So, what do brokers need to know about this phenomenon called risk velocity?
What is risk velocity?
Risk velocity is the speed or time to impact events effecting the business environment. According to an article by the Dutch information services company Wolters Kluwer, it can be measured using qualitative analysis (high, medium, low) or quantitative analysis (hours, days, months, years).
How well known is this concept across the insurance industry?
“Velocity of risk is increasingly discussed, adding a third dimension to the risk management standard covered by ISO 9001, for instance,” said Antony Meakin (pictured above), Lockton Australia’s national manager of corporate risk. ISO 9001 is an internationally recognized standard for Quality Management Systems (QMS).
Read more: Top risks facing CFOs in 2022
Meakin said it’s a way to reduce risks.
“It is an ‘ah ha’ moment for firms that incorporate velocity into their risk considerations and enables the risk committee to hone priority focus on critical risk mitigation/management practice to reduce those top risks the firm faces,” said Meakin.
He said it comes after a risk assessment that categorises risk impact and likelihood.
“The velocity lens focuses in on how quickly the risk event will be felt in the business and then how much time the firm will have to react to the event,” said Meakin. “In other words, velocity brings the impact to life – how prepared is the firm to deal with the risk identified?
Risk velocity is changing CFOs’ risk management approach
Lockton’s report found that more than 65% of CFOs surveyed have changed their approach to risk management this year because of risk velocity. More than half regard risk velocity as more of a concern than risk impact or likelihood.
“Their attitude changed because organisations now understand no plan is bullet proof and history is littered with failed crisis plans,” said Paul Marsden (pictured immediately below), Lockton Pacific’s CEO.
He said companies are now internally managing expectations around risk velocity.
“The high-performing organisations are those with diverse teams coming together to openly discuss risks with clear support from the board,” said Marsden.
The context for heightened risk velocity concerns, according to the report, is the business disruption caused by climate change, the COVID-19 pandemic and the Ukraine war. The dramatic rise in cyberattacks has also played a role. Referring to the attacks on MediBank Private and Optus, the report said: “In both cases, the CFO has been at the front and centre of the risk response and aftermath.”
Technology risk is the top velocity risk
Perhaps not surprisingly then, the survey found that “technology risk” is the top velocity risk for CFOs.
“Technology risks speak to the fundamental reliance all organisations have on technology, not just how organisations rely on technology for data related usage but also more broadly from an operational standpoint,” said Mark Luckin (pictured immediately below), Lockton Australia’s cyber and technology practice leader.
He said threats associated with technology risk speak to a broad exposure, like a cyber event, that can spiral out of control quickly and have consequences for all parts of a business.
Read more: Medibank cyber fallout: Eight ways insurers can protect their data
“This captures the essence of technology risk and the associated risk velocity,” said Luckin. “A key challenge is responding to these risks in the moment when the stakes are high with impartial information and often low visibility.”
He recommends that CFOs promote a common understanding of technology and cyber risks across the organisation, starting with a common language and definitions.
“There’s lots of jargon, buzzwords and acronyms which tends to alienate people,” said Luckin. “Particularly at a boardroom level, different cyber perspectives of executives exist depending on their role – and cyber risk likelihood, impact or velocity will vary.”
Despite widespread natural disasters like the flooding in Australia and the increasing importance of ESG (environmental, social and governance) factors, environmental risk didn’t rank very highly in Lockton’s report.
“Most CFOs are in businesses that aren’t directly affected by the environmental disasters we see around us,” said Geoff Martin (pictured immediately below), professor of business strategy at Melbourne Business School. “Nor do they see legislation pending that is likely to materially impact their businesses.”
Lockton asked Professor Martin, an expert on strategy and risk to weigh in on the findings and to provide practical advice on managing risk. He said data shows that business leaders are incentivised by metrics such as return on capital, customer satisfaction and employee engagement.
“In some industries or businesses, customers and employees will hold the businesses accountable for ESG goals – but in many sectors, that won’t be the case,” said Martin.
As a result, he said, most CFOs focus their risk concerns on technology, cybersecurity, people and supply chains, rather than the environment. These are the risks most likely to threaten a CFO’s ability to deliver on their KPIs, he said.
Read next: APRA boss on improving the risk culture in financial services
“Linking the variable pay of CFOs – the bonuses or other incentives they receive for good performance – to environmental or social outcomes would go some way to changing this behaviour,” said Martin. “There is plenty of evidence to suggest that financial incentives significantly influence priorities, and therefore behaviours.”
The best way to ensure that, he said, is to attract shareholders with a long-term view to buy into the company.
“If you’re only looking at outcomes within the next 12 months, environmental and social outcomes will often be left out of priorities and incentives,” he said.
Lockton’s risk velocity report was based on a survey in Q1 and Q3 of nearly 500 CFOs from around the world, including 50 in Australia and 12 in New Zealand.