As regulations increase in complexity, the lines continue to blur between risk, regulatory, and compliance, requiring many risk management leaders to play a key role in connecting the dots across functions. Their work assessing risks more holistically helps to define a stronger and more resilient risk management program. 

A diverse speaker panel including Amy Matsuo, Principal & National Leader – ESG/Regulatory Insight & Compliance Transformation at KPMG LLP, Luke Figora, Vice President – Operations & Chief Risk and Compliance Officer at Northwestern University, and Mark Beres, Director – Enterprise Risk Management at Panduit, joined Terence (Terry) Lee, VP - Risk at Origami Risk (Moderator) to identify the top regulatory and compliance trends impacting risk management and how teams are planning and demonstrating agility in their risk management programs and approach.

Key Risk Insights to Consider from our OCEG Webinar 

Amy Matsuo kicked off the discussion with KPMG’s Key Regulatory Trends & Challenges of 2021. Paying close attention to reputational risk, ESG, core risk management, cybersecurity, and compliance risk, Amy set the stage with considerations affecting this year’s KPMG 2021 CCO Survey and the broader Risk, Regulatory, and Compliance community. 

 Source: KPMG LLP: Key Regulatory Trends & Challenges of 2021

Some of the most notable obligations recorded in this year’s survey results include ESG, industry-specific regulations, consumer protection, DE&I, and cyber/information security. Amy noted that leaders in 2021 are evaluating the use of automation and technology, regulatory subject matter expertise, and how to best approach the use of data analytics.

Agile Risk Management

With these considerations, Terry Lee shifted the focus to agile risk management, asking Luke (Northwestern) and Mark (Panduit) how their teams are experiencing impacts of these key risk trends and challenges and how they are responding. 

Risk trends and challenges top of mind for panelists: 

• Environmental, Social & Governance (ESG)
• Compliance, Regulations & Pace of Regulatory Change
• Cybersecurity & Resilience
• IT Security
• Data Analytics
• Specific Industry Considerations

 Industry Impacts

The webinar discussion uncovered further considerations within the specific industries of the panelists — Higher Education and Manufacturing. 

Considerations Among Industries: 

Higher Education:

• Pandemic Concerns
• Regulatory Landscape Changes
• Student Wellbeing & Mental Health

Manufacturing:

• Industry Dynamics and Changing Competitive Landscape
• Technology Obsolescence 
• Global Supply-Chain Impacts
• Cybersecurity 
• Retaining and Attracting Talent

Supporting Risk Management Technology

Amy noted that the KPMG 2021 CCO Survey also uncovered some key areas presenting the greatest opportunity and priority for automation: 

• data analytics;
• monitoring and testing; 
• regulatory mapping;
• issues management and investigations; and 
• third-party (vendor risk) management.

Panelists offered considerations for technology investments:

• Evolving risks: can we tailor our technology solutions to account for changes in risks, regulations, and compliance?
• Access to data analytics, reporting, and monitoring capabilities
• Centralization and ability to collaborate across departments: can we utilize a united suite of supporting technology for traditionally siloed functions? 
• Reduction in administrative burden and manual error through automation

"We [Northwestern] started off implementing what is really viewed as a traditional RMIS system - we partner with Origami Risk - focused on things like insurance and claims. And then over time, had some other operational needs [...] We ended up connecting that to our technology solution, so it lives in one place with all of our other risk and insurance information. [...] We just found that we had some parallel efforts going on between Internal Audit and our ERM efforts. We said: ‘Rather than having all of this information all over the place throughout the institution, can we centralize this risk information in one place and try to find ways to automate functionality, so we’re not touching everything manually?’” – Luke Figora, Vice President – Operations & Chief Risk and Compliance Officer Northwestern University

Looking Ahead: Re-thinking Risk

We see Risk Management taking on a whole new dimension, especially over the past few years. As attendees noted in the webinar poll response, risk management is now heavily responsible for Governance, Risk, and Compliance, Business Continuity and Operational Resilience, ESG, EHS, and COVID-19 response across many organizations. 

KPMG offers these considerations:

• Evolving risks and analytics: do you have a full view of trends (i.e., ESG)?
• Investments: where is the organization putting the money around compliance, regulatory, and risk?
• Managing compliance and risk through change: how are you being agile and strengthening existing or new programs in this evolving landscape?

The panel expects risk management to continue evolving and each noted how risk and compliance professionals must be thinking about the alignment between functions and across the organization. Through the use of technology, attraction and cultivation of talent, and connected and collaborative frameworks - compliance, regulatory, and risk professionals can continue to move their organizations ahead in an intentional and strategic way. 

"The key to success [managing emerging risks], that I’ve found, is once you’ve built that process - how do you drive efficiency without losing effectiveness or losing control? The answer for me and my team was finding a Governance, Risk, and Compliance (GRC) solution - namely Origami. It was cost-effective, could drive things like process automation, and be customized to help us deliver results to our stakeholders.” - Mark Beres, Director - ERM, Panduit

To access the webinar on-demand, visit OCEG's website.