Can new regulation help you rebalance the risk and reward scales?

Authors: Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader and Chee Kong Wong, EY Asia-Pacific Consulting Risk Leader

?Boards and c-suite leaders must meet overlapping compliance and regulatory obligations to secure sustainable, long-term growth.

• A host of forces – technology, competition, regulation and globalization – are driving immense and rapid change to the business landscape.
• In response, regulatory bodies are elevating their compliance requirements and businesses are exposed in new and challenging ways.?

Business leaders have always faced uncertainty and change. But today’s global supply chains and communication channels are more interconnected than at any other time in human history. Our geopolitics, cross-border relationships and competitive dynamics are more complex. And technological disruption is driving change at an astronomical pace.

Governments are tightening their regulations in response to a rapidly changing world. China’s trilogy of cybersecurity, data protection and privacy laws – which came into full force in September 2021 – may have attracted the most headlines and induced the biggest headaches among chief information security officers. But Singapore’s Cybersecurity Act, in place since 2018, and proposed updates to Australia’s laws protecting the security of critical infrastructure overlay additional obligations.

It is no surprise, then, that almost half (49%) of Asia-Pacific Chief Information Security Officer (CISO) leaders surveyed for the EY Global Information Security Survey 2021 say compliance can be the most stressful part of their job. More than half (57%) predict that compliance will become more time-consuming and, in some cases, chaotic in the years to come.

Technology is transforming regulation, but other compliance requirements have been triggered by the COVID-19 pandemic. A massive 82% of Asia-Pacific employers say meeting new safety protocols to support the return to work will require “moderate to extensive change,” according to EY Workplace Reimagined Employer Survey 2021.

Then there’s environment, social and governance (ESG) compliance. Three little letters capture everything from climate change to modern slavery to social value are transforming the way companies operate.

How do boards and business leaders come together to build operational resilience now and better prepare for future risks? How do businesses rebalance the risk and reward scales?

Leveraging technology and talent

The easy solution may be to hire more people. But this is not a sustainable strategy when the regulatory burden continues to expand at an exponential rate. The smart solution is to bring in skills and leverage technology to ensure processes are compliant.

Leaders ahead of the curve are already implementing next-generation technology to help them protect the safety, security and privacy of their stakeholders – and ultimately their businesses. Because the consequences of non-compliance can be severe. Organizations risk hefty fines, criminal prosecution and, in the case of major non-compliance, business shutdown.

EY is working with clients across the region to apply artificial intelligence and machine learning to the compliance challenge. One essential infrastructure company in Australia turned to EY to help it scan the regulatory environment and map compliance and controls. EY identified gaps and introduced uplifts to key controls across security of all types, from cyber to physical to supply chain. With EY’s help, a new security blueprint manages the utility’s biggest risks – outages, fines and reputational damage – and has uncovered new upside risks and income streams.

Something that may seem too hard on first glance can, with good risk management skills and procedures in place, become a new business model. Just ask the airlines that entered the financial services sector with credit card offerings, electric car companies that grew into energy storage, or ride sharing apps turning to food delivery services.

A telescope on transformation

Many Asia-Pacific leaders have their eyes open and firmly fixed on the horizon. Fifty-two percent of senior leaders across Asia-Pacific surveyed for the EY Global Board Risk Survey 2021 expect business model disruption will impact their businesses in the year ahead – compared with just 32% of those located in EMEIA and 29% of those in the Americas.

Asia-Pacific boards are worried about a wider variety of risk categories than their global counterparts – and yet fewer see the importance of enhancing risk management. While 82% of boards in EMEIA and 87% of those in the Americas say improving risk management is mission critical to protect and build value over the next five years, this falls to 66% for Asia-Pacific.

Are Asia-Pacific businesses already well prepared? Or do they underestimate the extent of the changing risk landscape?

Integrated and automated risk management platforms, while around for more than a decade in other jurisdictions, are only now being deployed in Asia-Pacific. Part of this is scale – a large organization in Asia-Pacific may be a small organization by global standards. But part is also the mindset. Many businesses across the region still see risk management as an overhead or a tax on doing business.

Moving this mindset can be achieved by shifting risk management from a centralized responsibility of the chief risk officer to a model that promotes the concept of “everyone” is involved in risk management. When risks are complex and interconnected, managing those risks should be in everyone’s KPIs and on everyone’s to-do list.

Transforming the risk function is dependent on technology. It is simply impossible to decentralize risk management without an integrated platform that builds synergies, enhances agility in risk functions and processes and assigns clear ownerships and accountabilities. But with the right tools and tactics, risk management can be transformed from a back-office roadblock into a strategic business opportunity.

A complex ecosystem of cross-border regulation and compliance may at first appear time-consuming and stressful to manage. But if armed with the right talent and technology, it can help business leaders identify sustainable and long-term value transformation opportunities to stay a step ahead.

The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.