Why risk management is the key to responsible innovation

Global companies increasingly recognize the imperative to innovate responsibly. “Move fast and break things” has shifted to “move purposefully and fix things.” This mindset matters, but it’s not enough to ensure truly responsible innovation. The difference-maker is risk management

Most Fortune 500 firms today understand the why of managing risk. From major cybersecurity breaches and tech malfunctions to seemingly minor slip-ups on social media, firms can suffer substantial damage to their brand equity from risks they insufficiently address. More importantly, they can inadvertently introduce major harms to the broader public.

To avoid these outcomes, smart companies consider when they manage risk; what types of risks they monitor; who manages risk; and, crucially, how to operationalize a culture of risk management across the organization.

“Disasters are no longer random and rare,” says Harvard security expert Juliette Kayyem, author of the book, The Devil Never Sleeps. “We have to stop wishing that they were.” Kayyem distinguishes between what she calls “left of boom” from “right of boom” approaches. Actively working to limit or prevent risks is, of course, vital. But the booms – the bad events – Kayyem argues, are inevitable. So it’s imperative for organizations to think through how they respond, rebuild, and recover in their wake.

Circle’s leadership team faced a boom in March this year when Silicon Valley Bank collapsed, putting a fraction of our reserves deposited there in question. As a leading innovator of financial services, we’ve made trust our most important priority. So we knew that our first responsibility was to communicate honestly and transparently with our customers and stakeholders. This was painful but necessary. And it set the stage for our rapid recovery, when we announced – prior to news of a federal guarantee for depositors – that we would protect every dollar with extraordinary measures.

As a type of risk, this crisis in the traditional banking sector was a classic case of a risk to business. But what about the risks from business? How much time and thought do C-suites put into the range of unexpected outcomes that their product offerings and services could generate globally?

Some tech leaders have fallen in love with the idea of disruption without fully acknowledging the costs to those who are disrupted. They also tend to magnify the benefits of innovation while minimizing their costs. The time to institute new norms and regulations was well before, not after, harm is caused .

In short, it’s not nearly enough for companies to “check the ESG” boxes in their annual reports. They need to show how their core business serves the public interest and that the inevitable externalities of their production are well managed.

To do this, leadership teams need to consider who within their organizations are empowered to manage risk. It’s tempting to trust the specialists, such as legal, security, and compliance teams. But compartmentalizing this responsibility is a mistake. Because managing risk is less a matter of expertise than a lived commitment of values.

There’s an old saying in business: you get what you inspect, not what you expect. Corporate mission statements and aspirational values emphasize the latter. The former takes hold only from company incentives, including employee performance metrics, compensation, and – most importantly – standards of governance. That’s why the best firms put into practice a set of tools and incentives so that every department, not just legal, compliance, or security, is empowered, rewarded, and held accountable for actively managing risk.

One ironic blind spot in risk management can emerge among industries that are already well regulated. It derives from a basic confusion about standards. As an architect once put it, building a house to code means constructing the lowest-quality engineered house allowed by law, which isn’t exactly reassuring. Instead of building to code, good architects build to last. The same should hold true for organizations thinking about regulation. Don’t just meet the regulation. Exceed it by setting your own gold standard.

At Circle, we’re driven by a mission to raise global prosperity through the frictionless exchange of value. Wherever possible, we’ve made sure that our effort to build secure financial infrastructure on open, public blockchain networks is fully compliant with regulatory requirements. In some cases, such government regulation has not yet been enacted, so we’ve had to set our own high standards of self-regulation. These standards don’t make risks go away. But they do make facing them much easier.

Such a mindset is key for all leaders looking to make big change happen. We can’t wish risks away. What we can do is face them fearlessly, putting at least as much energy behind the “responsible” as the “innovation” part of responsible innovation. The world we serve expects nothing less.