An increase of 58%.
$49.9 billion.
Of the risk management firms surveyed for the LexisNexis ® Risk Solutions 2021 True Cost of Financial Crime Compliance Study, 70% believe the costs of financial crime compliance will increase within 12 to 24 months. Compared to costs in 2019 for the U.S. and Canada, this increase is projected to be 58%. And that 58% amounts to $49.9 billion, a large part of which will be caused by the groundswell of cyber risk enabled in the wake of COVID-19.
For those involved in business risk management, these findings confirm the stakes they face will continue to rise. This is why anyone involved in decision-making related to risk needs to become increasingly savvy regarding risk intelligence. Modern risk intelligence is proving, in real-time, to be a game-changer for modern risk management.
What Is Risk Intelligence?
Much more than just information gathering, risk intelligence is a form of actionable intelligence. For businesses, this means it’s the method of providing the right information to the right stakeholders so that they can make better decisions either at the right moment or in real-time. And while its military counterpart has a long and storied history, business intelligence is relatively new.
A Gartner Group consultant (whose name has been lost to time) came up with the term risk intelligence in the late 1980s. But, at the time, risk intelligence functioned as a way of describing systems that helped decision-makers understand the state of the world. The world, that is, within their own company.
It wasn’t until nearly a decade later that the scope of risk intelligence widened to encompass the world both within and outside the walls of the business. This was mainly due to the advent of the Internet and, more specifically, the business world largely realizing its value. But, ironically, as the increasing adoption of the Internet expanded the scope of risk intelligence, it also opened the floodgates to risk. And this parallel growth has continued into the 21st century, as the Internet (and the digital benefits it makes possible) is now nearly ubiquitous.
Now, modern risk intelligence is much more than a simple description of systems. As part of modern risk management in enterprise businesses, risk intelligence now refers to the practice of holistically embedding relevant risk management procedures throughout an entire enterprise. This overall process is referred to as risk intelligent governance. And this governance in practice, as defined by Deloitte, consists of nine key factors:
- The common definition of risk must be shared (and used consistently) throughout the enterprise. This definition must include value preservation and value creation.
- Appropriate standards support the use of a common risk framework to manage risk throughout the organization.
- Key roles, authority, and responsibilities related to risk management are clearly defined.
- A common risk management infrastructure supports business units and, critically, functions in the performance of the risk responsibilities of each unit.
- Governing bodies within the enterprise have the transparency and visibility they need to discharge their responsibilities as they relate to risk management.
- Executive management is responsible (or, at least, primarily responsible) for designing, implementing, and maintaining an effective risk program.
- Enterprise business units are accountable for managing the risks they take within the common risk framework.
- Enterprise functions that have a pervasive impact on the business provide support to the business units as it relates to the organization’s risk program.
- As is relevant, certain enterprise functions provide objective assurance in addition to monitoring and reporting on the effectiveness of the organization’s risk program.
But while its maturity and nuanced definition have absolutely made risk intelligence easier to apply at the enterprise level, how exactly is it changing the risk management game?
Risk Intelligence as Risk Management Game Changer
As with many tech trends, digital adoption and exploitation don’t grow in a linear fashion. But the surge in digital adoption experienced through COVID is historic. A “decade in days,” as summarized by McKinsey & Company in 2020 in their report How COVID-19 is changing consumer behavior—now and forever, where the authors go on to note that in the same period:
- Overall online adoption advanced 10 years in just eight weeks.
- Telemedicine grew by 10x in 15 days.
- Videoconferencing increased by 20x over three months.
- Online entertainment grew by seven years in five months.
These statistics are stunning and just the tip of the digital adoption iceberg. And they underscore how quickly risk management in business has needed to evolve to stay ahead of the ongoing explosion of digital threats. But this need to “stay ahead of the game” is precisely why risk intelligence is proving to be so valuable.
Predictive risk intelligence (PRi), again by Deloitte, is now able to provide those in decision-making roles “advance notice of emerging risks, knowledge of potential loss and risk exposures, and increased awareness of the external threats to [a] company or industry.”
And if growth in investment can indicate impact, predictive risk intelligence is delivering on its promise. An industry valued at just $3.49 billion in 2016, the predictive analytics market is projected to grow 21% into 2022, reaching an approximate value of $10.95 billion. And part of what’s helping PRi thrive is that it’s unlocking actionable intelligence in unexpected places.
Take, for instance, social media. While well known for sharing baby photos and news of wedding engagements, social media is also proving to be a valuable source of risk data. With the help of cognitive risk sensing, data mining, and natural language processing, social and work trends related to risk can be identified, and potential vulnerabilities accounted for before they’ve actually occurred. What’s more, the ability to include non-English social media feeds in these risk assessments allows businesses to glean intelligence that’s traditionally been outside of their geographic areas of operation.
Imagine a risk management team for an enterprise business located in New York City. Let’s also imagine that the success of this enterprise is reliant on the health of the global supply chain. And it would make sense for such a team to be keeping tabs on the busiest shipping ports in the world, like the one located in Busan, South Korea. Because let’s say a typhoon was bearing down on the region (as was the case in August of 2021). Through their application of risk intelligence, the team could do their best to understand what and how the typhoon could affect the global supply chain. And this, in turn, would help empower preemptive planning and decision making. But, increasingly, not all business risks are as significant and easy to track as a mature tropical cyclone.
Imagine, instead, the team becoming aware of a sudden and abnormal uptick in social media traffic related to shipping in Busan. Through the use of predictive risk intelligence platforms, the team could not only refine their focus on this specific torrent of information in real-time, but they could also determine if it increasingly involved potential disruptive events, such as labor unrest or a looming strike. And this would potentially allow the same preemptive planning and decision-making to take place.
Granted, just as with meteorology, no amount of predictive AI sophistication will ever achieve 100% accuracy on its own. Much like the important role of our local weather person plays, insights that lead to competitive advantages (be those in business or in getting the kiddos to school on time) do, and will continue to, come from people highly skilled in evaluation and interpretation.
Changing the Game Means Staying Two Steps Ahead
It’s fair to conclude that the future of risk intelligence is already here thanks to the global pandemic. But that means those involved in risk management shouldn’t stop looking ahead.
Quite the opposite—the future of business risk prevention and mitigation requires that we continue to stay ahead of the curve. Simply matching the pace of digital risk will continue to grow increasingly costly, which is why we highly encourage you to take a moment to read more about Staying Ahead of Emerging Risks.