Beyond Buzz Words - What’s New in the World of Risk, Resilience, and ESG?

Introduction

The last two years have been nothing short of a roller coaster. We stepped into 2022 with a lot of uncertainty around the COVID-19 pandemic as newer variants and sudden outbreaks in various pockets around the globe continue to keep optimistic sentiment in check. Added to these are the uncertainties surrounding geopolitical tensions that upended global stock markets, heightened cyber threats, and worsened supply chain woes. Businesses, still coming to terms with the post-pandemic era, are now wary of what’s next. As the first quarter of 2022 is coming to a close, let’s find out what made it to the headlines, through the Governance, Risk and Compliance (GRC) lens.

Top Risks for 2022

According to the World Economic Forum Global Risks Perception Survey (GRPS) 2021-2022, the three most potentially severe risks over the next 10 years are all related to environmental factors – namely, climate action failure, followed by extreme weather, and biodiversity. With regards to the “scars of COVID-19”, the WEF observes, ‘“Social cohesion erosion”, “livelihood crises” and “mental health deterioration” are three of the five risks that have deteriorated the most globally through the crisis, according to the GRPS. These three risks—and the pandemic itself (“infectious diseases”)—are also seen as being among the most imminent threats to the world.’

In its Risk Management Predictions for 2022, the Global Association of Risk Professionals (GARP) said that interest rate risk, regulatory changes, supply chain disruptions, credit risk, and human capital risk are the top areas of concern for risk professionals this year.

Gartner identified poor and inadequate talent strategy – recruiting and retaining talent – as the top emerging risk for organizations. The research and consulting firm said that the constant turnover can lead to multiple organizational disruptions, including degradation of workplace culture, loss of institutional knowledge, and more.

Cyber risk continues to be a top concern for organizations across industries. A number of government and security agencies have recently issued regulatory guidance to help organizations boost their cybersecurity measures. For a deeper dive, read our blog, Boost Cyber Resilience – Here’s What Cybersecurity Agencies are Recommending.”

Earlier this month, Gartner listed the top seven security and risk management trends for this year. This includes attack surface expansion, digital supply chain risk, identity threat detection and response, distributing decisions, beyond awareness, vendor consolidation, and cybersecurity mesh.

Discover the top GRC trends of 2022. Download 8 Key Trends Powering 2022 and Beyond.

Growing Focus on Agility and Resilience

Strengthening business resilience has become a key focus area for organizations, particularly in the post-pandemic world. Local regulators too are issuing guidance and framework requirements to ensure that organizations have the necessary measures in place to continue critical business operations when faced with any risk event.

Earlier this month, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released new guidance on “Enabling Organizational Agility in an Age of Speed and Disruption.” The guidance underscores how organizations can succeed by becoming “more anticipatory, agile, and adaptable.”

In the UK, the Prudential Regulatory Authority’s (PRA) new rules – SS1/21 and SS2/21 – on operational resilience, third party risk management, and outsourcing will come into force on 31 March 2022. Announcing its 2022 priorities for international banks active in the UK, the Prudential Regulation Authority (PRA) said that firms must have identified and mapped their important business services, set impact tolerances, and initiated a scenario testing program by 31 March 2022.

The ESG Conversation

Environmental, social, and governance (ESG) factors have become a talking point for regulators and businesses alike.

On March 21, the U.S. SEC was scheduled to vote on proposed rule amendments that would require SEC-registered companies to disclose certain climate-related information. The regulator said that the proposed disclosures are “similar to those that many companies already provide based on broadly accepted disclosure frameworks, such as the Task Force on Climate-Related Financial Disclosures and the Greenhouse Gas Protocol.”

In January, the European Banking Authority (EBA) published the final draft implementing technical standards (ITS) on Pillar 3 disclosures on ESG risks. By setting mandatory and consistent disclosure requirements, the EBA ESG Pillar 3 package will help institutions to address the shortcomings of their current ESG disclosures and will also help establish best practices at an international level, the EBA said.

Last month, the European Commission (EC) adopted a proposal for a directive on corporate sustainability due diligence. The new rules set out due diligence obligations for companies to identify, prevent, end or mitigate adverse impacts of their activities on human rights and on the environment.

Are you Building an Enterprise ESG Program? Here's How Technology Can Help You Succeed

Looking Ahead

The risk and regulatory landscape continue to evolve at an unprecedented pace. Nobody can be sure about what’s in store for GRC professionals over the next three quarters. Organizations can, however, enhance their risk visibility and foresight and become future-ready by leveraging connected, agile, and tech-driven GRC solutions. To request a personalized demo, click here.