Cybercrime, business interruption and pandemic are just some of the interconnected risks that financial advisers and risk managers have to worry about midway through 2022. We discussed the three aforementioned risks in part I of this two-part newsletter, and tried to make them relevant to advice-focused small, medium and micro-enterprises (SMMEs) trading in South Africa. Today we continue the discussion by unpacking the remaining risks discussed in the recently-published Allianz Global Corporate and Speciality (AGCS) Global Risk Dialogue.
Risk four: New technologies
The emergence of new technologies provides yet another opportunity to illustrate the interconnectedness of 21st Century risks. “With the widespread rollout of new technologies, we are seeing increased reliance on cloud providers, data aggregators, APIs and others,” writes AGCS. “These are all part of the new interconnected world and depend upon critical [IT] infrastructure”. Operational risk is introduced via vulnerabilities that exist in each of these new technologies. For example, what happens to your tech-enabled advice practice if, for some reason, you are unable to access data in the cloud, or if the API you rely on to prepopulate quotes stops working.
The interconnectedness of risk is illustrated here by the potential for cybercrime to cause the disruption to your technology infrastructure. Think it cannot happen to you? Think again! AGCS drew attention to the global outage that shook Facebook (now Meta) and many of its services in October last year. This ‘outage’ is rumoured to have cost the internet giant around USD100 million in lost revenue. “If a cloud provider goes down, the knock-on effects on an organisation’s supply chain can be considerable: the failure of automated systems that rely on shared data could result in lost orders, non-delivery of goods and services, and delays to back-office functions,” they wrote. Cryptocurrencies and digital payments are emerging technologies that financial advisers need to keep a close eye on, because they increase potential for asset bubbles, money laundering and ransomware, to name a few.
Risk five: Regulation, regulation, regulation
This writer confesses to the triple-repeat of regulation in the above sub-heading. We do so in acknowledgment of the extent to which local financial and risk advisers have been subject to regulatory change over the past decade or so. The bottom line is that changes to regulation introduce significant risk to SMME operations. Recent examples from the country’s non-life insurance sector include the binder regulations, which stipulated the functions that non-life intermediaries could perform for insurers, as well as what they could charge for these functions, and the change to premium collection rules, currently underway.
“Regulatory changes often lag behind technological advances, which can inhibit the adoption of innovations; they can also affect a company’s bottom line as they require new ways of working and incur fines and penalties for businesses that do not comply,” noted AGCS. This observation is illustrated by the local regulatory response to crypto assets. Granted, we have seen the occasional policy paper from the Financial Sector Conduct Authority (FSCA), National Treasury and South African Reserve Bank (SARB) dealing with their likely approach; but more than a decade into this emerging trillion dollar plus global assets class we have not seen much by way of concrete guidance or legislation.
Risk six: Natural catastrophes
If the first half of 2022 taught local risk advisers anything, it is that extreme weather events are on the rise. The 11-12 April 2022 KwaZulu-Natal floods caused severe economic damage and loss of life in the area following days of torrential rain… And as we pen this newsletter, areas around Cape Town are under water, again due to high rainfall. Your response to this type of threat should be two-fold: First, are your clients’ assets and lives appropriately protected should a natural catastrophe occur. And second: does your practice have a business continuity plan should the worst happen? Can you continue with ‘business as usual’ following an earthquake, flood or hurricane?
Risk seven: Shortage of skilled workforce
“Access to talent is challenging the tech sector, as well as many other industries, and there is an ongoing need to upskill working populations and reduce barriers to entry for skilled workers from overseas,” wrote Jody Yee, Global Industry Solutions Director for Technology, Media and Telecoms at AGCS in his contribution to the insurer’s Global Risk Dialogue. The issue around skills development has been bubbling through South Africa’s insurance and investment sectors for decades now, with the availability of suitable candidates in specialist areas of particular concern. To make matters worse, many of the old guard are stepping down without there being obvious replacements for their experience and knowledge.
This risk places the need for succession planning squarely under the spotlight. “The older generation is retiring and we do not have enough talent in the pipeline, so a number of organisations are aggressively recruiting,” noted Yee. Of course, South Africa always finds ways to make a complex problem more difficult to address. Locally, financial services firms will soon have to contend with the Employment Equity Amendment Bill (EEAB), which will introduce tougher enforcement of even tighter transformation targets. Skills shortages already stand out as a risk; skills shortages plus EEAB could introduce a business-ending risk scenario!
Some thoughts on risk mitigation
The question becomes: how do local advice-based SMMEs respond to the myriad risks introduced in this two-part newsletter? Having attended countless risk management presentations over the years, this writer suggests a risk management plan as a first step. This would require a comprehensive assessment of your firm’s risk environment and taking decisions about appropriate risk mitigations and risk responses. It seems AGCS, which was writing from a big corporation perspective, concurs: “Business continuity planning reviews are essential and must be regularly updated”.
Cyber risk requires immediate attention because it spills across many of the other risk categories. For example, a ransomware attack could cause business interruption losses as well as derail the various new technologies your firm relies on. Risk transfer through a cyber insurance policy is an option here; but SMMEs should first ensure that they protect their data and IT systems using a mix of regular system back-ups and the implementation and installation of the necessary IT security protocols and systems. And of course, ensure your compliance with the Protection of Personal Information Act (POPIA).
Writer’s thoughts:
It can be difficult for SMMEs to interpret risk reports that are written for a global corporate executive team; but there are clear lessons to be learned. Has our two-part comment on the ‘seven risks to rule them all’ helped you to identify any glaring shortcomings in your SMME advice practice’s risk approach? Please comment below, interact with us on Twitter at @fanews_online or email us your thoughts editor@fanews.co.za.
Comment on this post