Back in 2017, with about 10 years of experience in Risk Management, Digital / emerging technologies were new to me. My wake-up call came when I took a new assignment. Just three weeks into my job, my leader requested me to perform a risk assessment of a PoC leveraging Blockchain.

Catalyzed by a fast-changing connected world, increasing obsession with client centricity, Digital Transformation (DX) is the new order, agnostic of geography, industry, product, service or market.   

But, did you know, according to a Forbes Report, a staggering 84% DX strategies do not meet desired outcome?

Here is my attempt to outline the role of Risk Managers in a Digital Era.

Changing Paradigm vs yet another fad

More recently, no corporate strategy session is deemed complete without an update on Digital Transformation (DX). Driven as priority, right from the top by company Boards, DX is a shift towards reinvention of business strategies through the client life cycle. It not only transcends traditional roles like sales, marketing, and customer service but is sweeping through Finance, HR etc.

Between 2020 and 2023, direct digital transformation investments are forecasted at 7 trillion$ with a projected CAGR of 23%. In 2022 alone, spending is projected to touch 1.78 trillion $.

As per a Gartner’s report, despite the pandemic, which only amplified the need, 82 percent of CFOs plan to increase investment in digital spend in the coming fiscal year in significantly higher proportions than on people, culture, legal & compliance.

Pushed by native tech giants, evolving client expectations and to stay relevant amidst intense competition, DX is foundational, and the impact of its explosion is here to stay.

Identifying the perfect recipe

Getting the definition of Digital Transformation vs Digitization vs automation is walking a tight rope and very few organizations have got it right. Studies by Harvard & McKinsey attribute many pitfalls enroute a companies DX journey. The birth of digital strategies take shape at several levels above the actual realm where the benefits are expected to be realized. Some frequently debated reasons include putting cart before the horse - should IT or business lead DX? ‘buy’ vs ‘build’?  Risk Manager attempt fitting archaic risk assessments severely impacting speed to market. Aping a reasonably successful DX approach of a company A will not necessarily work for company B.

Prior to embarking on this journey, a dip stick on the point of departure Digital Quotient and cultural assessment is highly recommended and the learnings should set the tone and speed. For each his own, there is no single secret sauce or recipe to success.

3LoD for Digital Transformation

Across industries “three lines of defence” has been a cornerstone of Risk Management framework. Banks & financial institutions adopted 3LoD for over a decade now. IIA- Institute of Internal auditors formalized this in 2013 to safeguard organizations emerging from the financial crisis of 2008.

In the backdrop of Digital Transformation this framework gets severely challenged and amplified when the key players in the 3LoD try to apply with utmost rigidity. This often contradicts the key tenants of agile decision making and to fail fast & learn fast enabling innovation. The structure inhibits a deeper understanding of processes, collaboration making it too siloed & pushing governance to the realm of the 1st line execution teams.

Blending first & second line…..a welcome change

In July 2020, the IIA - Institute of Internal auditors - published a revised version of its 3LoD, dropping the name “Défense” to reflect its now more inclusive nature under a new banner titled '3 Line Model'. It emphasizes the key principles “communication, cooperation, and collaboration” and that all lines need to work together collectively to contribute to the protection and creation of value.

Born technology Fintechs, Insurtechs, Regtechs have nailed this much better that the traditional companies who have been in business for a century or more, where the organization structures have not caught up with the organizations shift towards transformation.

Enablement vs Policing

Staying true to the principles of protection and value creation Risk Managers need to adapt fast in supporting transformation. Here are few guiding principles -

· Roll up the sleeves and immerse in a ‘all in the box’ along with the business & technology team in co-creation

· Well rounded Digital Risk Management program which is not myopic to technology / security risks but is broad based including talent and cultural risk factors

· Risk Managers will always find it hard to keep pace with the technology changes and lingua of technocrats, but one should be ‘BOLD’ to ask basic questions

· Develop simple & measurable Risk Indicators linked to business outcome which provides a rounded view of key risks

·KRAs of the Risk managers should include ‘enablement’ measures - Failure is a collective failure & success as a collective success

· Risk Managers should include at least 10% of time for learning, industry collaboration & regulator interactions to bring in best practices

Despite these challenges, DX continues to transform client and employee experience phenomenally, albeit a needle movement against potential. Sun Life is in the midst of an exciting transformation journey. We have achieved some phenomenal success in the last 12-18 months accompanied by its share of learning.

Welcome views from Risk Managers.....