Brazilian novelist Paolo Coelho is quoted as saying, “Be brave. Take risks. Nothing can substitute experience.” Unfortunately, this mindset typically tends to work for writers and artists or when it comes to small personal decisions, like where to get lunch or whether going on an adventure vacation is the right move. For risks on the larger scale, there is an entire class who view taking risks as something to be examined in detail, quantified, and assessed to determine acceptable levels and probability: these specialists in the business world deal solely with today’s word, risk management.
Sure, the term can be defined very broadly, and it’s arguable that a great number of our actions are based on basic risk management. For example, there’s a reason why you don’t touch a hot stove, don’t walk in front of a speeding car, or why you do eat spicy food – you’ve weighed up the pros and cons and either deemed an action to be worthwhile or not. This, however, is technically risk aversion. Instead, we’re talking about a very specific and scientifically applied assessment of risk.
Risk management can be defined narrowly as ‘the forecasting and evaluation of risks in business and commerce, combined with the identification of procedures to avoid or minimise the impact of such risks’. Though the term itself was first introduced in the Journal of Marketing in 1948 (“Physical distribution. Risk management. Selling.”), the description of the individual who carries out this function, the risk manager, was ironically introduced 27 years earlier, in Leo C. Marshall’s 1921 book, Business Administration (“The nearest approach to a separate risk manager is to be found in those organisations which have set up comprehensive research bureaus”).
Etymologically, the term is a compound of the words risk, which comes from the French risque, meaning ‘danger or inconvenience, predictable or otherwise’, and the word management, which comes from the Italian maneggiare ‘to handle’, based on the Latin manus ‘hand’. To clarify the initial definition, by way of its components, it is essentially ‘handling possible dangers or inconveniences’.
Following 4 basic points, the risk management cycle is a constant process of identifying risk, assessing risk, controlling risk, and reviewing controls. While each point is essential, controlling risk, which happens through compliance, is arguably where theory meets reality.
With more regulations coming into play, such as data security, corporate governance, and sustainability/environmental requirements, compliance stands to become ever-more essential. The 2018 Thomson Reuters Cost of Compliance survey of 800 financial services firms across the world showed that 58% of respondents plan to spend more time communicating with regulators, ⅔ of survey participants expect increases in the compliance budget to be necessary, and 43% expect the compliance team to grow.
Given the emphasis now being placed on compliance with international standards in order to demonstrate global industry leaders, properly investing in compliance and overall risk management is an advantage not to be overlooked.
