Businesses nowadays are faced with numerous challenges.
These include public health disasters, coping with ESG (environmental, social, and corporate governance) compliance pressures, geopolitical tensions and disruptive trends such as rapid digitisation, which comes with its fair share of cyber threats.
Recent crises have demonstrated the sensitivity of organisations to shocks and their susceptibilities to business process disruption worldwide. For instance, data from McKinsey shows that manufacturing costs rose in 2020, from five per cent to 20 per cent of total costs.
As a result, the median global gross domestic product (GDP), according to the International Monetary Fund (IMF) dropped by 3.9 per cent from 2019 to 2020, making it the worst economic slump since the Great Depression.
The pace and frequency of risk make disruptions hard to envisage. Hence, to manoeuvre the dynamic operating environment, companies across industries need to plan for the unexpected and build up their response capacities in advance.
This has caused the concept of risk management to evolve from a defensive, reactive response mode to a prioritised proactive resilience-building strategy.
Previously, governance policies identified material risks and internal controls designed to address these risks but inadequately addressed practical risk management. The board determines a pension scheme's risk appetite and limits. Additionally, it has a high-level responsibility to govern risk by establishing the relevant framework to identify and assess risk.
It also defines the risk monitoring and reporting requirements.
The trustees can then delegate the responsibility to design, implement and monitor the risk management plan to senior management or service providers through the audit and risk committee.
The trustees then monitor the extent to which service providers have addressed the key aspects of risk management as compliance will result in meaningful outcomes for the beneficiaries. Yet, these methodologies only increase the probability of anticipating unpredictable risk and reduce the interruption of senior management's core functions by emerging risk.
Take Artificial Intelligence (AI)and blockchain waves, for example. Robo-advisory is expected to deeply and increasingly impact the pension industry's investment management. Cyber threats could fail IT systems and processes, putting firms' data security or assets at risk.