The need for understanding non-financial risks by Vivian Chen

Over the past 10 years or so, there has been an increased understanding of the need to tackle the problems of managing non-financial risks (NFRs), and this has led to increased hirings of associated legal professionals.

Here in Hong Kong, several banks have lifted recruitment freezes that were introduced because of the financial effects of the coronavirus pandemic – and risk and compliance professionals have been among the new hirings. This is linked to the growing awareness of the need to mitigate against NFRs, and to comply with the associated changes in the legal compliance framework.

According to the professional services giant Deloitte, a substantial number of the biggest risk events in recent years have arisen from NFRs such as human conduct and internet risks.

Such issues have been exacerbated by recent economic turmoil and the global effects of the coronavirus pandemic. Companies and other institutions are likely to find they need to do more to address the problems of NFRs. They may have to train staff and perhaps hire new specialists in order to create greater corporate awareness of the potential threats, and how to deal with them.

From 2008 to 2012, the world’s 10 biggest banks lost almost US$200 billion through litigation, compensation claims, and operational mishaps. But monetary losses are not the only concern: the affect on corporate image in the public perspective is also significant. People may start to question business models, and senior staff will be held accountable for what may have been avoidable risks and problems.

Such issues – particularly in the light of increased oversight and regulation – mean that banks and other institutions need to look at better management of NFRs. Indeed, such companies may well need to rethink their approach to risk management in general in a more holistic way, so as to cut costs and improve effectiveness.

According to the management consulting firm McKinsey and Company, one of the main problems is that within large corporations, various departments will have their own risk-assessment staff or groups, each acting on their own. This means there is duplication of work, and no overall manager to see the full picture. Often time and money is wasted on dealing with problems that could have been averted before they arose.

As a result of these issues, there is a growing trend towards a more integrated approach to NFR management. This is being accelerated by a more stringent regulatory framework. For example, many banks are now moving towards a three-tier defence model for dealing with NFRs. The first level is in control of the direct management of risks. The second level sets and monitors control standards, while the third “audit” level checks on the adequacy of the first two.

It is clear that the field of NFR management is becoming more important, and, by most indicators, more awareness is needed among the risk and compliance professional community.

By VIVIAN CHEN, Associate Director