Your future Risk workforce

In my previous blog, I explained how restructuring Risk resembles the refurbishment of an old building. In this blog I would like to put the people that live, and work, in that building in the spotlight. I will describe the kind of risk professionals I believe you need in order to make your organisation thrive. And I will give some advice on how to arrive at this ‘future Risk workforce’.

The dream team

Cyber security attacks and data breaches are increasing in likelihood and magnitude. Effects of climate change may have an impact on a counterparty’s ability to pay back a loan, or may lead to a decrease in the value of collateral. Purpose, values and ethical behaviour are more and more on organisations’ agenda. 

Does your Risk team have behavioural experts, cyber specialists and people with knowledge of climate change scenarios on board? People who can develop an approach for how to deal with things such as deep fakes, responsible use of artificial intelligence, or the loss of biodiversity? 

In my opinion, as a starting point, the required skills of the ‘dream Risk team’ can be derived from the renewed risk taxonomy. Risk has traditionally been the domain of financial-economic experts, but that doesn’t cut it anymore. Nowadays Risk will need a wide range of expertise: technology, cyber, outsourcing, data analytics, climate change, (organisational) psychology, change management, social and customer behaviour and dynamics. To name a few.

Diversity as a strength

Beyond diverse academic backgrounds, the future Risk workforce should be a good mix in terms of gender, age, cultural background, and personality and communication styles. In an ideal setting, teams are made up of different personalities, and these differences are more than just accepted - they are valued. 

Such a change is not about numbers, but about having a healthy balance between for example feminine and masculine behaviour, and a blend of people with more introverted and more extroverted personalities. In risk management this is essential, as these different perspectives are needed to deal with today’s growing variety and complexity of risks, and diversity of opinion and thought can help to safeguard against ‘groupthink’.

From avoiding risks to creating value 

Risk should enable an organisation to take on a healthy amount of risk, and not strive to avoid risk-taking at all costs. This requires a different mindset on an individual level: people who understand the relationship between an organisation’s strategy, the business processes, the risks involved in those, and the management thereof. People who are risk-aware, but are not risk-averse. 

And Risk people must understand end-to-end business processes. They must be able to look beyond the silos of their own and other departments, and see the organisation’s bigger picture. And understand risks of a business on a much broader and longer time horizon than what the regulators require today. 

They must have the ability to understand social, economic and environmental trends and predict their impact on the business and assess the risks related to that, linking Risk more closely to strategy execution.

Advising with agility

Previously, I argued that Risk needs to have an advisory role vis-à-vis the business. Emotional intelligence, the ability for (self-)reflection, and the courage to speak up will - and should - be cherished and coveted skills in this respect. In addition, it will help to have people on board who can get an engaging story across about the true added-value of Risk. People who can bring strategy into practice by advising commercial teams on which risks to take and which ones to steer away from, and in what manner.

Another important Risk skill is responding with agility to volatility and sudden change. Chances are that change and disruption will keep on coming at us - and even at an increased pace.

This demands a mindset of continuous personal and professional growth, with a willingness to transform when the world asks for it, to thrive in an ever-changing environment. So that your team can continue to navigate the complexities of an evolving risk landscape.

Beyond digital

Digitalisation is one of the most beloved buzzwords of recent years - and rightly so. Not only do you need to understand cyber and technology as an emerging risk, but digital-savvy staff is needed throughout the entire Risk organisation. First to get the right high-quality data available and ready for use, then to harness the power of that data and innovative technology to deliver better, faster, more accurate and more predictive risk insights.  

However, on top of digital skills, I believe that there is a need for professionals who are able to see what may not be captured by the data, what is behind the available data, and what is not on the dashboard. Understanding where data comes from, how reliable it is, how it is used and what its impact is, what it means, is crucial to ensure that Risk and the business take informed decisions. 

Risk data alone isn’t information yet, information is not yet knowledge, knowledge in itself doesn’t create value. I don’t want to get philosophical here, but future Risk management also needs people who understand these distinctions and who can help your organisation to make data and technology a means to an end, your purpose.

In addition, as risk management becomes more and more automated and data-driven, it means that risk managers can devote more of their attention to the outcomes of these tech-enabled analyses. Professional judgement has been a widely used term in the world of Risk, and I would argue that its importance - and value - will not decrease but increase with automation. Next to analytical skills, lateral thinking and a deep appreciation for the human element should be an integral part of the skill- and mindset of the digitally enabled risk manager.

Mix and match to arrive at the future workforce

So far, I have identified the skills and profiles needed. I trust you agree there is a significant case for change. And chances are that you spot quite a gap between your current Risk people and your dream team. Organisations need to make choices and be ready to act on them. I say that because arriving at a Risk workforce that is fit for the future might not be a painless process.

I believe it will require a combination of investing in skills and expertise of your current employees and attracting new talent. In some instances, ‘upskilling’ your current staff may be sufficient. But when it comes to really different educational backgrounds and more fundamental competencies, you will definitely also need to hire new people. And maybe let some of the old ones go. It is important to recognise that these decisions may feel difficult, but in some cases they are inevitable. 

You may have noticed I haven’t spoken about FTEs, the size of your Risk team. That is deliberate, as it is not what this blog is about. We will look at rationalisation, digitalisation, outsourcing and cost reduction in some of my next blogs. The ideal size of the workforce and the optimal set of skills and competences will also depend on your business model, the risk landscape you are facing, and on the current skill set of your workforce. 

But the point here is, I think that for the ideal future Risk workforce, diversity is a cornerstone. And I mean diversity in many ways, as set out in this blog. People in risk management should - with their colleagues and with their counterparts in the business - be able to look beyond what is necessary today, and understand what is needed to deal with the risks of tomorrow. And I personally believe that this will also make Risk an (even) better place to work!

Also read the earlier parts of this blog series:

• Reimagine risk
• The seven ingredients of risk transformation
• Cost out, value in
• The marketing of risk management
• The taxonomy's role in transforming risk management
• Making Risk work