What is connected risk?
With a simple tap of the keyboard, multi-million-dollar deals are struck across continents and consumers can order almost anything from almost anywhere in the world to their doorstep. We have never had it so good.
Companies with operations spread out across the world can situate their production or headquarters in areas of low tax or low labour costs. The likes of Exxon-Mobil, Walmart and Apple straddle the planet in a manner befitting colonial European empires with the sun never setting on the ring of the cash register or the spinning cogs of the production line.
Yet, as history has proven, no empire is everlasting, especially as it overreaches itself, resulting in decay and ruin. In this new era, organisations are vulnerable to the whims and rhythms of the connected world. A world connected by hazards or risk drivers such as political volatility, cyber hacking or supply chain exposures caused by terrorism, piracy, inadequate safety controls and other critical factors which can create a rapid path to ruin.
This time it is not the barbarians at the gate, but a new business risk, what we call connected risk.
Connected risk is the systemic exposure of commercial organisations, their partners, suppliers and clients to cumulative and cascading financial, operational and reputational vulnerabilities. It is caused by an inherent weakness in the inter-connected architecture of today’s business-to-business relationships. These are increasingly digital and allow a single negative event to exponentially spread disruption and paralysis, and wreak severe economic damage both within and between organisations.
The key drivers for connected risk are the ways in which political, environmental, supply chain, cyber and credit risks combine to cause financial, operational and reputational loss.
In an increasingly connected world, corporates and their networks need to prepare for more unpredictable “black swan” events which are caused when a local event produces a so-called butterfly effect and unleashes a cascade of further events through the network, impacting numerous corporates along the way.
This exposes a raw nerve in corporates’ sophisticated global supply chains and/or delivery systems as they are now vulnerable to extreme events and systemic risk.
To illustrate the power of connected risk, imagine an international oil company called xConnect. The company has taken out a substantial loan to fund large-scale oil exploration in Asia. So the networks involved in this deal are xConnect’s boardroom, the bank, oil traders, specialist exploration companies, drilling companies, rig contracting companies, pipeline operators, the insurers underwriting the deal, refineries and distributors.
Imagine an event where a determined government nationalises xConnect’s oil leases and those of others within its jurisdiction in Asia. These are the connected risk effects: there is a shock in the oil price as supply volatility causes concerns for traders in the oil markets; across equity markets the share price plummets for all oil companies involved in the Asian event as investors move their money elsewhere; the bank seizes collateral in exchange for losing millions; insurers worry about the prospect of resulting claims; and the drilling and rig contracting companies also lose assets and the resultant revenue loss causes some to default on their loans, triggering further volatility in oil and equity markets, with consequential negative impact on future exploration costs.
At xConnect, the risk management division had not expected such a scenario could take place and had not devised counteracting continuity measures which therefore left the board in an untenable position.
This is but a taste of the power of connected risk. It is happening now. And it is the new normal of business risk.
Retailers’ principal market risks centre on their globally connected presence. A chief challenge of any corporate with locations in many countries is the cost of regulatory compliance, which is different from region to region. The world’s largest supermarket brand, for example, must enforce different workplace standards in China from those in the United States. In so doing, the company is subject to acute regulatory uncertainty.
Aside from the financial implications, a company is exposed to profound reputational risks through its supply chain. The collapse of flimsy buildings in Bangladesh, which housed contractors and sub-contractors sewing clothes, negatively affected many US corporates, unaware their brands were being manufactured in such conditions.
The new risk landscape ushered in by connected risk is one riddled with greater event complexity and less risk foresight. Corporates need to recognise that new and established business relationships, whether with suppliers, manufacturers, traders, financiers or consumers, are the entry point for connected risk.
The ultimate connected risk is the emerging cyber peril that threatens to swamp business in a tsunami of digital disruption. The internet of things and increasing reliance on mobile technology is a wonder of the modern age, but it is also an existential threat affecting individuals, organisations, governments and even great trading blocs like the EU, NAFTA and ASEAN. Hackers and new forms of malware have the potential to access personal, sensitive data, shut down critical infrastructure or ground aircraft.
Today’s organisations are becoming increasingly interconnected and embedded in the same network. Thus systemic risk poses a real threat. The failure of a single firm from a connected risk can have a disproportionate effect on both the organisations connected to it and the entire industry. It’s a real concern for chief executives who are aware of the urgency of connected risk, yet are unsure how to proceed.
The solution for corporate risk managers navigating the rough seas of connected risk is to have an integrated risk management framework. A framework that quantifies bottom-up exposure, manage risks and in so doing delivers superior return on equity. Combining the power of data analytics with the latest integrated risk modelling, led by companies such as Russell Group, it is now possible to price and value our hitherto unknown connected risk exposures much more accurately.
For more information please visit www.russell.co.uk/connectedrisk