Why risk management is the key to responsible innovation
It's crucial to create a culture of risk management across an organization. Image: Getty Images/iStockphoto.
Listen to the article
- In a disrupted world, organizations need to take risk management seriously.
- This means understanding risk from all angles and in all areas of the business.
- Responsible innovation is about managing risk in line with a core set of values.
Global companies increasingly recognize the imperative to innovate responsibly. “Move fast and break things” has shifted to “move purposefully and fix things.” This mindset matters, but it’s not enough to ensure truly responsible innovation. The difference-maker is risk management
Most Fortune 500 firms today understand the why of managing risk. From major cybersecurity breaches and tech malfunctions to seemingly minor slip-ups on social media, firms can suffer substantial damage to their brand equity from risks they insufficiently address. More importantly, they can inadvertently introduce major harms to the broader public.
To avoid these outcomes, smart companies consider when they manage risk; what types of risks they monitor; who manages risk; and, crucially, how to operationalize a culture of risk management across the organization.
“Disasters are no longer random and rare,” says Harvard security expert Juliette Kayyem, author of the book, The Devil Never Sleeps. “We have to stop wishing that they were.” Kayyem distinguishes between what she calls “left of boom” from “right of boom” approaches. Actively working to limit or prevent risks is, of course, vital. But the booms – the bad events – Kayyem argues, are inevitable. So it’s imperative for organizations to think through how they respond, rebuild, and recover in their wake.
Risks to business
Circle’s leadership team faced a boom in March this year when Silicon Valley Bank collapsed, putting a fraction of our reserves deposited there in question. As a leading innovator of financial services, we’ve made trust our most important priority. So we knew that our first responsibility was to communicate honestly and transparently with our customers and stakeholders. This was painful but necessary. And it set the stage for our rapid recovery, when we announced – prior to news of a federal guarantee for depositors – that we would protect every dollar with extraordinary measures.
As a type of risk, this crisis in the traditional banking sector was a classic case of a risk to business. But what about the risks from business? How much time and thought do C-suites put into the range of unexpected outcomes that their product offerings and services could generate globally?
How is the World Economic Forum improving the global financial system?
Some tech leaders have fallen in love with the idea of disruption without fully acknowledging the costs to those who are disrupted. They also tend to magnify the benefits of innovation while minimizing their costs. The time to institute new norms and regulations was well before, not after, harm is caused .
Managing risk
In short, it’s not nearly enough for companies to “check the ESG” boxes in their annual reports. They need to show how their core business serves the public interest and that the inevitable externalities of their production are well managed.
To do this, leadership teams need to consider who within their organizations are empowered to manage risk. It’s tempting to trust the specialists, such as legal, security, and compliance teams. But compartmentalizing this responsibility is a mistake. Because managing risk is less a matter of expertise than a lived commitment of values.
There’s an old saying in business: you get what you inspect, not what you expect. Corporate mission statements and aspirational values emphasize the latter. The former takes hold only from company incentives, including employee performance metrics, compensation, and – most importantly – standards of governance. That’s why the best firms put into practice a set of tools and incentives so that every department, not just legal, compliance, or security, is empowered, rewarded, and held accountable for actively managing risk.
One ironic blind spot in risk management can emerge among industries that are already well regulated. It derives from a basic confusion about standards. As an architect once put it, building a house to code means constructing the lowest-quality engineered house allowed by law, which isn’t exactly reassuring. Instead of building to code, good architects build to last. The same should hold true for organizations thinking about regulation. Don’t just meet the regulation. Exceed it by setting your own gold standard.
At Circle, we’re driven by a mission to raise global prosperity through the frictionless exchange of value. Wherever possible, we’ve made sure that our effort to build secure financial infrastructure on open, public blockchain networks is fully compliant with regulatory requirements. In some cases, such government regulation has not yet been enacted, so we’ve had to set our own high standards of self-regulation. These standards don’t make risks go away. But they do make facing them much easier.
Such a mindset is key for all leaders looking to make big change happen. We can’t wish risks away. What we can do is face them fearlessly, putting at least as much energy behind the “responsible” as the “innovation” part of responsible innovation. The world we serve expects nothing less.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Tech and Innovation
Related topics:
Forum Stories newsletter
Bringing you weekly curated insights and analysis on the global issues that matter.
More on Forum InstitutionalSee all
Beatrice Di Caro
December 17, 2024