The Financial Reporting Council (FRC) released the new Governance Code on the 16th of July, against a backdrop of recent corporate failures and an increased focus from both investors and government on how good governance should benefit the wider economy.
The Code is certainly more concise than its predecessors, but there are several areas that will require a concerted effort by the Boards of listed entities, including a new risk management provision that the Board should carry out an assessment of the emerging as well as principal risks facing the firm.
The Code does not define emerging risks and in the absence of a guidance note from the FRC it is instructive to consider how an organisation might arrive at a better understanding of emerging risks that could threaten the business model over a longer time horizon.
The issues arising from disruptive forces (e.g. technology, business model, value propositions, pricing, geopolitical shifts) are likely to be an important element (if not all) of the emerging risks facing a company. However, the consideration of these disruptive risks is not fully embedded into the risk process of most corporates even though disruption is getting increasing visibility in Board and EXCO discussions.
Maybe the emerging risk requirement can be a catalyst for better consideration of disruption and, more importantly, ensuring that consideration of disruptive risks becomes a valuable strategic tool in managing the strategic and operational resilience of the firm. This would also support one of the other requirements of the Code – the assessment of the ability of the firm to meets its liabilities over a longer time horizon.
It is clear from many B2B and B2C examples that disruptive risks do not crystallise overnight – they have a gestation period and we learn more about the risk as it develops.
It would therefore seem logical to argue that disruptive risks should be an integral part of the risks captured under the FRC emerging risks heading. However, few organisations allocate sufficient time to identifying and evaluating the risks arising from disruptive forces.
In my experience, a more fundamental conversation than ‘what are the key risks that might affect the delivery of our strategies and plans’ is required for organisations to recognise and address disruption. In addition, the disruption conversation needs to be taken out of Business as Usual context and ‘ring-fenced’ to give it the focus and attention it requires.
So, what does good look like in terms of a Board or EXCO discussion of disruptive forces and risks:
As you can see, I have deliberately avoided Black Swan and / or ‘what keeps you awake at night’ terminology. The reason for this is that many clients are seeking to have a more commercially framed discussion about disruptive and / or emerging risks.
At the same time, they recognise that in order to balance risk and return, strategic risks can also be viewed through the lens of the opportunity to disrupt the competition or addressable markets.
It is evident from extensive client work on disruption that a broad range of cross functional and commercial input is required both in planning and execution. At the same time, it is necessary to create the right environment for the discussion as it requires willingness to consider the ‘raison d’etre’ of the core business.
Equally, timing is crucial. Emerging and /or disruptive risks should be part of the strategy process otherwise organisations cannot respond to for these risks within the strategic plans. The Board should therefore have a clearly articulated risk appetite as a backdrop to evaluating strategic options.
In my experience, CROs can add more value to the strategic risk discussion by incorporating disruptive thinking in a pragmatic and practical way, and using the outcomes to stress test strategic plans, analysis of strategic options and enhancing the strategic resilience of the organisation. The Head of Strategy brings a strong commercial acumen and discipline to the consideration of uncertainty and making it relevant to the trade-offs and choices that the organisation is facing.
Organisations need to consider disruptive risks irrespective of requirements of the Code. The disruptive risks conversation should provide enhanced strategic insight as well enhanced understanding of emerging risks.
The output will support other requirements of the Code and, in particular, the disclosures around business model resilience and the longer term viability of the business.