As industries evolve to adopting big data, Internet of Things and smart factories, Indian companies are re-evaluating the way companies are looking at risk management for the future. Rohit Mahajan President - Risk Advisory, Deloitte says in the 5-10 years companies have evolved in the compliance game to meet changing needs. "Today if you see, there is a chief information officer, chief risk officer, and chief compliance officer. The role is expanding, because there are significant levels of regulation which need to be complied with," says Mahajan.
In its latest report 'Through the Risk Lens: The future belongs to the Prepared', Deloitte points at four disruptors that are challenging regulations.
First companies are looking at the "Pacing problem" - the gap between technological advancements and mechanisms intended to regulate them. Second, Disruptive business models are constantly evolving and the nature of newer business models is challenging for regulators as they need to refresh regulations, maintain consistency, and coordinate across regulators. Third relates to data, digital privacy, and cyber security. While the growing use of internet is creating a vast digital footprint , business are battling with several questions like what obligation does the service provider have-to store, protect, and share this data with third parties?.
Last are AI-based challenges. Algorithms are being used routinely to make vital financial, credit, hiring, and legal decisions. With algorithms not up for public review, this opaqueness and bias causes a challenge to both organisations and regulators.
While auditing AI systems to identify non-compliance is difficult and organisations could be held liable for AI breaches and biases. Mahajan points out that the perception of a company is also a major factor. "Brand reputation is actually a very important aspect of running a business. Companies don't want their names to be on the front page or getting discussed on social media," he said.
So how are companies gearing up? First, organisations and risk leaders are more focused than ever in identifying and managing this dynamic risk landscape. Companies are creating a comprehensive enterprise risk management framework (ERM) with governance frameworks. Companies are also increasing their investment and expanding their approaches to focus on vigilance (detecting patterns that may indicate or even predict risk events) and resilience (the capacity to rapidly contain and reduce the impact of risk events) through Continuous Control Monitoring (CCM). "Organizations realize it, and they realize that if they want to be sustainable from a long-term perspective, they need to make sure that they're invested" added Mahajan.