Five Golden Rules for value-building operational resilience
Risk Consulting
Collaborative consultancy that embeds risk considerations within your business to unlock your potential.
Sustainability for schools
Five key takeaways from reviewing technology and media companies’ climate disclosures
Change and transformation – a continued threat to resilience?
Is the business case for sustainability for Insurers all about ‘social’ impact?
Consulting from the inside out
Our consulting team combines deep financial services industry experience and specialised expertise in risk and governance with innovative thinking. Our pragmatic, progressive and empowering approach enables us to work with you to build resilience, integrate sustainability, master data, deliver transformation and enhance risk and governance in a way that optimises decision-making and creates lasting value.
The financial services industry is facing an unprecedented period of change. We are trusted by a broad range of financial services companies, with a focus on insurance and asset management, to help them thrive and achieve success in this changing environment.
We work with a range of leading organisations who see us as a genuine, collaborative business partner - from large multi-national corporations to innovative start-ups.
Helping clients overcome key challenges
Building resilience
Integrating sustainability
Mastering data
Delivering transformation
Enhancing risk and governance
Building resilience
We can help you to thrive in today’s fast moving, interconnected business environment by responding to and understanding uncertainty.
What's your challenge?
- The operational risk environment has shifted - threats to the resilience of businesses are more dynamic, more complex and more sophisticated.
- Organisations need to change their perspective to recognise that stresses and disruptions will occur, and there's an increased focus on the way they respond and adapt.
- Approaching building resilience as more than a compliance exercise can help companies to optimise operational decisions and build trust.
We believe investing in operational resilience leads to significant commercial benefits. Focusing first on how approaches deliver value ensures they are embedded, while meeting regulatory requirements as a by-product. Executed well, operational resilience helps organisations to respond and adapt more effectively, build customer trust and achieve strategic outcomes by design.
We can help you:
- Assess and develop your operational resilience approach.
- Understand and strengthen your information security culture and enhance digital security.
- Design, implement and optimise your approach to third party risk management.
- Add strategic value while ensuring your firm meets regulatory expectations.
What do we bring?
|
Practical, award winning industry specialists who understand your business. |
We work with you shoulder to shoulder to build capability. |
|
|
Practical, experienced team in helping you to assess resilience and develop your approach. |
Proven, industry leading methodologies and tools. |
CIR Business Continuity Awards 2020 - Adviser of the Year - Winner Justin Elks, Managing Director, Crowe UK.
Integrating sustainability
We can help you to deliver improved performance by putting environmental, social and governance considerations at the heart of your organisation.
What's your challenge?
- Our world is facing increasing environmental, social and governance (ESG) challenges.
- Insurers, asset managers and wider financial services organisations have a key role in protecting society, providing security, managing risk and supporting economic growth.
- This creates diverse, complex and interconnected risks, which presents new strategic opportunities.
We help you put ESG considerations at the heart of your organisation, so that you can manage the risks faced and capture the opportunities for your business. By aligning ESG considerations with your strategy, we help you to focus on activity that has the greatest impact on performance.
We can help you:
- Develop a clear ESG strategy that supports decision making.
- Integrate ESG and sustainability into risk management.
- Address the risk and opportunities in climate change.
- Enhance your operations and governance to address sustainability.
- Achieve effective ESG management and compliance.
What do we bring?
|
Practical, experienced specialists who understand your business. |
Working with you as 'one team' to support embedding. |
|
|
Translating technical ESG issues to enable their impact to be addressed pragmatically. |
Strengths in governance, risk, resilience, scenario modelling, data, change and transformation. |
“Crowe carried out high-level reviews of the sustainability strategy as it was being created and gave valuable input and challenge, that in turn led to important wider discussions around certain aspects of ESG and sustainability. Crowe played a key role in highlighting the wider business issues and implications of the topics we had raised, so that the Executive and Board could consider and address them. Crowe’s people were very knowledgeable on the subject of sustainability. As they have previously worked with us, they have a good understanding of our business model. This helped them to form an overall view of how sustainability could be integrated here at Just, and to provide highly relevant, practical and tailored advice.”
- Alex Duncan, Group Chief Risk Officer. Just Group plc.
Managing Climate: Change Risk and ESG
Mastering data
We can help you to unlock the value of data through the innovative and practical application of governance, technology and analytics.
What's your challenge?
- Enormous power lies dormant in data, but accessing and utilising that power is often harder than it first appears.
- Overcoming of the constraints which prevent progress.
- Delivering actionable insights for long-term planning and decision making.
- Enhancing competitive advantage and defining market leadership.
- Articulating and maintaining an end-to-end vision for your data.
We aim to help you better understand your customers and their needs, utilising our data solutions to help you achieve your objectives. Our approach helps you improve your processes, making them more efficient and cost effective.
We can help you to:
- Set measurable objectives and deliver upon them.
- Implement advanced analytics and establish key insights.
- Manage your data and model risk.
- Transition with process and change management.
What do we bring?
|
Practical, experienced specialists who understand your business. |
Working with you as 'one team' to support embedding. |
|
|
Strengths in data, governance, scenario modelling, data science, transformation and change. |
||
Delivering transformation
We can help to enable you to deliver successful, value adding transformation through process, technology, organisational and cultural change.
What's your challenge?
- The complexity and volatility of business environments are increasing, consumer behaviours and employee attitudes are changing.
- Designing and delivering successful transformation is often difficult for firms to get right in practice.
- Organisations find it increasingly difficult to respond to and exploit key opportunities that would drive growth and development.
We deliver transformation through process, technology, organisation and cultural change, targeting those areas in which we can deliver significant value, while leaving you in control. Our experienced team can help you overcome the challenges in delivering successful transformation, with a practical mindset and approach that will help you sustain your success in the long-term.
We can help you:
- Mobilise, design, deliver and assure your transformation programme, working collaboratively with your teams.
- Deliver complex change successfully via advisory, delivery subject matter expertise or resource augmentation.
- Plan and deliver supporting activities in areas such as operating models, organisation design, resource modelling, process analysis and culture change.
- Deliver transformation that is sustainable over the long-term, upskilling and training your team.
- Help you select, implement and integrate governance, risk and compliance technology into your business, leveraging our framework and expertise.
What do we bring?
|
Practical experienced specialists who understand your business and why change is difficult. |
Working with you as 'one team' to support transformation. |
|
|
Simplifying the complexity of transformation project issues to enable successful embedding. |
Strengths in programme and change management, target operating models, risk and governance. |
Enhancing risk and governance
We can help to empower you to deliver your strategic outcomes through optimised decision making, governance and risk management.
What's your challenge?
- Over the past decade, there has been significant investment in governance, risk and compliance, driven by regulation.
- A focus on meeting regulatory requirements has not always led to commercial value.
- Governance, risk and compliance approaches need to demonstrate value and deliver improved efficiency and effectiveness.
We believe making pragmatic, practical and proportionate improvements to governance, risk and compliance can unlock real value in strategy and decision making. We think governance, risk and compliance needs to be tailored, and for there to be a focus first on achieving organisations’ strategic outcomes, while meeting regulatory requirements as a by-product.
We can help you to:
- Unlock the value of your governance, risk and compliance approaches.
- Enhance operating models and frameworks to improve the effectiveness and efficiency of approaches.
- Develop and embed tools and techniques to give people the motivation and tools to manage risk effectively.
- Review and benchmark the efficiency and value delivered by governance, risk and compliance practices.
Crowe Risk Consulting has undertaken Skilled Person reviews under Section 166 of the Financial Services and Markets Act 2000, in relation to Governance, Accountability, Strategy and Culture (Lot B) and Controls and Risk Management Frameworks (Lot C) for a wide range of firms. We have also provided practical, pragmatic support to help firms to prepare for, or to manage and address the recommendations from Skilled Person reviews. If your regulator has asked you to appoint a Skilled Person, or you are anticipating they may do in the near future, we can provide you with the skills and experience to help you to achieve a positive outcome.
What do we bring?
|
A team rich in experience in delivering successful governance, risk and compliance programmes. |
Working with you as 'one team' to transfer knowledge. |
|
|
A focus on improving efficiency and effectiveness to provide value while meeting regulatory expectations. |
Strengths in governance, risk, compliance, actuarial strategy, change and transformation. |
The Crowe NED Club
The Crowe Non-Executive Club is an opportunity for you to hear the opinions of your peers and discuss your own points of view. It's a chance to compare notes and exchange perspectives on the real issues and practical challenges in undertaking the demanding role of being a Non Executive Director in financial services business or in other progressive organisations.
As one member has commented previously "the most valuable CPD is talking to other Non-Executives". Attendees benefit from exposure to new and different ideas, best achieved through discussion with peers outside of their organisations under Chatham House Rules, rather than simply through education and training.
The Club is chaired by Mark Stephen, an experienced Board Chairman, Non-Executive Director and CEO, and a previous Board member of the Financial Reporting Council.
Example topics of discussion
Operational resilience - what is it, and what does it mean to NEDs' oversight
Since the publication in July 2018 of a joint Discussion Paper between the Bank of England and the FCA, there has been much discussion and debate between risk and compliance professionals, information security specialists and regulators, on operational resilience. As the resulting Consultation Paper is expected imminently, now is a good time to broaden this discussion to include Non-Executive Directors, given the importance of Board engagement.
At its heart, the outcome of effective operational resilience is simple: a business that can, and is confident it can, withstand, absorb and recover from stresses and disruption whilst delivering promises to customers. As ever with regulatory initiatives, this comes with new things to think about, including:
- Consideration of operational resilience focused on critical business services; the most important products or services a company provides to its customers.
- Having defined critical business services, companies should set impact tolerances — the amount of disruption that can be tolerated in the event of an incident — then test whether this condition can be met.
- Operational resilience embodies a shift in mindset: assume systems will be disrupted, and focus on back-up plans, responses and recovery options to deal with this disruption.
Boards are expected to play a critical role in operational resilience as part of their responsibility to ensure a sound and well run business.
This includes setting clear standards, prioritising critical business services, defining impact tolerances, roles Audit / Tax / Advisory / Risk / Performance Smart decisions. Lasting value. Operational resilience – what is it, and what does it mean to NEDs? oversight, identifying critical dependencies on third parties and critical providers, and being actively engaged in a company’s plans. This is an extension of current regulatory thinking where, for example, Boards are already being asked to take responsibility for cyber resilience.
Well-intentioned, regulatory-sponsored change has often been a two edged sword in developing effective, cost efficient management approaches. For example, the recent focus on conduct has in many firms led to its own separate, siloed framework rather than an integrated part of business decision making. Increasingly Boards are seeking to engage with operational risks, including cyber, which are more important, more dynamic and more likely to crystallise than before; however, operational risk approaches are often seen as requiring significant business time but not focusing on the big issues, offering little in the way of strategic value.
As NEDs start to engage with their management teams on this, there is value in considering how their organisations can maximise their return on investment in operational resilience, seeking to avoid the issues previously experienced with regulatory-driven change. Whilst operational resilience could be seen as another regulatory fad, there is value and significant benefits for stakeholders if approached in the right way. In particular, operational resilience can bring insights into how operational delivery and a company’s business model is supporting the delivery of business strategy, and how changes can help to optimise the business model, improve performance and build resilience.
Thought of this way, operational resilience isn’t just about downside risk; it’s also about a business’s ability to capture and manage opportunities.
We see value in Non-Executive Directors asking themselves the following questions in respect of operational resilience:
- What strategic benefits can be gained from investing in the development of operational resilience?
- Where are the largest vulnerabilities, or areas for improvement? Are our company’s areas of concern the same as those of their regulators?
- How can operational resilience drive strategic value, helping us to engage more effectively with operational risk and resilience in a business focused way that aids decision making?
- How can we avoid operational resilience becoming a separate, siloed framework and approach?
- Who should lead operational resilience? Should operational resilience activity be primarily the responsibility of first or second line functions?
Are companies really ready for innovation?
There has never been more interest and enthusiasm from companies to use data and technology to drive forward the effective delivery of strategy. It is widely recognised that innovation is required in ordered to remain relevant and competitive.
Although using data and technology creates fantastic opportunities, generating real business benefits from a technical and operational platform can be difficult to do, especially whilst also avoiding unintended and adverse consequences.
Introducing and encouraging innovation within a company by ustilising advanced technology (such as machine learning) brings with it a wide range of challenges which may not have arisen before with more traditional projects.
The most successful, and least damaging, initiatives are always those where the vast majority of the likely issues are highlighted right from the outset; and innovation projects are no different. The key to success is being well equipped to collectively identify, and rapidly expand knowledge and expertise in, these new areas.
At the core, there are many questions that a business needs to explore before embarking on an innovation based project or transformation. These need to span traditional topics, such as cost and delivery, but must also branch out to potentially more unfamiliar areas.
To be effective companies, with the help of their boards, must have a shared, realistic understanding of their current maturity in relation to implementing and executing innovation, with an appropriate and tailored road-map for the future.
An important part of maturity is understanding the company's definition of success relating to innovation and the genuine appetite for failure. This needs to involve more than paying lip service; there needs to be confidence that it will be demonstrated in practice.
Consideration of the new and wider issues that innovation brings, such as culture, potential unintended biases and explainability of complex models, prior to presentation of live opportunities, will place companies in the best position to proceed and be successful.
Ensuring success and protecting the business when dealing with innovation requires up front broad and careful consideration of key questions, including:
- What are the non-traditional topics or areas that need to be considered but have a tendency to be forgotten?
- What adverse scenarios do we need to consider and how do we generate the range of possibilities?
- What new skill-sets might be required at senior levels and what are the options that are available to secure them?
- How do we assess the company's readiness for, and maturity to manage, innovation and what steps can we put in place to make appropriate changes?
- How do we balance the need to communicate with and get buy-in from, a vast number of stakeholders with the need for pace and delivery?
- How do we manage and maintain enthusiasm alongside the reality of dealing with day to day issues and challenges?
ESG and climate: The growing challenge and opportunity
We put Environmental, Social & Governance considerations (ESG) on our May 2020 Crowe NED club agenda, as we felt the topics were shifting into the political, regulatory and corporate mainstream. Discussions at that meeting were, quite naturally, dominated by the board leadership challenges of COVID-19; but when we touched on ESG and sustainability there were some significant differences of view. Some attendees strongly felt that work in this area would need to be deferred to enable economic recovery from the pandemic, while others believed that firms should embed ESG consideration more proactively now.
The pandemic has illustrated that companies are capable of changing entrenched ways of working to a degree perhaps not realised; in some cases it has also shown that these adjustments, made at a time of crisis, can bring significant costs and risks. The pandemic, like many crises, has resulted in a re-appraisal of individual and corporate purpose, with a notable shift towards expectations that companies not only deliver financial performance, but also make a positive contribution to society.
Whatever your viewpoint it is clear that the subject of ESG in general, and climate change in particular, will be a significant focus for 2021. In July 2020, the PRA set the expectation that firms should have fully embedded their approaches to managing climate-related financial risks by the end of 2021. The Climate Financial Risk Forum (chaired by PRA and FCA) produced a guide for industry on how to approach climate disclosure, risk management, scenario analysis and innovation.
The PRA also provided feedback that firms’ strategic responses need to be clearer and climate-related financial risks better considered. In November, the Governor of the Bank of England highlighted the challenges of transitioning to net zero emissions, and the key role the Bank sees the UK financial system having – to be resilient to risks from climate change and to play a key role in facilitating relevant investment in the economy. To encourage this, a climate stress test exercise will be launched in June 2021, and firms are being given the clear hint to think about whether additional capital needs to be held against these risks.
The FCA is requiring premium listed companies to improve climate disclosures for reporting periods beginning 1st January 2021 – the start of a longer-term trend. The FCA is consulting in the first half of the year on widening the scope further, introducing Taskforce on Climate-related Financial Disclosure (TCFD) obligations on asset managers, life insurers and pension providers and shifting from “comply or explain” to mandatory disclosure. The FCA is aiming to bring in disclosure rules for the largest firms by 2022, and the Chancellor will require all large companies and financial institutions to disclose climate risk information by 2025.
Whether or not firms want to focus on climate change, it looks like they are going to have to. While regulatory focus can help to create impetus, it does raise the risk that firms don’t address ESG and climate considerations in a sincere way and we see “greenwashing”.
Crowe’s viewpoint is that for ESG to really be a success, not only do each of the E, S and G elements need to develop and progress to support the organisation’s strategy and purpose; there also needs to be a greater degree of linkage and integration between them. This integration is difficult to achieve through regulation alone, and requires organisations to see the benefits that can be realised through a joined-up approach. Activity needs to be focused, prioritised, and explicitly linked to an organisation’s purpose and strategy.
Our January 2021 meeting provides a great opportunity to consider the following important questions:
- What is the business case for investing in ESG and climate for your organisations? What costs and benefits do you see? Will capital increase? How will you measure the benefits?
- Should the focus be meeting regulatory expectations and managing risks; or on capturing value, for example through new products, investments and financing methods?
- Should the focus be purely on climate change, or should there be a more integrated approach to ESG?
- What are the key risks and challenges to overcome, and what role can the board play? How do you balance the short and long-term? Does board governance need to be refined?
- How do you bring your people and other stakeholders, including third parties, with you on the journey?
- How will financial services companies be expected to influence their investees in respect of ESG and climate? What challenges does this bring, for example to outsourced asset management?
