t information yet, information is not yet knowledge, knowledge in itself doesn’t create value. I don’t want to get philosophical here, but future Risk management also needs people who understand these distinctions and who can help your organisation to make data and technology a means to an end, your purpose.
In addition, as risk management becomes more and more automated and data-driven, it means that risk managers can devote more of their attention to the outcomes of these tech-enabled analyses. Professional judgement has been a widely used term in the world of Risk, and I would argue that its importance - and value - will not decrease but increase with automation. Next to analytical skills, lateral thinking and a deep appreciation for the human element should be an integral part of the skill- and mindset of the digitally enabled risk manager.
So far, I have identified the skills and profiles needed. I trust you agree there is a significant case for change. And chances are that you spot quite a gap between your current Risk people and your dream team. Organisations need to make choices and be ready to act on them. I say that because arriving at a Risk workforce that is fit for the future might not be a painless process.
I believe it will require a combination of investing in skills and expertise of your current employees and attracting new talent. In some instances, ‘upskilling’ your current staff may be sufficient. But when it comes to really different educational backgrounds and more fundamental competencies, you will definitely also need to hire new people. And maybe let some of the old ones go. It is important to recognise that these decisions may feel difficult, but in some cases they are inevitable.
You may have noticed I haven’t spoken about FTEs, the size of your Risk team. That is deliberate, as it is not what this blog is about. We will look at rationalisation, digitalisation, outsourcing and cost reduction in some of my next blogs. The ideal size of the workforce and the optimal set of skills and competences will also depend on your business model, the risk landscape you are facing, and on the current skill set of your workforce.
But the point here is, I think that for the ideal future Risk workforce, diversity is a cornerstone. And I mean diversity in many ways, as set out in this blog. People in risk management should - with their colleagues and with their counterparts in the business - be able to look beyond what is necessary today, and understand what is needed to deal with the risks of tomorrow. And I personally believe that this will also make Risk an (even) better place to work!
Playback of this video is not currently available
Also read the earlier parts of this blog series:
The COVID-19 pandemic has accelerated the speed at which risk events occur and the extent to which they spread. Risks that once seemed remote and improbable have become the norm. Organisations are looking to cultivate a new trait: resilience. They are adopting a proactive approach in order to be prepared for these changes and to be able to respond to new laws and regulations.
Is your approach to risk fit for the world of tomorrow? Let’s create tomorrow_
Partner, Risk & Regulation lead, PwC Netherlands
Tel: +31 (0)61 308 76 37