We asked three senior ACCA members for their perceptions of the imperatives for CFOs on risk and regulatory complexity.
We spoke to:
- Sanjay Rughani, CEO Standard Chartered, Tanzania
- Holger Lindner, Chief Financial Officer, Product Service Division at TÜV SÜD, Singapore
- Kelvin Musana, Chief Financial Officer, Standard Chartered Bank Uganda Ltd
1. How, in your view, can CFOs play a substantive role in risk and regulatory compliance?
In my view, CFOs are one of the few trusted advisors to regulators and governments who can raise their voice around new standards and regulations. As such they play an important role in assessing the impact of any new regulation. In the banking sector where I work we need to comply with several regulatory bodies and jurisdictions. To me there are three things that CFOs need to do to ensure that they play a substantive role.
Firstly, CFOs and their finance teams need to understand why the change in regulation has occurred. Every change in regulation has been undertaken for a reason; to protect customers or business. Having a clear understanding of the 'why' gives insight into the 'how' the regulation can be best accommodated and applied.
Secondly, they need to undertake a value impact assessment on the current state and future state impact of the change. This will inform the organisation as to the implication of the regulation on the business model. They should also undertake a capacity impact assessment; whether the organisation is able to deliver the change from its current resources and what additional resources may be needed.
Thirdly, these analyses should be combined with 'what if scenario modelling' to understand the impact on the organisation and its competitors in the market.
Undertaking this work will enable organisations to be better prepared for understanding the impact on business strategy and maximizing on the potential opportunities that arise of regulatory change rather than just accepters of it.
The substantive role that a CFO can play became apparent to me when I observed another CFO from the perspective of a Non-Executive Director. The most significant contribution that this CFO played was to demonstrate independence and perceived neutrality in the discussions, especially in issues such as succession planning for the CEO. The CFO was able to provide factual and unbiased perspectives in what was otherwise an emotive conversation. The CFO was able to act without commercial advantage and provide an outside in, as well as an inside out, perspective.
There were three reasons why the CFO was able to do this:
- Firstly, her role within the organisation gave her a perspective across functions and processes in many departments that others did not have.
- Secondly, this perspective gave her credibility that she was knowledgeable about the business overall.
- The last reason is that she had a role with external stakeholders beyond the customer base, e.g. investors, peers, regulators, competitors, etc., which enables her to provide additional insights.
In most organisations the CFO will have a broad perspective of the organisation. Apart from the CEO they will be the individual who is most concerned about risk and regulatory compliance; perhaps more so even than a CRO in organisations which have them. This is because of the potential impact of non-compliance can have on the bottom line- through fines and losses- which they are overly responsible for. This responsibility is an extension to the risk area like capital, tax, accounting control etc. for which they are normally risk owners
With this in mind, the CFO needs to be comfortable that processes are in place to monitor risks and compliance across the organisation. If these are executed properly then it can improve the risk profile of the organisation.
The CFO, therefore, needs to keep abreast of changes in risk and regulation across the organisation as a whole as it affects their immediate role and the business as a whole.
2. How can risk management and regulatory compliance be used to the strategic advantage of the organisation?
The answer to this question may differ depending on size, maturity of the company, and the composition of its Management team and Board.
I think that there are generally three ways in which strategic advantage can be achieved.
Firstly, I consider that where there is a risk there is also an opportunity. If you identify and quantify your risks, you can also mitigate and manage them to your advantage. Based on a good understanding and management of your risks, you may increase your risk appetite and assume more risk on behalf of your customers. You may e.g. assume a quality control role in the supply chain or regulated products and then charge a premium for your service and increase margins.
Secondly, purely by knowing your risks you are able to be more agile and nimble. You can be better and faster to react to changes.
Finally, if you are seen by outside stakeholders to be able to effectively manage your risks you can improve your scoring and reduce your cost of funding, which is a direct operational outcome.
This is quite a broad question. If risk management and compliance are done correctly and proactively then the organisation should be looking to the future and anticipating potential future regulations. There are several key issues at present that could lead to stricter regulation, such as environmental issues and gender fair pay. As a CFO you need to ensure that you remain informed about these and consider the implications on your business strategy.
If you are able to anticipate these trends not only can you be prepared for any disruption that the implementation of a new regulation may cause, but also you can potentially create commercial advantage from them.
The implementation of IFRS 9 is an example in the industry in which I work. By thinking ahead, you are able to identify the impact and amend your business model accordingly, making relevant changes to your products and services for better returns.
I believe that the spirit of every regulation is in place to protect something. As a CFO it is important to understand the value that this protection gives. In so doing you can identify the advantage in applying the regulatory framework and the benefit to the customers.
In my opinion, CFOs are best placed to evaluate the potential impact and communicate it effectively internally in their respective organisations. They also have the ability to engage and influence regulators through different approaches. An effective analysis of the impact of can strengthen the discussion.
3. Do you see analytical techniques as a tool to assist the management of risk?
Analytical tools can play a key role in the management of risk. In my answer to the previous question I referred to the need to think ahead and be proactive in identifying future risks. Analytical tools can assist in this.
As an example, if you apply them to credit management then you can improve your profiling of individuals and assess their credit worthiness; identifying where you need additional collateral or to charge a premium.
Analytics can also help in building the products of the future. You can obtain data on changing consumer and regulatory trends. If you use the tools well, you can develop products to remain competitive.
There is a need to be careful, however, not to rely on too much data. It is important to maintain a human common sense aspect to appraising the outputs of these analyses.
Absolutely. I am a big advocate of analytic techniques. In this instance CFOs and finance teams should be using tools to undertake scenario analyses, evaluating the probabilities and understanding how the market will react to a regulatory change. There is an opportunity here to use machine learning tools to enhance the level of analyses.
I believe that there is also an opportunity for automation from regulatory change. Most changes are rules based and impact processes and data. CFOs should be attuned to the possibilities of automation, such as RPA, to contribute to the processing.
It is very important to use analytical tools and data. One should assess the impact of risks as variations to a business plan and hence use analytical techniques to mirror the qualitative discussions with quantitative data.
I see this an area where technology and artificial intelligence have a substantial role to play. They can be used to identify and adapt to patterns that would not be obvious if you took a classical approach to data. One advantage AI offers is the dynamic perspective to not only look at transactions but at trends in a dynamic and self-adapting manner.
However, I would advise against an algorithm mode of control and keep people in charge of major decisions.
4. How would you encourage CFOs to have an 'openness of mind' when approaching risk management?
There are several techniques or approaches that I would adopt to achieve this.
Firstly, I would ensure that, as a CFO, you expose yourself to a broader range of organisations than those such as your competitors and peers that you wold traditionally be familiar with. This will enable you to gain an understanding of different risks and regulations that you might not be fully conversant with and how they can be managed to advantage.
Secondly, take opportunities to speak to more junior people; those who have just joined the organisation or have been identified as talents and connectors. They will have different perspectives and may connect the dots in different ways. This forces you to get out of your normal echo chamber of ideas and to take on new things.
Thirdly, you should ensure that you participate in forums and professional bodies; take advantage of and contribute to thought leadership and seek to understand issues that really matter from different perspectives. Never get too comfortable with your own approach. Always challenge yourself. Maximise the value of your ACCA membership.
To me this is a fundamental question. The reality around us is business and environment has continued to get more risky in an ever increasingly complex world and CFO’s cannot afford to continue to be narrow or have a negative view of managing risk. In my experience I have noted CFOs do not tend not to be the most innovative people and therefore see risk management and as basic controls issue. They also see regulation as a 'tick box' exercise at times.
To me risk and regulation are opportunities. CFOs who are supposed to be strategic partners to the CEO and Business Heads need to take better ownership on this matter and proactively understand what value they are protecting. They need to understand and see risk as a friend that can be a valuable asset for the finance function and can assist in driving purposeful change in the organisation. CFOs need to be sponsors and leaders by taking action, managing disruption and driving behavioural change – emerging from any new risk and regulation, this way they enhance their own and the organisational relevance.
As a CFO you not only need to strive to look at risk management and compliance from a prevention and control perspective – these are important. You need to consider how these can create competitive advantage. The evolving role of the CFO as a strategic business partner to the CEO requires you to do this. In this way we can add more value to the business and to the CEO personally.
Read the full article
This article is part of our Digital CFO series developed in collaboration with PwC and Jens Madrian, CFO Reactive Technologies.
Four risk imperatives
Within an organisation, CFOs and their finance teams should:
1. recognise the benefits of becoming involved in the management of complex, strategic risks across the organisation and not merely limit themselves to managing financial reporting risk
2. work collaboratively with others across the organisation to understand and manage risk (for example, with strategy teams, operations, customer centric teams)
3. drive the use of data and analytics to assist in identifying and managing risks across the organisation embracing new tools and technologies to do so
4. look to managing downside risk but also assessing risks in order to identify and capitalise upon opportunities to drive commercial advantage for the organisation.