{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
Maximize value
What are the top risk and regulatory challenges for Canadian organizations today? And how are they adapting their risk management strategies to stay ahead of an evolving compliance landscape?
In our latest audio blog, PwC Canada’s Shawn Reain, Jennifer Johnson and Jean McClellan discuss our 2022 Global Risk Survey and what it reveals about how organizations can lead with trust and confidence. They explore why digital and strategic risks are top of mind for Canadian respondents, some of the investments they’re making to address them and key opportunities for them to more effectively navigate today’s increasingly complex compliance landscape. They also talk about solutions to the critical issue of people, talent and skills as well as what leading organizations are doing to address risk management challenges in a formal, enterprise-wide manner.
Shawn:
Hello everyone. I'm Shawn Reain, PwC Canada's Compliance Transform leader. Today I'm excited to chat with my colleagues, Jennifer Johnson, and Jean McClellan, and get their perspectives on key themes that emerged from our recently launched 2022 Global Risk Survey. And the opportunities Canadian organizations have lead with trust and confidence as they navigate a continually changing risk landscape. Jenn and Jean, would you mind taking a minute and tell us about your roles at PwC?
Jenn:
Hi, I'm Jenn Johnson and I'm a partner in our Risk Practice and I'm also the markets leader for Cyber, Privacy and Financial Crime, a dynamic and interesting area for all of us.
Jean:
Hi everyone. I'm Jean McClellan. I lead PwC Canada's Workforce of the Future Practice. So really what is that? It's the human side of business and it's great to be here today.
Shawn:
So we have a lot to talk about, but let's start by highlighting some of the key themes that emerged as we dove into the data from the risk survey. So it's clear that keeping pace with digital transformations is a challenge for organizations alongside issues with risk technology and external compliance pressures. Organizations are trying to address these challenges, but it seems to be more at a business unit level rather than an enterprise wide level. Additionally, in many of them, there is no single point of responsibility for risk management, which can muddy waters in terms of accountability and a clear strategy.
Nearly two thirds of respondents are increasing technology spend to help manage risk in 2022. Data analytics and process automation are the focus for risk management tech spend. Three quarters are also adding digital capabilities to support the risk workforce. Jenn, looking at the survey results, what are some of the most prominent issues for Canadian respondents?
Jenn:
A key issue throughout the survey was just how complex compliance become, which you can see in the high number of respondents who cited external or compliance pressures as a significant challenge. Regulatory requirements continue to grow and now we see even more pressures with the current geopolitical situation and evolving sanctions environment. Keeping current has never been more important. In Canada specifically, key concerns include digital risks, such as cybersecurity and information management, data management and technology resilience. To respond to these challenges, many Canadian respondents say they've been investing in technology solutions but only about half say that they're seeing tangible returns from their spending on risk technology, which is great news for those organizations that seem to be ahead of the game, but not so good for the other half.
Jean:
And I'll add to this, Jenn. From a people perspective, we also saw strong concern about broader strategic risks, like the availability of talent, which was a much higher concern for Canadians versus the global community. And a significant number of organizations say that they will compliment their technology investments with people and process changes, which may help to address the gap in return on investment Jenn mentioned,
Shawn:
Jean, I couldn't agree with you more, talent is a huge issue right now and a big concern in the future. And Jenn, I think you've hit on one of the key issues at the heart of compliance challenge for many organizations, the need to take a more integrated approach. You've both touched on many of the top areas of concern: strategy, process, people and technology. Let's consider the strategy challenges that surfaced in our study. 79% of respondents said that keeping up with the speed of digital and other transformations within their organization was a significant challenge to managing risk.
Despite this, only about half say the organization is addressing this in a formal enterprise-wide manner. We'll talk more about this bit later, but key drivers of this challenge are gaps in integration, not just from a technology perspective, but in accountability spread across internal business units, as well as people from risk functions across the organization. We've also talked in previous blogs about the inherent technology process and people challenges many clients face, and our global risk survey underlies just how significant this is. For example, a significant number of Canadian respondents cited technology solutions that don't work together as a major challenge in managing risk. Even so, very few are addressing it in a formal enterprise wide manner.
Jenn:
And Shawn, if we consider that for a moment, it's no wonder that large numbers of respondents are still concerned about risk processes that are manual and time consuming, which in turn makes them costly and difficult to manage. I think the key point here is that technology needs to be integrated not only to ensure success functionally, but also to gain buy-in amongst the end users.
Shawn:
I couldn't agree more Jenn; process and technology risk will continue to be a focus. I'd also like to explore the people side further. Jean, can you comment on what the study surfaced in terms of people risk challenges?
Jean:
Yes. People and resources continue to pose a significant organizational challenge in respect to not only the struggles with adopting new ways of working, but also we saw that individual skills were a top concern for risk executives. 67% of people noted that risk owners lacked the required skill sets. But there were other things, so unclear division of responsibilities and accountabilities for risk was also flagged and 66% noted high employee turnover in risk functions.
Shawn:
Yes, talent retention and attraction is a challenge that continues to present significant risk. Overall, I think the good news is we see a maturing of organizations’ approach to risk management in response to these challenges. Many are recognizing the value of a proactive approach, adding technology and digital capabilities to support risk functions. And restructuring risk functions is a priority with 74% of organizations. Indicating this would be a focus for increased spend in 2022. Jenn, what cut your eye in terms of spending priorities on risk management,
Jenn:
A few things Shawn. So many organizations are planning an increased spend in the area of data analytics, process automation and technology to support the detection and monitoring of key risks, which will be important in moving that risk management needle forward. A large number of the Canadian organizations that responded are planning to increase their spend on managed services. This demonstrates a recognition that sometimes organizations are seeing gaps in their internal resources and capabilities, and they're looking for ways to improve their approach. Complimentary to this, cybersecurity appears to be a focus for many, and there's an increased spend on managed services for cybersecurity in 2022. This was consistent across all industry segments, and even those organizations that anticipate a decline in revenue are planning to spend more on cyber security services. In our Digital Trust Insight Report, we saw that 66% of Canadian organizations are expecting their cyber budgets to increase in 2022.
This isn't really a surprise though, considering the remarkable digital acceleration that's occurred over the last two years and which shows no signs of slowing down. Organizations are experiencing increased digital risk and regulatory demands, which mean more resources and spend is required to maintain trust and secure their assets. Given this environment and the interconnected ecosystem in which most organizations operate, third party risk management is also a hot issue right now. 12% of respondents rate supplier or third party risk in their top three risk concerns. Notably, the OSFI just released their new Draft B-10 Guideline for third party risk management for federally regulated financial institutions. Another example of a changing regulatory landscape at the sector level.
Shawn:
Jean, can you talk about how organizations are addressing some of the people challenges you mentioned? I know user experience is a big issue when implementing risk management technology.
Jean:
Yeah, many organizations are focused on user experience. But when it came to complimenting risk technology investments with people and process changes, only 57% of organizations in the study said that they're currently doing this. So there's a bunch of opportunities I want to highlight. So first of all is to increase the focus on technology enablement, not just the technology, that can really increase your return on investment. Next is about considering alternatives to build capacity, so for example, looking at managed services is an option, looking at your head count and doing some assessments about whether you have the right balance matched with the right activity. And finally, potentially a reorganization of your risk function. With that in mind, building the three lines model and defining the balance of resources across those three lines is something that every organization should be considering.
Shawn:
And Jean, what are some of the other key findings related to the workforce?
Jean:
Yeah, there were some interesting things. So 73% plan to increase spend to support a restructure of their risk functions, and that was slightly higher than the global number of 68%. So when we think about that, some of the interesting things to consider as you're going through that restructuring are creating ethical frameworks for new areas in the business like AI or internet of things, things like investing in first line risk management processes and tools to help support that part of your business. You can consider defining a new balance between your first line and second line resources, and then thinking about how each of the lines are going to collaborate with one another, so how that integration works across your organization and finally building the right culture and the behaviors. We all know that culture eats strategy for breakfast, so focusing on those underlying cultural aspects of your risk function and your organization can be a real accelerator for success. And then finally, 47% indicated that they expect their organizational revenue will be significantly impacted by an acute talent shortage, so these items and these considerations remain very, very important for organizations in the future.
Shawn:
Very interesting. Jenn, considering how fast the risk landscape is changing, what are some of the emerging trends that may cause the most disruption in the future?
Jenn:
Well, Shawn, we know that cybersecurity regulation is and will continue to be a critical issue. Risk professionals are already paying close attention to cybersecurity regulation, including incident reporting and privacy laws; this will only grow in importance. Thinking about some of the other emerging trends, the impact of cryptocurrency is a key consideration for organizations with more than three quarters already monitoring and assessing risks or implementing a risk management plan. This was followed closely by autonomous decision making systems like machine learning and AI as well as central bank digital currency.
As technology is expected to have the most disruptive impact, the pace of change is happening so quickly. One consideration is the ability for regulation to keep pace with these changes and in turn for risk functions to be able to respond accordingly. I think there's also an underlying recognition that disruption in many shapes and sizes can and will continue to occur, which is to say that a focus on risk prevention and detection isn't enough. Focus must also be placed on operational technology resilience as well. We're seeing regulators increasing focus on this topic and we can and we'll expect to see more in this area in the coming years.
Shawn:
That's really interesting and I think those emerging trends only add to the need for organizations to stay ahead of this complex risk landscape. I know many listeners will be looking for perspectives on what they do next, so I'd like to leave you with a look at some of the things the leading organizations told us they're doing about compliance. Firstly, they're addressing risk management challenges in a formal enterprise-wide manner. Secondly, they're complimenting technology investments with a significant increased spend on practices affecting the risk management workforce. And thirdly, they have a proactive approach and mindset to risk management across the organization. Jenn and Jean I'd like to thank both of you for sharing your insights and thank you for listening. If you're wondering about what the compliance transformation journey looks like for your organization, our contact information, as well as a link to the full 2022 Global Risk Survey Report is at the bottom of this page.
“I think there's … an underlying recognition that disruption in many shapes and sizes can and will continue to occur, which is to say that a focus on risk prevention and detection isn't enough. Focus must also be placed on operational technology resilience as well.”
Rate the content on this page
Five stars = highest, one star = lowestThank you for your feedback
Jean McClellan is Leader of PwC Canada's national people and organization practice as well as our workforce of the future platform. She focuses on working with Canadian and global teams to find the most effective organizational structures, adopt large-scale transformational change and improve human resource functions.
Jennifer Johnson is PwC Canada’s Cybersecurity, Privacy and Financial Crime Markets Leader. She brings more than 20 years of experience both in Canada and the United States supporting a variety of organizations with risk management and internal control matters.
Shawn Reain is the Compliance Transformed Leader and the National Tax Markets Lead at PwC Canada. He has more than 30 years of experience helping organizations address evolving market trends and solve their important problems.
Risk and Regulatory Platform Leader, Partner, International Tax, PwC Canada
Tel: +1 416 869 2372
National Enterprise Risk Management Leader, Partner, PwC Canada
Tel: +1 514 205 5438