By Sean Hughes, Chief Risk and Legal Officer, UniSuper
Readers of this publication will readily appreciate the benefits and opportunities which technological innovation has delivered to society over the course of your careers. My grandmother learned to cook for her brothers and sisters over an open campfire on her family’s farm, and by the time she died she had mastered the art of microwave meals. But in all the technological advances she witnessed and experienced in her lifetime – one thing remained constant. With all the benefits of emerging technologies and consumerism, she still had to manage risks–some of them simple and foreseeable, others which were far beyond her control or imagination.
For those of us in the financial services sector, risk management is the oxygen in our blood. Without risk-taking there is no return, and without return, there is no capital flow to businesses and the broader economy will falter. Yet, over my time working in financial markets, we have seen some examples of the worst form of risk-taking: naked, ruthless, brutal, careless and ignorant behaviour which has infected the financial health of individuals, families, companies, and communities.
“Cyber resilience is a critical competency for corporates and their senior management personnel, as well as the demonstrable ability to have a robust capability to identify, control and respond to cyber risk events”
A common response has been to impose more and more compliance obligations to manage political, populist, and community expectations that “something must be done”! And boards are playing an increasingly forensic role in seeking assurance from management that mistakes must be avoided and failures should be punished.
Have we now reached a point where the addition of ever more demanding obligations to catch those who would do harm, risks curtailing legitimate commercial enterprise, including (good) risk taking? Can we ever create a society in which no harm will be done, no loss suffered and no failure occurs? Is perfect the new normal? And what particular impacts will this have in the technology sector?
Fintech is leading the latest wave of innovation and creativity
1. Fintech arguably cuts out the middle layer of intermediaries and enables consumers to access products and services directly from a range of manufacturers. Data analytics assists both product developers and consumers to better understand needs and risk appetite, ideally leading to better tailored outcomes. More nimble and agile fintech competitors will challenge traditional businesses operating antiquated legacy systems to become more efficient, responsive and competitive, or their sustainability will be threatened.
2. Public authorities should be able to access data and apply tools which don’t just tell them what went wrong and what harms may have been prevented or avoided (‘near misses’) – but more critically, better anticipate and foresee threats on the horizon which might be preventable and avoidable. The potential for regulators to be more than first responders at the bottom of the cliff is too great an opportunity to be passed up.
3. Enhanced inclusion of marginalised communities and developing economies is a real possibility through the broader reach of digital finance capabilities such as mobile banking apps, peer-to-peer lending for micro and small businesses and blockchain for settlements.
With these benefits, come some threats and risks which all market players and gatekeepers have a role to control. The most common policy panacea to manage the disparity in bargaining power between financial consumers and businesses has traditionally been disclosure. So the theory went: consumers would read and understand all the features, benefits and risks of the product or service offering they were entering into, not just at inception, but on a periodic basis for the life of the contract or arrangement. The assumptions underpinning that theory of consumer protection were seriously undermined by events which unfolded not only before but increasingly during and after the financial crisis. Learnings from consumer experiences over that period and behavioural analysis of consumer and investor behaviour has led to a significant re-think of what tools are better equipped to address this risk of mis-matched expectations and outcomes.
With the increase in speed and accessibility of product delivery through technological innovation, the risk of harm too is increasing through incidents such as cyber-attacks, misuse or theft of data and identity. Cyber resilience is a critical competency for corporates and their senior management personnel, as well as the demonstrable ability to have a robust capability to identify, control and respond to cyber risk events.
The evolving and dynamic nature of the global economy, coupled with enhanced borderless e-commerce capability and the constraints on law-makers and regulators to operate outside their geographic boundaries, means that risk management in the fintech era is both challenging as well as exciting. Underpinning much of what good risk managers do is the preservation of a relationship of trust between product and service providers and their customers.
Just as my grandmother had to trust in her ability to use more complex and intangible products over her lifetime, we are asking our financial consumers to trust us that we will develop and deliver the right products to them and we will make good when we get it wrong. Regulators and law-makers are constrained by what they can do with one eye on the past, but good risk managers can look ahead and help us try to avoid getting our fingers burnt.
UniSuper manages the retirement savings for more than 400,000 Australians and other nationalities working in the university; higher education and research sector, and has approximately a $54.7 billion in assets under management.