I attended PwC's annual client and analyst risk summit in Boston earlier this spring. The theme of this year's summit was innovation, which the firm addressed at two levels. One was operational, for which the firm demoed several proprietary products for innovating risk monitoring and compliance processes such as automating know-your-customer compliance, plumbing the dark web for threats, and visualizing risks across supplier tiers. PwC also spotlighted a risk and regulatory services innovation center operated in conjunction with Carnegie Mellon University, where clients are collaborating with PwC and CMU on developing bespoke technology solutions for information privacy and security, audit, and data analytics. The other level was strategic, which PwC addressed through case examples in which engagement with policymakers and regulators shaped innovation opportunities.
While I observe more clients looking to consultants to help them protect their strategies against risks, most prominently in cybersecurity, I rarely see the inverse. I spoke with many consultants and clients this year as part of the update of our innovation strategy and business strategy and planning consulting ratings; one theme that did not emerge was risk. This is a conundrum, because return is a function of risk; those who better understand the risk environment and can manage it, win.
The trouble with making risk management integral to strategy is that with the partial exception of regulated industries the sorts of risks that could unleash innovation are remote from the business. Not remote in the sense of a remote possibility, but in the sense of far removed in space and frequently time too. So companies remotely manage those risks. They hire non-business types (lobbyists and ex-diplomats and regulators), who answer to the corporate office not the business units. Those teams react to immediate threats and opportunities like impending legislation and conduct long-term advocacy, but in both cases much of the doing gets farmed out to lobbyists, industry associations, and think tanks.
My own professional experience sheds a light on why this is so. While working in a business unit of a multinational insurer, I moonlighted as a liaison to the company's government affairs function. The ambition was precisely this one of making risk management an integral part of strategy. A priority at the time was opening up the Chinese insurance market to foreign competition. One initiative we engaged on was the China-U.S. Strategic Economic Dialogue, at the time in its second round. We allocated a number of senior resources, cultivated coalitions with other companies, and worked with a host of government agencies.
A decade later, the Strategic Economic Dialogue is in its eighth round, and Chinese President Xi announced plans to open the country's insurance market in a speech earlier this summer. The company I was part of doesn't exist anymore, at least not in its previous form. The cast of government characters has completely changed, including the presidents of the U.S. and China who sponsored the initial dialogue. The only constant is the institution of an impersonal bureaucratic process.
This is the definition of remote. Few companies can see their way to investing in high stakes initiatives over which they have minimal control and that require significant resource commitments but may or may not pay off after ten years. No business leader makes their name working as part of a coalition behind closed doors. But a business leader will famously or infamously make their name trying to capitalize on the opening of the Chinese insurance market.
Risks do make or break company fortunes, but most companies treat them like Machiavelli's unpredictable and untamable fortune. A modest investment in the traditional government affairs model is a judicious hedge, but it's decidedly not strategic. Facing the same incentive mismatch as their clients, I see consultants sticking mostly to micro rather than macroeconomics. While they market their point of view on macro trends, most project work is about production functions, market structure, and customer behavior. Kudos to PwC's risk practice for arraying its siege engines at strategy's walls, but I don't expect a major breach any time soon.
Nathan Simon is a Senior Director of Research for ALM Consulting Intelligence.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.