(Source – Shutterstock)
Can new regulations help you rebalance the risk and reward scales?
Authors: Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader & Chee Kong Wong, EY Asia-Pacific Risk Consulting Leader
- A host of forces – technology, competition, regulation, and globalization – are driving immense and rapid change to the business landscape.
- In response, regulatory bodies are elevating their compliance requirements, and businesses are exposed in new and challenging ways.
Business leaders have always faced uncertainty and change. But today’s global supply chains and communication channels are more interconnected than at any other time in human history. Our geopolitics, cross-border relationships, and competitive dynamics are more complex. And technological disruption is driving change at an astronomical pace.
Governments are tightening their regulations in response to a rapidly changing world. China’s trilogy of cybersecurity, data protection, and privacy laws – which came into full force in September 2021 – may have attracted the most headlines and induced the biggest headaches among chief information security officers. But Singapore’s Cybersecurity Act, in place since 2018, and proposed updates to Australia’s laws protecting the security of critical infrastructure overlay additional obligations.
It is no surprise, then, that almost half (49%) of Asia-Pacific CISO leaders surveyed for the EY Global Information Security Survey 2021 say compliance can be the most stressful part of their job. More than half (57%) predict that compliance will become more time-consuming and, in some cases, chaotic in the years to come.
Technology is transforming regulation, but other compliance requirements have been triggered by the COVID-19 pandemic. A massive 82% of Asia-Pacific employers say meeting new safety protocols to support the return to work will require “moderate to extensive change,” according to EY Workplace Reimagined Employer Survey 2021.
Then there’s the environment, social, and governance (ESG) compliance. Three little letters capture everything from climate change to modern slavery to social value are transforming the way companies operate.
How do boards and business leaders come together to build operational resilience now and better prepare for future risks? How do businesses rebalance the risk and reward scales?
Leveraging technology and talent
Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader
The easy solution may be to hire more people. But this is not a sustainable strategy when the regulatory burden continues to expand at an exponential rate. The smart solution is to bring in skills and leverage technology to ensure processes are compliant.
Leaders ahead of the curve are already implementing next-generation technology to help them protect the safety, security, and privacy of their stakeholders – and ultimately their businesses. Because the consequences of non-compliance can be severe. Organizations risk hefty fines, criminal prosecution, and, in the case of major non-compliance, business shutdown.
EY teams are working with clients across the region to apply artificial intelligence and machine learning to the compliance challenge. One essential infrastructure company in Australia turned to EY teams to help it scan the regulatory environment and map compliance and controls. EY teams identified gaps and introduced uplifts to key controls across the security of all types, from cyber to physical to supply chain. With EY teams’ help, a new security blueprint manages the utility’s biggest risks – outages, fines, and reputational damage – and has uncovered new upside risks and income streams.
Something that may seem too hard at first glance can, with good risk management skills and procedures in place, become a new business model. Just ask the airlines that entered the financial services sector with credit card offerings, electric car companies that grew into energy storage, or ride-sharing apps turning to food delivery services.
A telescope on transformation
Chee Kong Wong, EY Asia-Pacific Risk Consulting Leader
Many Asia-Pacific leaders have their eyes open and firmly fixed on the horizon. 52% of senior leaders across Asia-Pacific surveyed for the EY Global Board Risk Survey 2021 expect business model disruption will impact their businesses in the year ahead – compared with just 32% of those located in EMEIA and 29% of those in the Americas.
Asia-Pacific boards are worried about a wider variety of risk categories than their global counterparts – and yet fewer see the importance of enhancing risk management. While 82% of boards in EMEIA and 87% of those in the Americas say improving risk management is mission-critical to protect and build value over the next five years, this falls to 66% for Asia-Pacific.
Are Asia-Pacific businesses already well prepared? Or do they underestimate the extent of the changing risk landscape?
Integrated and automated risk management platforms, while around for more than a decade in other jurisdictions, are only now being deployed in Asia-Pacific. Part of this is scale – a large organization in Asia-Pacific may be a small organization by global standards. But part is also the mindset. Many businesses across the region still see risk management as an overhead or a tax on doing business.
Moving this mindset can be achieved by shifting risk management from a centralized responsibility of the chief risk officer to a model that promotes the concept of “everyone” is involved in risk management. When risks are complex and interconnected, managing those risks should be in everyone’s KPIs and on everyone’s to-do list.
Transforming the risk function is dependent on technology. It is simply impossible to decentralize risk management without an integrated platform that builds synergies, enhances agility in risk functions and processes, and assigns clear ownerships and accountabilities. But with the right tools and tactics, risk management can be transformed from a back-office roadblock into a strategic business opportunity.
A complex ecosystem of cross-border regulation and compliance may at first appear time-consuming and stressful to manage. But if armed with the right talent and technology, it can help business leaders identify sustainable and long-term value transformation opportunities to stay a step ahead.
The views expressed in this article are the views of the author, not Ernst & Young and Tech Wire Asia. This article provides general information, does not constitute advice, and should not be relied on as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Liability limited by a scheme approved under Professional Standards Legislation.
READ MORE
- The criticality of endpoint management in cybersecurity and operations
- Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications
- How Japan balances AI-driven opportunities with cybersecurity needs
- Deploying SASE: Benchmarking your approach
- Insurance everywhere all at once: the digital transformation of the APAC insurance industry