The expert view: Managing uncertainty – how can we take advantage of risk in a fast-changing European landscape?

Institutional approaches to risk management tend to err towards mitigating against risk, rather than optimising for opportunities, said Sungard’s Dr Sandra Bell, introducing a Business Reporter breakfast briefing at London’s Savoy Hotel. However, she added, most businesses – like people – tend to get more confident with experience, and therefore are more open to risk.

The agenda for the discussion took in the “fast-changing European landscape”, which meant that much of the briefing focused on the rapidly-approaching GDPR legislation and the ongoing uncertainty around Brexit.

Brexit means…?

Perhaps surprisingly, nobody at the briefing was keen to talk about Brexit preparations at their business – and this did not appear to be because of concerns about confidentiality. “It’s a little early for us to be thinking about Brexit,” said one attendee from an international facilities management firm. “There are other issues on our radar besides Brexit,” added another.

One attendee acknowledged a concern about the “ripple effect of uncertainty” that Brexit could create – one that extends across sectors and that lasts for months or even years.

For most of those present, however, the Brexit situation is still so unclear that there seems to be little point right now in planning for any risk it brings, let alone to take advantage of the opportunities. At least a couple of attendees noted, perhaps hopefully, that Brexit might still not happen.

Preparing for a situation with so many potential outcomes simply didn’t appear to be a good use of time for those at the briefing, although this is likely to change as the terms of the Brexit deal become clearer.

GDPR dominating attention

Far more time was spent discussing GDPR, which makes sense given that it is just months away from implementation and that the consequences of falling foul of the new regulation – including fines of up to four per cent of turnover – are so serious.

Everyone present was in an advanced stage of planning for GDPR – and for some it has been a welcome experience. “I am using it to push for exercises around a potential data breach,” said an attendee from the banking sector. “I want us to consider what kind of breach we might have and how we would respond.”

Another delegate said that her IT team had expanded from three people to 60 in just two years, largely as a result of bringing things in-house to be better prepared for GDPR.

Those are examples of taking advantage of opportunities, if only in a limited sense. GDPR is something that will have to prepared for anyway, seemed to be the view of those attendees, so you might as well find the silver lining.

One attendee from the insurance sector dismissed the idea of opportunity arising from GDPR at all, however. For him, “risk is always about downside”. He argued that regulation is always a drag on technology and innovation – albeit sometimes a necessary one – and that the key is to understand the risk and then accept it.

Technology and risk
For some of the attendees, changes in the European landscape are overshadowed by rapidly changing technology and the threat of longer-term, harder-to-fathom risks, such as climate change.

Most attendees agreed that artificial intelligence is very much on their radar as risk professionals, though a few pointed out that what is emerging at the moment isn’t true artificial intelligence. The A in AI should really stand for “augmented”, suggested one delegate.

Nevertheless, as an attendee from the insurance sector explained, the risk from these kind of technologies is systemic. For example, the 2008 financial crisis was, to an extent, enabled by people who trusted models that they did not fully understand. A similar risk comes with AI, which might draw conclusions about certain things without human operators fully understanding how it did so.

He added that his company has begun exploring facial recognition software to help identify false insurance claims. Customers are asked to record a video explaining their insurance claim and the software looks for minute clues in their expressions that might suggest that they are lying.

The ethical risks around cutting-edge technologies, for example, might require risk professionals to bring in a wider skillset than they are used to. One attendee said that some Swedish companies are adding philosophers to their boards to consider the consequences of using new technologies.

Summarising the debate, Dr Bell said that risk tended to advance in two stages. First, businesses experiment and take risks to exploit a new area. Then they are reined in by regulation. This process repeats in cycles, but she said that it is important for companies to try to strike a balance between the opportunity phase, when the company embraces risk, and the defensive phase, when the risk is in falling foul of regulation.

The most successful companies will be the ones that balance the two and are agile enough to exploit advantages as they present themselves.