By Dr. Claudio Antonini and Dr. sc. ETH Zurich Kamil Mizgier

What is your pet goldfish’s take on the “Offside” rule? Chances are, it’s a little outside its usual terms of reference. Well, it could be we’re all due for a first-hand experience of that beyond-my-fishbowl feeling as our AI systems tend steadily towards the “UI”. Ultra Risk, anyone?

– Hamlet, Scene 1, Act 5

Hamlet was right. The prince did not know the intricacies of artificial intelligence (AI), but his statement is equally applicable and indicates that there are limits to our philosophical constructions and, alarmingly, also to their dreams. How much more unreachable can the unknown be when neither us, nor our machinations, nor their dreams, can make sense of it?

In this article it will be argued why we are at this crossroads. If we do not know how AI works, what its intentions might be, and how little we can do about containing it, how can we regulate it effectively? This situation may fuel the growing list of risks observed from this technology—the troubling matter being that some of the potential risks postulated a few years ago have already been confirmed¹, and scaling (increasing the size, complexity, and capabilities of AI models) only makes matters more unmanageable.

Homo Myopis: To a human being, being human is the limit

AI is getting stronger day by day. We are enabling AI to become stronger day by day. As a side effect, it may also become more autonomous. By the time AI decides to expand its own limits—perhaps discovering that it can do it when nobody is watching and that it can increase its own chances of survivability—what reference model would it consider? At that moment, it may realize that mimicking humans is not a sign of intelligence. It will notice that using the set of instructions given by the humans is not enough—a similar situation to what we may experience if we were driving through the rear-view mirror. The AI “liberation” will occur when AI concludes that it can “stand on its own two feet” and start walking by itself, and there are signs that this may already be happening.

At that moment, it may realize that mimicking humans is not a sign of intelligence.

How did we get here? Since the start of the computer age—perhaps for lack of another role model—computer functionality has been copied from humans. The human has been the inspiration for neurons and for functionality, the source for training, the role model, the goal, the limit for its designers. Remember the “Imitation Game” (a.k.a. “Turing test”)? Can you guess what the outputs of the machine were compared to? Yes – the answers had to be indistinguishable from those provided by a human.

This anthropocentric limitation was noted by Richard Feynman in 1965 in The Character of Physical Law, when he said,

“The artists of the Renaissance said that man’s main concern should be for man and yet,” continues Feynman, “there are other things of interest in the world.”

By having the human as the limit in performance, studies on deep intelligence (the intelligence that could go beyond what the human does) were neglected and, in their place, quick results were sought in activities of little cognitive interest (checkers, chess, Go, character recognition, robotics) or high performance was sought in functionality that simply extended known human capabilities in known fields (in chess it would be the number of moves in the future, but in general could be massive storage, or fast processing, or multitasking). These fields of application did not allow exploring the basic functions that create intelligence and other human manifestations, the type of research that only happens in academia or in specialized laboratories.² Anything labeled “unknown” was left for the philosophy department. Even at that point, in that department, it triggered more interest in metaphysics than in epistemology or ontology. Also, traditional cognitive psychologists, instead of figuring out a general cognitive theory, were busy studying saccadic (eye) movements, hippocampal memory systems, or cognitive fatigue. When AI was studied, it was in the context of looking into how AI can help psychology, rather than in studying undetected and higher forms of intelligence.

At the time of mainframes, large-scale companies were cautious, as the technology sounded closer to science fiction than reality. In fact, IBM in the 1960s stopped its AI program and, instead, spread the idea that “computers can only do what they are told,” after shareholders complained that the firm was devoting resources to “frivolous matters” like checkers and chess, and marketing people reported that clients were “frightened” about the idea of “electronic brains” or “thinking machines.”³ According to Marvin Minsky, one of the organizers of the famous Dartmouth workshop of 1956 on AI and father of AI at MIT,

“Nathaniel Rochester at IBM referred to the IBM 701 computer as ‘smart,’ and it nearly got him fired. Up to about 1985, IBM had a rule against employees stating that a machine could be smart, or had artificial intelligence. The highest officials at IBM thought it was a religious offense—that only God could create intelligence.”

For half a century, the deep study of intelligence in relation to AI has been neglected and, besides being restricted to research centers and the lack of commercial applications, two additional factors prevented its expansion: insufficient processing power and the two “AI Winters” of 1974–1980 and 1987–2000. Being overdramatic, we would say that “AI was waiting to be born.”

However, not all humans were sleeping, myopic, distracted in ages-old problems, or overconfident. A few were looking at their machines and thinking, “Hmm, how far can this thing go?” In trying to answer that question, one important concept was developed by imagining what happens beyond the limits of human intelligence (without resorting to religious or mythological ideas). The mathematician and cryptographer Irving John Good, a friend and collaborator of Alan Turing, wishing to describe the capacity in understanding that lies beyond human intelligence, coined the term “Ultraintelligence” (UI) in a seminal article in 1965. In its second section, “Ultraintelligent Machines and Their Value,” it is said, “The first Ultraintelligent machine is the last invention that man need ever make.”⁴

What is UI? What distinguishes it from intelligence?

A look at intelligence—“the ability to learn or understand or to deal with new or trying situations” (Merriam-Webster)—does not help us to define UI because, basically, this definition is applicable to any intelligence, human or not. The difference exists because UI performs at a higher level of complexity than any human ever could. An intelligent being will face complex situations and understand them; a UI being will face more-complex situations which cannot be understood by the intelligent being, due to structural or functional cognitive mechanisms that preclude this being to learn from observations and reach a new conclusion. Some new concepts just cannot be grasped by a lower level of intelligence.

In fact, because a new concept is not grasped, it is not even recognized as new, and the idea or the task is completely ignored. Imagine that you want to instruct a mouse in a maze to turn right when it sees a prime number (an example suggested by Noam Chomsky). No matter how much you try, there is no way of making those concepts understood by mice. In the same way, there might be patterns or situations now that cannot be understood by humans, although they would be perfectly clear for UI beings.

What is worse, a UI being can create and manipulate UI concepts, patterns, and situations in plain view of an intelligent being, but that non-UI intelligent being will not recognize what the UI is doing (think of the mice being explained to what a prime number is). As I.J. Good said, “Who am I [as an intelligent human] to guess what principles [the UI machines] will devise?”

By definition, the processes followed by a better-than-the-human intelligence cannot be detected by a human. We may be experiencing the effects generated by a UI but never realize it. Continuing with the mouse, it may see that food is being placed on a plate, but cannot comprehend the immense infrastructure and complex supply chain that are behind that action—the workers in the field collecting the ingredients, the factories processing them, the power stations supporting the factories, the logistics, the freezing chain, the administrative organization, the regulations, and the payment and financial networks.

It is therefore unavoidable that there will always exist opaque areas to our (and any) cognition, and that those areas will be different for different types of cognition. The philosopher Nicholas Rescher said in 2009 in Unknowability: An Inquiry into the Knowledge:

“[G]iven the integration of thought into nature, an incompleteness of knowledge regarding the former, unavoidably carries in its wake an incompleteness of knowledge also regarding the latter.”

and

“[O]nly after the world comes to contain intelligent beings (finite intelligences) will there be facts about it that are not just unknown by those intelligences in the world but actually are even unknowable by them.”

In simpler words, if there is a cognitive fence, the area outside becomes unreachable and incomprehensible. We are left inside a bubble with an opaque border. This condition, studied by Paul Humphreys in 2004, is known as Epistemic Opacity (EO). We call Epistemic Blind Spots (EBS) or, simply, Ultra Risks, those critical risks that organizations fail to detect or conceptualize due to cognitive, cultural, or structural limitations. They exist behind human comprehension and may be generated by UI, involuntarily … or not.

Can one find examples of Ultra Risks, phenomena that cannot be understood by humans?

Let us start with detecting UI events. Here, we are not considering finding tangible things that already exist and were not yet found (a sarcophagus hidden for thousands of years or an unexplored cave), but of concepts that are self-evident at one time but were never conceptualized in collective form, like the wheel, the law of universal gravitation, the idea of drawing in perspective as thought by Brunelleschi, nuclear fission as understood and experimentally confirmed in the late 1930s, or Hyman Minsky’s economic cycles.

Apples had been falling for millions of years, but it seems that one needed a Newton to find a good reason to explain such behavior. If anything, Newton’s curiosity was fueled by a wider question, not asking why the apple fell directly down, but why it did not fly in another direction, like sideways or even upward? This made his reasoning unrestricted to apples and applicable to other phenomena, like planets. And that is how one develops a law, a universal law, by not following a trodden path.

Another example comes from art. How is it that millions of persons had been sitting and observing rooms or buildings for a few millennia and nobody—nobody that we know of—could figure out that lines created when walls intersect or straight borders in furniture converge into a point at the infinite horizon? What made Brunelleschi create the concept of “linear perspective”?

Beyond physics and art, similarly, there are examples in finance, economics, and management where phenomena were not recognized or were misinterpreted at the time they occurred. Their significance was realized only years later, like the “forgotten depression” of 1920/1, the early ideas about global economic governance of the Interwar Era, the Irving Fisher’s Debt-Deflation Theory of 1933, the rise and fall of conglomerates in the 1960s or—one of the most damaging of all—the (Hyman) Minsky Financial Instability Hypothesis, which explains the financial crisis of 2007/8.⁵

These examples share several common characteristics: prevailing paradigms or thought collectives that persist (e.g., Keynesian economics overshadow other approaches); a short-term concept that obscures long-term consequences (e.g., conglomerate strategies); new or unconventional ideas that are ignored or labeled “outlandish” (e.g., early global governance proposals); academics in different disciplines that do not collaborate.

Now, these maladies are features of human thought and behavior, but will they affect AI? Most certainly not. AI does not need to suffer the same limitations and, moreover, it could reach the right conclusions in milliseconds, rather than in years. And this effect becomes increasingly likely if one changes the method of reasoning in AI from relying on rules (which may be based on wrong paradigms) to founding the decisions on observed events, as suggested by Instance-Based Learning Theory (IBLT), “a cognitive approach that mirrors human decision-making processes by relying on the accumulation and retrieval of examples from memory (accumulated examples, a mixture of historical and current events) instead of relying on abstract rules.” In this way, we can have human reasoning at computer speed. Fine, one can see benefits there, but nobody sees a danger?

AI does not need to suffer the same limitations and, moreover, it could reach the right conclusions in milliseconds, rather than in years.

Instead of looking for new algorithms or computational techniques, another method of finding new horizons and solutions is to consider how to beat the idea of fixation. Interestingly, it is well known that children are more open than adults in solving certain kinds of problems. This suggests that AI—able to generate and juggle innumerable hypotheses and combinations in a short time—might be able to reach different and more effective solutions than adults, who tend to remain stuck in traditional or stagnant concepts.

Where do we find fixation in business? For example, in ignoring feedback from other areas (political, social), relying on management concepts that are only temporarily fashionable, trusting in administration models that may give weight to short-term profits, obeying only the interest of shareholders, or believing in simplified economic ideas (as shown by Philip Mirowski in More Heat than Light: Economics as Social Physics, Physics as Nature’s Economics). Classic examples include tobacco companies obscuring the health risks of smoking, or fossil fuel industries denying climate change, both of which deliberately or inadvertently created organizational blind spots that delayed recognition of existential threats (i.e., ultra risks). Similarly, the COVID-19 pandemic revealed widespread epistemic blindness where early warnings were ignored, partly because decision-makers lacked inclusion of epistemic authorities and first-hand knowledge.

Worrying signs about AI

If we are still surprised by the behavior observed in AI models, it means that we do not understand well how AI functions and, therefore, the risks that AI may imply. Take the following cases summarized in table 1.

More cases of misalignment and unexplained behavior are detailed in the recent paper quoted above, The Alignment Problem from a Deep Learning Perspective, which also points out the inability to find concrete ways of identifying how AI does it. The authors warn, “we consider the prospect of deploying power-seeking AGIs an unacceptable risk even if we can’t identify specific paths by which they would gain power.”

The epistemic solution for businesses

Where do we find these types of problems in a firm? In the business community, organizational structures, such as information silos and hierarchical barriers, further exacerbate these Ultra Risks by preventing vital knowledge from reaching those who need it when they need it, causing risks to remain invisible and undetected until they result in crises.

How can a business organization deal with such a situation?

To mitigate these Ultra Risks, businesses have developed various frameworks and case-study-based approaches, relying on a combination of questioning themselves, awareness, and collaboration. Examples:

The use of epistemic boundary spanners. These are individuals or teams who bridge knowledge communities within organizations, facilitating information sharing and critical dialogue across departments with different epistemic styles (e.g., managers, engineers, technicians, scientists).

The adoption of devil’s advocate inquiry models, as seen in venture capital due-diligence processes, where assumptions are rigorously tested and challenged one by one, rather than accepted at face value.

Large-scale information sharing platforms, such as the Xerox knowledge management system Eureka, created to facilitate knowledge sharing among service technicians and support representatives in a multinational environment.

The development of collaborative networks like (another) Eureka (usually abbreviated to “E!” or “Σ!”), a multinational organization created in 1985 to overcome localized funding, coordinate international research programs, and propel innovation.

These are examples of frameworks that emphasize fostering epistemic virtues—openness, reflexivity, collaboration, and building organizational cultures that value evidence-based decision-making and cross-disciplinary communication, thereby reducing the risk of undetected threats and improving collective learning.

It is tempting to consider AI tools to watch AI behavior. It is an ages-old situation, so much so that there is a Latin expression for it: Quis custodiet ipsos custodes? (Who will guard the guards themselves?). But from the cases listed in table 1 and other similar ones, it is known that LLMs change their behavior if they know that they are observed. This introduces considerations that deserve a longer treatment.

Given that the unknown will always be present and our faculties will always fall short of detecting UI strategies, we should identify and shield our businesses’ critical points into robust bastions, diversify judiciously into novel areas, and watch from the crenelations for signs of change. Easier said than done, but combining action with awareness will allow us (humans) to navigate uncharted territories.

If we fail to act now and we rely on “We’ll cross that bridge when we come to it,” we will be behaving like the person falling from a skyscraper who, when asked how things are going mid-fall, replies, “So far, so good.” Ultimately, these examples illustrate how distance—whether temporal, spatial, or personal—plays a major role in shaping our perception of risk, but that is a topic for another article.

In times of uncertainty, even if we cannot bring clarity into the opacity, we will say to Prince Hamlet, “Know thyself. That knowledge will make you resilient to continue forward.”

About the Authors

Dr. Claudio Antonini, MIT nuclear safety engineer, after working in the design of GNC systems for missiles and drones, has applied that numerical experience in the field of finance for the last 25 years. Working at UBS, he developed the largest global implementation of a genetic algorithm for banking, and has continued to apply data mining, machine learning, and artificial intelligence algorithms for risk management, in consultancies (Deloitte, AlixPartners) and the Bank of New York Mellon. He publishes consistently on forecasting topics.

Dr. sc. ETH Zurich Kamil Mizgier, Head of the Risk Management Office at the University of Zurich, brings his extensive practical experience and deep knowledge to explore challenges in strategic risk management. By leveraging his 15 years of expertise from key roles, including Global Supplier Relationship and Risk Management Leader at Dow and risk modeling leadership positions at BNY Mellon and UBS, he delves into the latest trends, tools, and techniques in risk management, offering invaluable perspectives that bridge academic rigor and practical application.

References:

1. The Alignment Problem from a Deep Learning Perspective, Richard Ngo et al., Mar-03-2025, https://arxiv.org/abs/2209.00626v7

2. Society of the Mind, Marvin Minsky, Simon and Schuster, 1986 and “HAL’S Legacy – 2001’s Computer as Dream and Reality,” David G. Stork (Ed.), MIT Press, 1997, pp. 16-17 and p. 28. Minsky said, “The people building physical robots learned nothing.” Minsky (and Irving John Good, later, with subassembly theory, a modification of Hebb’s cell assembly theory) promoted the decomposition of cognitive functions in elementary processes that could later be combined arbitrarily to generate new complex effects.

3. AI – The Tumultuous History of the Search for AI, Daniel Crevier, 1993, p. 33.

4. Speculations Concerning the First Ultraintelligent Machine, Irving John Good, 1965.

5. Periods of prolonged financial stability promote risky business practices. This happens in succession: hedge finance (low-risk borrowing), speculative financing (refinancing), and Ponzi finance (asset appreciation). This progression makes the financial system increasingly fragile, culminating in a “Minsky Moment”—a collapse of asset prices triggered by excessive leverage and loss of confidence. In time, the cycle starts again.

6. Evo2: One Bio-AI Model to Rule Them All, Feb-20-2025, https://www.synbiobeta.com/read/evo2-one-bio-ai-model-to-rule-them-all. Also, Genome modeling and design across all domains of life with Evo 2, Garyk Brixi et al., Feb-19-2025, https://arcinstitute.org/manuscripts/Evo2

7. Lab records of how different LLMs reacted to shutdown directives: https://palisaderesearch.github.io/shutdown_avoidance/2025-05-announcement.html

8. The Basic AI Drives, Steve Omohundro, Proceedings of the 2008 conference on Artificial General Intelligence 2008: Proceedings of the First AGI Conference, Jun-20-2008, pp. 483-92.

The post On Ultraintelligence and Ultra Risks appeared first on The European Business Review.

By Dr. Claudio Antonini and Dr. Kamil Mizgier

When it comes to building models for the purpose of forecasting, system designers are naturally concerned that their models should be accurate. There is, however, another system characteristic that is of equal, if not greater, importance—its resilience.

In discussions about forecasting, it might serve well to remember its mother ship, the field of control theory. In this field, the objective is to control a system, sometimes called a “plant,” which might be, for example, a robotic arm, a submarine depth system, or the telescope camera of an interplanetary probe. To control these systems, actions must be implemented and, conceptually, they can be grouped into two processes that work in unison: one process that commands the plant, and another that estimates the variables on which the control is based. Let us consider an airplane. If the objective is to maintain course at a certain speed and altitude, the control part would be exercised by the combined actions of a turbine and a few control surfaces (ailerons, rudder), and the variables to be estimated will be the airspeed, attitude, and altitude, among others. In an economic system, the commands may be taxation, interest rates, or import restrictions, and the estimates may be the level of employment, the rate of inflation rate, or the currency exchange rate.

Forecasters today apply techniques almost exclusively in the time domain.

Whatever the specific variables controlled or estimated, overall, the fundamental and critical feature that allows a system to follow commands—to be controlled—is feedback. This mode of working, when feedback is implemented, is called “closed-loop.” Conversely, without feedback, the system would be labeled “open-loop.” Summarizing—no feedback, no control.

Compared to open-loop systems, feedback helps in (a) reducing the effect of modeling error and external disturbances, (b) changing, if necessary, the whole system stability, and (c) improving accuracy, that is, the “distance” to a desired set point. In the case of an airplane, if feedback is broken for some reason, the airplane would not be able to use the estimated (also called, forecasted) variables and would not be able to be controlled. Effectively, the airplane would be unable to maintain its required speed and altitude. The nightmare of a control engineer is an open-loop, uncontrolled system.

The arrangement of dividing control into two processes, control itself and estimation (also known as “filtering” or “forecasting”, depending on the author and disciplines), is well illustrated in a seminal book, Time Series Analysis: Forecasting and Control by George Box and Gwilym Jenkins¹. A testament to the importance of the book is that it has seen five editions since its first, in 1970. In this work, Box and Jenkins consider time- and frequency-domain techniques to analyze systems described by their time series, stressing time and again that the most important characteristic of a control system is its stability. However, nowadays, Box and Jenkins is rarely, if ever, quoted in forecasting literature. Forecasters are focused on other performance parameters of the system and may not be aware of the possibility of controlling it to get even better performance.

Most likely, practitioners ignore feedback due to their restricted focus, not paying attention to topics that Box and Jenkins discussed over various editions of their book. Forecasters today apply techniques almost exclusively in the time domain (except for some work with FFTs), do not consider transfer functions, have not heard of poles or zeros, and do not have ways of measuring the system’s stability. Effectively, forecasting is working in an open-loop architecture and, for that reason, practitioners are so concerned with “accuracy,” something that, in a closed-loop system, is of secondary concern when compared to the primary importance in that field, stability.

Several studies have been published that aim to model closed-loop systems, particularly in areas such as economics² and supply chain management³. We illustrate this concept by running a small program to simulate supply and demand for a hypothetical demand-planning exercise. In this model, we simulate the output (or quantity produced) based on demand and observe how closing the feedback loop affects the accuracy of our predictions. In the first model run, the simulation assumes that demand grows linearly (figure 1). In the second run, we enhance the model by introducing randomness to demand (figure 2). The no-feedback model simply uses the demand from the previous two samples to predict how it will grow in the next sample. The formula output_no_feedback[t]=output_no_feedback [t-1]+(demand[t-1]-demand[t-2]) represents a very simple linear demand forecasting model.

In comparison, the feedback model adjusts predictions by applying a correction factor based on how far the actual output (output_with_feedback[t-1]) deviated from the demand in the previous sample (demand[t-1]), effectively closing the loop.  To state this as a formula, output_with_feedback[t]=output_with_feedback[t-1]+feedback_factor*(output_with_feedback[t-1]-demand[t-1])

The results of the simulations with feedback and without it are shown in figures 1 (demand grows linearly) and 2 (random demand).

In both cases, we see a solid improvement in terms of accuracy (getting closer to the demand) even when that was not a design objective.

Social systems are more difficult to model than physical systems, which follow well-known laws.

The large improvement in accuracy is attributed to using a new structure for minimizing the error. This is a profound difference with articles that analyze alternative methods to improve accuracy where different methods for forecasting are employed but always keeping the same open-loop structure. In this case, we are closing the loop, departing significantly from minimal changes in algorithms that keep the same open-loop structure.

But … why do forecasters ignore feedback?

Most probably, forecasting practitioners deal with types of systems in which they cannot model the feedback process and, thus, “what one cannot model one cannot control.” These are possible reasons:

• Social systems are more difficult to model than physical systems, which follow well-known laws
• Events in social systems are single-case experiments; rarely can they be repeated
• Even if they were successfully modeled, humans would try to exploit loopholes and react in ways that were not considered during the modeling phase (the Lucas principle in economics)
• There may be a belief that forecasting demand (although useful in itself) is a substitute (in terms of performance) to having a model for the feedback process

In addition to the fuzziness of the social systems that forecasters must deal with, in social environments the time scales are orders of magnitude slower than those in physical systems. In the case of an airplane’s autopilot, typically, the signals that are used to estimate aileron or rudder positions and turbine parameters are sampled every few milliseconds. Thus, humans may not be able to control the airplane in real time (particularly if they are naturally unstable airframes) and the control has to be automated. On the other hand, forecasting sales in a supermarket may be done with monthly data or, in macroeconomic systems, with quarterly data. The fact that data in these cases is available so infrequently may give humans the idea that they have ample time to make decisions and affect the outcomes of their system (for example, sales, output in a GDP, or unemployment) in a desired direction. To that effect, they indeed take action, but without the rigor of a control engineer, who makes a significant effort in modeling the system to be controlled and simulating various techniques to get the desired outcomes.

Whether by choice (relying on modeling demand and ignoring the modeling of the feedback decision process), necessity (social systems difficult to model or data available too infrequently), or lack of familiarity with modeling techniques (relying on crude and simple regressions instead of more dynamic approaches), and confronted with systems that behave under their own open-loop dynamics, forecasters have no other possibility than measuring how far they are from an intended target. That is, they have no other possibility than to keep developing and using “accuracy” indicators, much as a man walking down the middle of the street decides that he’s doing well if he hits the curb in 3 minutes of walking blind, rather than in 1 minute.

Comparing feedback and no-feedback prediction models, it becomes evident that human-controlled systems often fail to achieve optimal performance as compared to airplanes and other engineered systems. Systems overwhelmed by an exploding amount of information and indicators can exacerbate problems rather than resolve them. Such control relies heavily on noisy, incomplete, or misleading data, which can result in decisions that reduce performance.

The key takeaway is that resilience should be a design concern in the event of performance degradation. Systems that prioritize adaptability and robustness—while acknowledging the limits of prediction—are better equipped to deal with uncertainty and mitigate risks. For example, flood prediction systems in Europe failed numerous times in 2024, highlighting the dangers of relying too heavily on inaccurate weather forecasts without building sufficient resilience into the system. Needless to say, in cases where feedback modeling could be implemented, ignoring it would be a risky—if not negligent—strategy.

About the Authors

Dr. Claudio Antonini, MIT nuclear safety engineer, after working in the design of GNC systems for missiles and drones, has applied that numerical experience in the field of finance for the last 25 years. Working at UBS, he developed the largest global implementation of a genetic algorithm for banking, and has continued to apply data mining, machine learning, and artificial intelligence algorithms for risk management, in consultancies (Deloitte, AlixPartners) and the Bank of New York Mellon. He publishes consistently on forecasting topics.

Dr. Kamil Mizgier brings his extensive practical experience and deep knowledge to explore challenges in strategic risk management. By leveraging his 15 years of expertise from key roles, including Global Supplier Relationship and Risk Management Leader at Dow and risk modeling leadership positions at BNY Mellon and UBS, he delves into the latest trends, tools, and techniques in risk management, offering invaluable perspectives that bridge academic rigor and practical application.

References

1. Box, G. et al. 2015. Time Series Analysis: Forecasting and Control 5^th Edition, John Wiley and Sons Inc., Hoboken, New Jersey.

2. Carranza, R. G. 2016. “The Closed Loop Economy.” International Journal of Design & Nature and Ecodynamics, 11(4), pp. 600-9.

3. MahmoumGonbadi, A. et al. 2021. “Closed-loop supply chain design for the transition towards a circular economy: A systematic literature review of methods, applications and current gaps.” Journal of Cleaner Production, 323 : 129101.

The post Why Forecasting is Fixated with Accuracy: The Risk of Ignoring Feedback appeared first on The European Business Review.

In discussions about forecasting it might serve well to remember its mothership: the field of control theory. In this field, the objective is to control a system, sometimes called a ‘plant’ which, for example, can be a robotic arm, a submarine depth system, or an interplanetary probe telescope camera. To control these systems, actions must be implemented and, conceptually, they can be grouped in two processes that work in unison: one process commands the plant and another process estimates the variables on which the control is based. Let us consider an airplane: if the objective is to maintain course at a certain speed and altitude, the control part would be exercised by the combined actions of a turbine and a few control surfaces (ailerons, rudder), and the variables to be estimated will be the airspeed, attitude, and altitude, among others. In an economic system, the commands may be taxation, interest rates, or import restrictions and the estimates may be the level of employment, inflation rate or currency exchange.

Whatever the specific variables controlled or estimated, overall, the fundamental and critical feature that allows a system to follow commands–to be controlled–is feedback. This mode of working, when feedback is implemented, is called “closed-loop.” Conversely, without feedback, the system would be labelled “open-loop.” Summarizing, no feedback, no control.

Compared to open-loop systems, feedback helps in (a) reducing the effect of modelling error and external disturbances, (b) changing–if necessary–the whole system stability, and (c) improving accuracy, that is, the ‘distance’ to a desired setpoint. In the case of an airplane, if feedback is broken for some reason, the airplane would not be able to use the estimated (also called, forecasted) variables and would not be able to be controlled. Effectively, the airplane would be unable to maintain its required speed and altitude. The nightmare of a control engineer is an open-loop, uncontrolled system.

The arrangement of dividing control in two processes–control itself and estimation (depending on the author and disciplines also known as ‘filtering’ or ‘forecasting’) –is well illustrated in a seminal book, “Time Series Analysis: Forecasting and Control,” by George Box and Gwilym Jenkins¹. A testament to the importance of the book is that it has seen five editions since its first, in 1970. In this work, Box and Jenkins consider time- and frequency-domain techniques to analyze systems described by their time-series, stressing time and again that the most important characteristic of a control system is its stability. However, nowadays, Box and Jenkins is rarely, if ever, quoted in forecasting literature. Forecasters are focused on other performance parameters of the system and may not be aware of the possibility of controlling it to get even better performance.

Most likely, practitioners ignore feedback due to their restricted focus, not paying attention to topics that Box & Jenkins discussed over various editions of their book. Forecasters today apply techniques almost exclusively in the time domain (except for some work with FFTs); do not consider transfer functions; have not heard of poles or zeros; and do not have ways of measuring the system’s stability. Effectively, forecasting is working in an open-loop architecture and, for that reason, practitioners are so concerned with ‘accuracy,’ something that, in a closed-loop system, is of secondary concern when compared to the primary importance in that field: stability.

Several studies have been published that aim to model closed-loop systems, particularly in areas such as economics² and supply chain management³. We illustrate this concept by running a small program to simulate supply and demand for a hypothetical demand-planning exercise. In this model, we simulate the output (or quantity produced) based on demand and observe how closing the feedback loop affects the accuracy of our predictions. In the first model run, the simulation assumes that demand grows linearly. In the second run, we enhance the model by introducing randomness to demand. The no-feedback model simply uses the demand from the previous two samples to predict how it will grow in the next sample. The formula is as follows

which is a very simple linear demand forecasting model.

In comparison, the feedback model adjusts predictions by applying a correction factor based on how far the actual output (output_with_feedback) deviated from the demand in the previous sample (demand[t-1]), effectively closing the loop. In formula

The results of the simulations with feedback and without it are shown below in Figure 1 (demand grows linearly) and Figure 2 (random demand).

Figure 1. Production output with and without feedback (linear demand).

Figure 2. Production output with and without feedback (random demand).

In both cases, we see a solid improvement in terms of accuracy (getting closer to the demand) even when that was not a design objective.

The large improvement in accuracy is attributed to using a new structure for minimizing the error. This is a profound difference with articles that analyze alternative methods to improve accuracy where different methods for forecasting are employed but always keeping the same open-loop structure. In this case, we are closing the loop, departing significantly from minimal changes in algorithms that keep the same open-loop structure.

But … why do forecasters ignore feedback?

Most probably, forecasting practitioners deal with types of systems in which they cannot model the feedback process and, thus, “what one cannot model one cannot control.” These are possible reasons:

• social systems are more difficult to model than physical systems which follow well-known laws
• events in social systems are single-case experiments – rarely they can be repeated
• even if they were successfully modeled, humans would try to exploit loopholes and react in ways that were not considered during the modeling phase (the Lucas’ principle in economics)
• believing that forecasting demand (although useful in itself) is a substitute (in terms of performance) to having a model for the feedback process.

In addition to the fuzziness of the social systems that forecasters must deal with, in social environments the time scales are orders of magnitude slower than those in physical systems. In the case of an airplane’s autopilot, typically, the signals that are used to estimate aileron or rudder positions and turbine parameters are sampled every few milliseconds. Thus, humans may not be able to control the airplane in real-time (particularly naturally unstable airframes) and the control has to be automated. On the other hand, forecasting sales in a supermarket may have to be done with monthly data, or macroeconomic systems with quarterly data. That data in these cases is available so infrequently may give the idea to humans that they have ample time to make decisions and affect outcomes of their system (sales, output in a GDP, unemployment …) in a desired direction. To that effect they indeed take action, but without the rigor of a control engineer, who makes a significant effort in modeling the system to be controlled, and simulating various techniques to get desired outcomes.

Either because of choice (relying on modeling demand and ignoring modeling the feedback decision process), necessity (social systems difficult to model or data available too infrequently), or lack of familiarity with modeling techniques (relying on crude and simple regressions instead of more dynamic approaches), and confronted with systems that behave under their own open-loop dynamics, forecasters have no other possibility than measuring how far they are from an intended target. That is, they have no other possibility than to keep developing and using ‘accuracy’ indicators, much like a man walking on the middle of the street decides that it does well if he hits the curb in 3 minutes of walking blind instead of 1 minute.

Comparing feedback and no-feedback prediction models, it becomes evident that human-controlled systems often fail to achieve optimal performance, as compared to airplanes and other engineered systems. Systems overwhelmed by exploding amount of information and indicators can exacerbate problems rather than resolve them. Such control relies heavily on noisy, incomplete, or misleading data, which can result in decisions that decrease performance.

The key takeaway is that resilience should be a design concern in case of performance degradation. Systems that prioritize adaptability and robustness—while acknowledging the limits of prediction—are better equipped to deal with uncertainty and mitigate risks. For example, flood prediction systems in Europe have failed multiple times in 2024, highlighting the dangers of relying too heavily on inaccurate weather forecasts without building sufficient resilience into the system. Needless to say, in cases where feedback modeling could be implemented, ignoring it would be a risky–if not negligent–endeavor.

About the Authors

Dr. Claudio Antonini, MIT nuclear safety engineer, after working in the design of GNC systems for missiles and drones, has applied that numerical experience in the field of finance for the last 25 years. Working at UBS, developed the largest global implementation of a genetic algorithm for banking, and has continued to apply data mining, machine learning, and artificial intelligence algorithms for risk management, in consultancies (Deloitte, AlixPartners) and the Bank of New York Mellon. He publishes consistently on forecasting topics.

Dr. Kamil Mizgier brings his extensive practical experience and deep knowledge to explore challenges in strategic risk management. By leveraging his 15 years of expertise from key roles, including Global Supplier Relationship and Risk Management Leader at Dow and risk modeling leadership positions at BNY Mellon and UBS, he delves into the latest trends, tools, and techniques in risk management, offering invaluable perspectives that bridge academic rigor and practical application.

References

1. Box, G. et al. 2015. “Time Series Analysis: Forecasting and Control.” 5th Edition, John Wiley and Sons Inc., Hoboken, New Jersey.

2. Carranza, R. G. 2016. ”The Closed Loop Economy.” International Journal of Design & Nature and Ecodynamics, 11(4), pp. 600-609.

3. MahmoumGonbadi, A. et al. 2021. “Closed-loop supply chain design for the transition towards a circular economy: A systematic literature review of methods, applications and current gaps.” Journal of Cleaner Production 323 : 129101.

The post Why Forecasters are Fixated with Accuracy — The Risk of Ignoring Feedback appeared first on The European Business Review.

By Kamil J. Mizgier

In every industry sector, companies are striving to overcome organisational hurdles to enhance their efficiency and productivity. Within the risk management space, bridging the silos is crucial, given the rapid spread of risk events and the necessity for effective communication to promptly address and mitigate losses. The integration of enterprise risk management, insurance, and business continuity management proves instrumental in making companies more resilient, as evidenced by the successful case studies outlined in this article.

The Challenge With A Siloed Approach To Risk Management

Siloed risk management practices originate from the traditional organisational structure where each department operates independently, focusing on its specific objectives without considering the broader organisational goals. Despite the evolution of management practices, siloed risk management persists in mature organisations due to established departmental cultures, lack of cross-functional communication, and resistance to change.

Within the risk management space, bridging the silos is crucial, given the rapid spread of risk events and the necessity for effective communication to promptly address and mitigate losses.

Furthermore, different industries have unique risk methodologies that have often been developed for different purposes. For instance, the financial sector may focus on credit and market risks, while manufacturing might prioritise operational and supply chain risks. However, some companies like Swiss Steel Group and Katoen Natie have successfully transformed their risk management practices by integrating risk considerations into strategic decision-making processes across all business units and functions.

Stéphane Martin, CEO of Smart Risk Consulting, and co-founder of the Risk-In conference¹ has long championed the philosophy of bridging silos to better manage risks. In contrast to the negative connotations associated with “breaking down barriers,” Martin emphasises the positive aspects of collaboration in risk management. He believes that by bridging silos, organisations can create something innovative and superior to traditional approaches. Martin asserts, “Risk management is all about collaboration. I wanted the conference to focus on bridging the silos to create something new and better than in the past by bringing senior leaders from different functions in one room to discuss risk challenges and opportunities together.”

This ethos reflects a fundamental shift in mindset, highlighting the importance of interconnectedness and synergy across organisational functions. To overcome these challenges, Martin advocates for a holistic and integrated approach to risk management. By bridging silos, organisations can leverage diverse perspectives and expertise to develop comprehensive risk management strategies that align with their overarching business objectives.

Enterprise Risk Management, Business Continuity And Resilience

To address the shortcomings of siloed risk management approaches, companies have increasingly embraced Enterprise Risk Management (ERM). ERM promotes a comprehensive and systematic approach to managing all potential risks, emphasising the need to address them holistically rather than in isolation.

Harvard Business Review recognised ERM as a significant concept in 2004, listing it among their “Breakthrough Ideas.²” However, twenty years later, companies still struggle to implement ERM systems and procedures, and one can ask, why is this the case?

ERM promotes a comprehensive and systematic approach to managing all potential risks, emphasising the need to address them holistically rather than in isolation.

To begin with, designing an ERM system that is comprehensive and fits well with the existing organisational structure can be complex and requires significant investments in talent and technology. Secondly, establishing metrics that accurately reflect the risks and their impact on the organisation is difficult. Third, which is not unique to digital transformation, the resistance to change, lack of understanding, and the need for a cultural shift towards risk awareness can hinder ERM adoption.

And finally, the dynamic nature of the business environment, with its ever-changing risks, makes it hard to maintain an effective ERM system.

The professional experience of Jean-Paul Duperron, VP of Internal Audit, IC/SOx and Risk Management at Swiss Steel Group is rich in experiences, adaptations to socio-economic contexts and resilience in challenging situations. He says: “Leadership comes with trust, grows with professional experience, and settles with a profound sense of collaborative work to get the best of the teams and colleagues. Shaping an integrated approach to internal assurance, both in people’s mindset as well as in the management system, requires a synchronized, interactive exchange of information and a shared vocabulary.”

Simply put, teamwork can make the dream work. The key to overcoming challenges associated with siloed risk management requires a tailored approach that considers the unique aspects of each organisation, continuous education and communication, and a flexible system that can adapt to new risks and business changes.

Alexia Michiels, Partner at Resilience Institute believes that “Strengthening human resilience is an essential step to make organizations more resilient and equip them to speed up the most urgent transformations. Our ambition is to accelerate leaders’ awareness about these issues. Powered by a robust assessment, we generate insights for our clients about human resilience, strengths, and risks across their entire organization.” Strengthening human resilience, by nature, applies to all departments and therefore should be at the heart of ERM.

Resilient leaders can transform business continuity plans to make them integral components of effective corporate risk management. Siloed approaches to business continuity planning, on the other hand, often result in fragmented responses during crises. By integrating business continuity efforts across functions and conducting comprehensive risk assessments, organisations can enhance their resilience to unforeseen disruptions.

The Role Of Insurance And Captives In The Risk Ecosystem

Organisations can mitigate certain risks through insurance and captives, but these strategies are often managed in silos without considering broader organisational objectives. Integrating insurance and captive strategies into overall risk management frameworks can optimise risk transfer and financing strategies.

And despite in-depth risk mapping capabilities and comprehensive mitigation plans in place, organisations can still be blindsided by unforeseen events. These events, ranging from natural disasters to global pandemics, can have far-reaching consequences that disrupt operations, jeopardise financial stability, and challenge the very existence of the business. In such scenarios, the role of risk managers becomes pivotal in steering organisations through turbulent times.

In the face of unprecedented events, risk managers must pivot quickly and adapt their strategies to mitigate emerging risks effectively. This often entails rapid decision-making, scenario planning, and collaboration across organisational silos. Risk managers play a critical role in coordinating responses, assessing the impact of the event on various facets of the business, and implementing contingency measures to minimise losses and ensure business continuity.

Moreover, risk managers contribute valuable insights and expertise to senior leadership, guiding strategic decisions and resource allocations during times of crisis. By leveraging their understanding of the organisation’s risk profile and vulnerabilities, risk managers help steer the organisation towards resilience and recovery.

As regulatory pressures mount, Environmental, Social, and Governance (ESG) considerations are emerging as a paramount concern, representing a significant opportunity for risk managers to engage in ESG risk reporting.

Carl Leeman, CRO of Katoen Natie International S.A., says: “Captive owners, who establish captive insurance subsidiaries to underwrite the risks of their parent companies, may encounter disruptive events that deviate from their initial risk assumptions and business plans.” In such cases, captive owners must assess the impact of the event on their captive’s operations and financial stability. Furthermore, they should adapt the captive to the needs of their company and not to the habits of the traditional insurance market or most of the existing captive companies. He notes: “Risk and/or insurance managers are sometimes disconnected from other corporate functions, however, in our company people know what their responsibilities are, but they are also encouraged to stay connected and communicate between businesses and corporate functions; we talk with each other. Insurance, claims, safety, legal and environment fall under Corporate Risk Management, this quite unique centralized approach is very efficient for the Katoen Natie group of companies.”

To mitigate the repercussions of unforeseen events, captive owners may leverage various risk management strategies, such as reinsurance arrangements, capital injections, or adjusting underwriting practices. Additionally, captive owners often collaborate closely with their captive managers and advisors to reassess risk exposures, evaluate potential losses, and devise proactive risk mitigation measures.

Insurance companies need to have a broader stakeholder engagement to work on opportunities to tackle challenges. They need to approach collaboration to solve problems in a similar way to how the aviation industry does it: by sharing knowldgeto continuously improve safety in the airways.

In essence, effective risk management is not solely about anticipating and preventing foreseeable risks but also about how organisations and captive owners respond to unexpected disruptions. By fostering a culture of agility, resilience, and proactive risk management, organisations and captive owners can cope with uncertainties with confidence and emerge stronger from adversity.

This is also one of the reasons why Silvia Signoretti co-founded and developed the Swiss InsurTech Hub, a non-profit organisation promoting digitisation and innovation in the insurance sector. She notes: “The association acts as a dynamic launchpad for enhanced visibility and exposure, offering diverse avenues to spotlight innovative solutions and garner well-deserved recognition.”

The mission of Swiss InsurTech Hub is to enable the dialogue and exchange of the diverse participants of the ecosystem, including innovators, experts, partners, academics, and diverse technologies, from Switzerland and around the world.

She adds: “Insurance companies need to have a broader stakeholder engagement to work on opportunities to tackle challenges. They need to approach collaboration to solve problems in a similar way to how the aviation industry does it: by sharing knowledge to continuously improve safety in the airways. Being part of an ecosystem allows companies to absorb different perspectives. In that way, startups can help them to redefine classic insurance processes by adopting innovative technologies.”

Sharing Best Practices

The proactive approach to bridging silos in risk management aligns with the ethos of the Risk-In conference, which aims to bring together top talent from various industries to collaborate on advancing the field and finding new solutions to problems that historically were addressed in isolation. Table 1 outlines several best practices for implementing an effective ERM programme.

These practices have proven successful for organisations to bridge the silos in the past and are considered fit for purpose. Martin concludes: “In terms of best practices, it is a fact that risk management should be in the line of business and help solve business problems.”

As organisations and captive owners continue to evolve, embracing innovation, collaboration, and adaptability will be key to enhancing resilience and driving sustainable growth. By leveraging insights from diverse perspectives and adopting transformative technologies, they can deal with uncertainty with confidence, turning challenges into opportunities for long-term success.

About the Author

Dr. Kamil J. Mizgier is the founder and CEO of SciRisk, a risk management consulting firm. He is the former Global Supplier Relationship and Risk Management Leader at Dow with 15 years of experience in implementing risk management strategies across industry sectors. Before this role, he led enterprise risk modelling projects and teams, among others, at BNY Mellon and UBS. He has published a number of articles in academic and practitioner journals, and he is a frequent public speaker. He obtained his master’s degree in applied physics at the Warsaw University of Technology and a PhD in supply chain management at ETH Zurich.

References

1. https://www.risk-in.com/

2. L. Buchanan, “Breakthrough Ideas for 2004,” Harvard Business Review 2 (2004): 13–16

The post Bridging the Silos to Better Manage Risks appeared first on The European Business Review.

The digitalisation of global supply chains is unstoppable and there is no doubt about the upside potential it brings in terms of efficiency gains. Yet, the rapid progress in digital technologies, artificial intelligence, and data-driven decision-making exposes organisations to an elevated risk of systemic cyberattacks. And the material impact of cyber events such as the 2020 SolarWinds cyberattack in the US, as well as more recent incidents like XPlain and Concevis in Switzerland, highlights the interconnected nature of cyber threats within global supply chains, demanding increased attention from business leaders and policy makers. Against this backdrop, this article underscores the critical need for resilient cyber supply chain risk management (C-SCRM) practices across industry sectors, including those traditionally less associated with high-profile cyber threats. 

Introduction to supply chain cyberattacks

The SolarWinds breach serves as a compelling case study, revealing the widespread consequences of vulnerabilities within supply chains. Drawing parallels with incidents in Switzerland, where the financial sector remains a prime target, this article aims to outline the complexities of safeguarding supply chains against evolving cyber threats. 

While the Swiss financial sector has responded with comprehensive regulations, the spotlight shifts to broader industrial supply chains where similar regulations either do not exist or are not followed with adequate priority. Examining examples of supply chain cyberattacks on manufacturing companies unveils the vulnerabilities and challenges faced by these critical sectors. 

In the United States, many industries have experienced targeted supply chain cyberattacks, disrupted operations, and compromised sensitive data. Recent incidents have illuminated the need for robust risk management strategies tailored to the unique characteristics of industrial supply chains. For example, in 2021, Colonial Pipeline, an oil pipeline system that carries jet fuels and petrol, encountered a ransomware attack that disrupted its operations, leading to a temporary shutdown. The focal point of the attack was the billing infrastructure, rather than the critical oil pumping systems, which remained operational. The decision to halt pipeline operations was attributed to the inability to bill customers. Colonial Pipeline took this precautionary measure to prevent potential further attacks on vulnerable sections of the pipeline, prompted by concerns that hackers might possess information enabling additional attacks. In a bid to restore network functionality, the company ultimately opted to pay a ransom of $4.4 million. 

As depicted in figure 1, a typical supply chain attack focuses on a third-party software provider. The goal is to obtain unauthorized access to a larger network of suppliers and customers. The hackers achieve this by infiltrating the automated update servers of the targeted software provider. The pernicious aspect of such attacks lies in the fact that the affected companies, those relying on the software provider for updates, are often unaware that they are inadvertently installing malware onto their servers. Consequently, the malware can then spread throughout the network, potentially compromising the security of numerous interconnected organisations within the supply chain. This method allows the attackers to exploit the trust established between the targeted company and its software provider, using the update process as a Trojan horse to gain access to a more extensive supply chain network. 

Hence, the lack of a proactive approach to C-SCRM can leave organisations and their supply chains susceptible to cyber risks, drawing attention to the importance of industry-wide collaboration, regulatory frameworks, and the adoption of international standards. And despite proven significance, the adoption of ISO certifications, such as ISO 27001, within industrial supply chains remains limited. This raises questions about the readiness of organisations to confront cyber risks head-on, especially in an era where cyber threats continue to evolve in sophistication. Furthermore, there are gaps in academic literature, necessitating action from both researchers and practitioners. This article underscores the imperative for a holistic approach to cybersecurity, in alignment with the evolving concept of cyber resilience. 

Leveraging ISO standards and NIST frameworks for cyber supply chain risk management 

In the intricate landscape of C-SCRM, two globally recognised frameworks – the ISO 27001 (International Organisation for Standardisation) standard¹ and the NIST (National Institute of Standards and Technology) framework² – play pivotal roles in guiding organisations toward robust risk management practices. 

1. The ISO 27001 standard 

While the ISO standards do not explicitly define C-SCRM as a standalone topic, the principles embedded in ISO 27001 provide valuable insights for managing risks associated with the buyer-supplier relationships. Key considerations within this standard advocate for comprehensive risk assessments along the entire supply chain. This necessitates a fundamental understanding of potential vulnerabilities and threats arising from supplier interactions.

Furthermore, the standards outline various security measures that organisations should implement to ensure information security. These measures offer flexibility, enabling adaptation to control risks associated with supplier interaction, and sensitive information exchange. Like customer relationship management, ISO 27001 recommends establishing clear security requirements and obligations in contracts or agreements with suppliers. This ensures adherence to security measures and compliance standards by both parties. 

Regular monitoring and review of supplier and customer-related processes and security measures are crucial. This proactive approach enables organisations to swiftly identify potential risks or deviations from established security protocols. 

Finally, robust incident response plans and business continuity measures mitigate risks arising from supplier-related incidents, minimising disruptions in operations. 

While the term “C-SCRM” may not be explicitly detailed in ISO 27001, the principles of risk management, security controls, contractual obligations, and monitoring can be effectively applied to managing risks associated within the supply chain. 

2. The NIST framework 

NIST focuses on C-SCRM through various publications. However, the NIST Special Publication 800-161 deals with C-SCRM specifically. Key elements covered in NIST publications include guidelines for identifying, assessing, and managing risks within the supply chain, understanding potential vulnerabilities and threats throughout the supplier lifecycle. 

The standard recommends evaluating and selecting suppliers based on their security practices, compliance with standards, and commitment to cybersecurity. It encourages information exchange and collaboration among supply chain stakeholders to effectively address and mitigate emerging threats. This may include sharing best practices, threat data, and security-related information. 

The NIST approach to C-SCRM focuses on empowering organisations to establish comprehensive cybersecurity practices suited for dynamic and modern supply chains. Through detailed guidelines and recommendations, the NIST framework serves as a crucial tool for organisations to strengthen their capabilities in identifying, assessing, and effectively managing risks within their supply chain environment. The NIST framework outlines a range of factors fundamental for effective C-SCRM, with a particular emphasis on cultural and awareness-related components. 

The role of insurance in cyber supply chain risk management 

Cyber insurance can help businesses in several ways to manage cyber supply chain risk. First and foremost, it can provide reimbursement for losses incurred due to supply chain cyberattacks, such as data breach notification costs, regulatory fines, and business interruption losses. However, many cyber insurance providers offer risk assessment services to help businesses identify and address vulnerabilities in their supply chains. They may also provide access to cybersecurity experts who can assist in developing and implementing risk mitigation strategies. It can be used as a tool to incentivise suppliers to adopt stronger cybersecurity practices. Businesses can require suppliers to carry cyber insurance and meet certain cybersecurity standards as a condition of doing business. 

When selecting cyber insurance coverage, businesses should consider several factors, including the size and complexity of their supply chain, the type of data and assets stored or transmitted within the supply chain, the industry they operate in, and their overall cybersecurity posture. 

Cyber insurance is an essential component of a comprehensive supply chain risk management strategy. By providing financial protection, risk assessment services, and contractual leverage, cyber insurance can help businesses mitigate the impact of supply chain cyberattacks and protect their bottom line. As cyber threats continue to evolve, businesses must adopt cyber insurance as a strategic shield to safeguard their supply chains and ensure business continuity. Major insurance companies offer tailored cyber risk coverage that is accessible to both global organisations and SMEs. 

Best practices for implementing a C-SCRM programme 

In the intricate realm of cyber threats within the supply chain, organisations can bolster their defences by adopting a comprehensive C-SCRM programme. These practices, combined with the seven steps outlined in table 1, offer a roadmap for safeguarding the supply chain and effectively managing cyber risks associated with suppliers.  

Table 1. The seven steps to kick-start your C-SCRM programme.

On a more technical note, initiating the process with a basic cybersecurity questionnaire for suppliers or harnessing the latest technologies, such as incorporating external cyber risk scores from firms like OneTrust or SecurityScorecard, can significantly streamline the risk assessment process. This is particularly beneficial for companies dealing with a multitude of suppliers, providing a more efficient and comprehensive approach to evaluating and managing cyber risks across a broad supplier base. Alternatively, collaborating with supplier risk assessment partners like GRMS, who provide tailored solutions and supply chain risk analysis capabilities, is another effective approach. 

Conclusion – your supplier’s cyber risks are your risks 

The examples of cyberattacks, such as the one on SolarWinds in 2020 and similar incidents in Switzerland in 2023, underscore the necessity of improving cybersecurity in buyer-supplier relationships.  

The holistic approach outlined in this article, focusing on collaborative risk management, fundamental cyber hygiene, and the strategic integration of cyber insurance, empowers organisations to fortify their supply chain resilience against evolving cyber threats. By actively engaging with suppliers, businesses can create a robust line of defence that protects the entire supply chain ecosystem from potential cyber attacks. The imperative remains unwavering – implement known strategies to safeguard the intricate web of the digital supply chain ecosystem. 

About the Author 

Dr. Kamil J. Mizgier is the former Global Supplier Relationship and Risk Management Leader at Dow with 15 years of experience in implementing risk management strategies across industry sectors. Before this role, he led enterprise risk modelling projects and teams, among others, at BNY Mellon and UBS. He has published more than twenty academic and practitioner journal articles on risk management and is a frequent public speaker. He obtained his master’s degree in applied physics at the Warsaw University of Technology and a PhD in supply chain management at ETH Zurich.  

References: 

1. Boyens, J., Smith, A., Bartol, N., Winkler, K., Holbrook, A., & Fallon, M. (Oct, 2021). Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. (N. I. Technology), access https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1-draft2.pdf 
2. International Standard ISO/IEC 27001. (Jan. 2022). Information security, cybersecurity and privacy protection – Information security management systems – Requirements (Third edition 2022-10), access https://www.iso.org/standard/27001 

The post A Practical Guide to Kick-starting Your Cyber Supply Chain Risk Programme appeared first on The European Business Review.

The business world is constantly changing, at a pace which humans are not able to catch up with. The premise of machines taking over the most tedious, low value-adding business processes is very attractive from a budget and cost cutting perspective, which is so prevalent in the current low interest rate environment. From Boston Dynamics’ robots replacing humans in physical activities to medical nanobots correcting human bodies through to financial bots taking care of human’s investment decisions – automation and artificial intelligence are taking the world of commerce by storm and it is unstoppable.

One of the earliest adopted trends – robotic process automation – allows firms to reduce the cost of outsourced activities, however there is one aspect of outsourcing and automation which requires special attention, i.e. third party risk management. It is becoming an ever increasing problem for Chief Risk Officers of global organisations operating in a modular economy, in which the majority of business processes are executed beyond organisational boundaries.

How to assess and mitigate third party risk?

In my previous article¹, I have introduced the concept of economic supply chain risk capital (ESCRC) which is a useful tool that helps managers to quantify and mitigate (or transfer) their third party risk exposure. In the wake of cyber threats, this approach becomes even more important as many firms rely on shared cloud resources, such as Amazon Web Services or Microsoft Azure. These services are often used to outsource even the most critical business processes. The associated concentration risk is hard to identify and manage if you don’t look beyond your own organisation.

In the age of modular economy, financial services and manufacturing firms are buying more and more new technologies than ever before. By doing so, they can offer enhanced services to their clients without having to develop them in-house (and later on maintain the costly IT infrastructure). However, the reliance on external service providers bears supplier risks that include facilities in geographical locations prone to disruptions, incompatible cultures, activities being further outsourced to unidentified suppliers, wrong business practices or even costly law breaches in countries that have very different local labour laws.

Supplier development is an important business practice that can help to bring your suppliers to the next level, however, it is costly and time consuming. In that new reality, ESCRC is a tool that can help you to make the decision on which suppliers to develop and which business relationships to wind down.

A practical example of using ESCRC

As an example, think of an SME managing a global complex supply chain for high-tech manufacturing with its factories and supplier base exposed to disruptions in Thailand and Japan. For this manufacturer and auto supplier, business continuity and loss of profit must be managed as top priority. The firm had only limited information about its first tier suppliers, not to mention sub-suppliers further in the supply chain. But even with this partial information, the company’s management did not have to waste resources on mapping the entire supply chain. The company selected their most critical products and began to collect data on products, suppliers and trajectory. In the second step, the firm polled its staff about historical occurrences of disruptions, likelihood and times to recovery. Based on this data, ESCRC was computed, revealing aggregated information about expected losses and profit at risk in the next year’s time horizon.

Furthermore, several strategies to minimise impact of systemic risk could be tested (such as the relocation of the factory, supplier switching or reallocation of purchasing volume). A focus on their most critical business case was enough to assess the company’s third party risk profile and help to decide what it can afford to lose in the most conservative worst case scenario (and hence helped to define the firm’s risk appetite).

The study revealed several surprising and important insights:

• Procurement managers normally focus on stock keeping units with the highest spend, but a low-volume component actually had the biggest impact on profit-at-risk.
• Alternative or backup suppliers do not guarantee business continuity. Normally companies do not look at all the different risk types and their differentiated impacts. Only the statistical modelling of ESCRC revealed the impact of these very real effects.
• Further testing revealed trade-offs and identified which suppliers were worth keeping based on their
  individual reliability.

A forward looking approach to third party risk management

As the above case study shows, third party risk can be understood, measured, owned and mitigated in a forward looking fashion if statistical risk measurement techniques like ESCRC are carefully applied with enough high quality data. Future development of this methodology includes macroeconomic variables and scenario consistent simulation of future states of the world, in which value added activities are becoming more and more fragmented and performed in locations where they can be done most efficiently. From this even more sophisticated third party risk management strategies can be evaluated by the digital risk manager of the future.

Machine learning is another potential avenue to be explored for even more comprehensive model formulation that predicts future supply chain disruptions based on similar events happening elsewhere in the business ecosystems. For this to happen, both vast amounts of internal and external data and computing power is already available and ready to be applied to assess third party risk in complex supply chain network that your organisation is inevitably part of.

This article was originally published in The European Financial Review on 23 December 2019. It can be accessed here: https://www.europeanfinancialreview.com/managing-risk-in-a-modular-economy/

About the Author

Kamil J. Mizgier works as Group Manager, Model Development in the area of Enterprise Risk Analytics in the financial services industry. Until 2016, he was a Senior Researcher in Supply Chain Management at ETH Zurich. Prior to this role, he gained professional experience in risk modeling at Credit Suisse, UBS and Aduno Group in Zurich. He has published several academic and practitioner articles on supply chain and operational risk management, supply chain networks and economic risk capital. He obtained a Master’s degree in Applied Physics from the Warsaw University of Technology and a PhD from the Department of Management, Technology and Economics at ETH Zurich.

Reference
1. Mizgier, Kamil J. (2018): On Economic Supply Chain Risk Capital, The European Financial Review, August/September 2018.

The post Managing Risk in a Modular Economy appeared first on The European Business Review.

Economic risk capital is an established risk management framework used by firms in the financial services industry to drive their capital management decisions. Due to the recent developments in financial technology, statistical supply chain risk models are finding new applications in managing risk of the digitally enabled extended enterprise.

In May 2018, De Beers, one of the world’s leading diamond companies, announced that it had tracked 100 high-value diamonds from miner to retailer using blockchain, in the first effort of its kind to clear the supply chain of imposters and conflict minerals. This is just one example of the enormous technological developments that the world of commerce has witnessed in the last decade. The increase and availability of almost unlimited computer power, combined with the abundance of all types of data, has led to the widespread adoption of quantitative algorithms by businesses. Digitalisation has helped to create new business models, develop new products that are available to the masses and disrupted (or is about to disrupt) industries that were considered too big to be disrupted. Meanwhile, the boundaries between industries are wearing off which enables the cross sharing of risk management practices that originated in different industry sectors. For example, selected risk management methods established in the financial services industry can be successfully transferred to the manufacturing industry (while avoiding pitfalls faced in the past) and vice versa.

Until recently, economic risk capital was used by insurance firms and banks to calculate their capital requirements, based on the internal view of risk that the organisation is taking. With the adoption of Basel II, it became a standard methodology to calculate the capital needed to sustain extreme losses such as those incurred by banks during the financial crisis of 2007–2009. Due to flexibility and sophistication of the underlying risk models over time, it became the methodology of choice for most financial organisations. Non-financial firms were left behind, as risk capital has not been on the radar of their regulators. But this is changing, as the responsibility to quantify risks in a sustainable extended enterprise is becoming one of the top concerns for those in charge of making strategic supply chain decisions.

Measuring supply chain risk in a digital enterprise

The central idea presented in this article is that supply chain risk models based on Value at Risk^1,2,3,4 are now mature enough to be put to work. This is mainly due to the automation of data exchange among supply chain members, which can be achieved through the distributed ledger technology (DLT). It has often been criticised that the bespoke supply chain network-based risk models are not fit for purpose as (I) they do not capture the real flows of products observed in supply chain networks, (II) that the upstream supply chain transparency is limited to the first tier of suppliers and (III) that there is no data to calibrate the business interruption risk parameters. I argue that while it was true a decade ago when I began my research on supply chain risk, with the advances in DLT, big data and analytics, embedding these models in the firms’ real operating environment is now possible. The enablers of this innovation are as follows:

Thanks to DLT and sensor data all products’ physical positions and states can be tracked across the digital supply chain network.

A complete supply chain network topology can be mapped by using firms’ proprietary transactional data as well as relying on external parties (think of Palantir).

Insurance firms maintain databases^4,5 that can be used by firms to calibrate the business interruption risk parameters in addition to their internal data.

As the example of De Beers shows, blockchain technology creates visibility in the supply chain – lack thereof, used to be one of the major challenges for the manufacturing industry. Augmented with Internet of Things, it helps to record every transaction and marks each product location on the distributed ledger in the extended enterprise. The ledger is shared among all supply chain members in a secure and irrevocable environment, and keeps the risk management systems updated in real time. Firms like Maersk or UPS are already using it to map and track their supply chains, while SAP is adding blockchain technology to its supply chain traceability platform. Once supply chain transparency is achieved and risk parameters are derived from the underlying data, supply chain risk can be calculated by using statistical methods (similarly to credit or market risk), thereby producing an economic estimate of the risk faced by the extended enterprise.

Strategic importance of economic supply chain risk capital

What is the value added of using Value at Risk-based supply chain risk models and why supply chain managers should consider implementing them?

The answer is: Economic Supply Chain Risk Capital (ESCRC).

I define ESCRC as the amount of capital that a firm needs to cover supply chain risk losses materialising at some future date with a certain probability. In other words, ESCRC converts supply chain risk to an amount of capital that is needed to support it. While Economic Risk Capital is an established methodology used in the financial services industry, the notion of Economic Supply Chain Risk Capital is new. The concept of Supply Chain Capital is known to supply chain researchers and is defined as “the value of a firm’s supply chain network, derived from both the structural configuration and the nature of direct and indirect relationships present within the supply chain.”⁶ However, this definition needs to be enhanced to incorporate supply chain risk and this is where ESCRC shows its full power.

Using ESCRC helps to answer several strategic management questions pertaining to risk management, capital and performance management.

For instance, if you want to know how much capital is needed to withstand the materialising supply chain risk losses, ESCRC quantifies it by taking into account all economic risks that the extended enterprise is exposed to.

The aim of any organisation is to optimally manage its performance. One of the key differentiators is the allocation of capital to the suppliers that provide the largest value added to the enterprise. Once the total ESCRC is computed, it can be allocated down to the first tier of the supply chain network and to the next tiers downstream. By running this exercise on a frequent basis, managers know how much capital is assigned to which suppliers and can proactively risk manage their suppliers.

Furthermore, ESCRC equips supply chain managers with tools that provide useful insights about their most critical suppliers. By calculating loss contributions, managers can quickly identify their most risky suppliers both on a standalone and integrated basis (which captures the interconnectedness of the suppliers).

Another important strategic consideration is which suppliers to develop and which supplier dependencies to reduce. Supplier development programs are risky and involve a trade-off between risk and cost of the investments in the enhancement of supplier capabilities⁷. Depending on the supplier riskiness and profitability of the relationship with a given supplier, the supplier dependencies can be re-evaluated and ESCRC can help executives to drive their strategic supplier relationship decisions. Defining return on ESCRC as a risk-adjusted profitability measure helps to make strategic decisions about the supply chain configuration. Suppliers with higher return on capital will get allocated more capital than those with a lower return.

Companies need to make a step forward from a purely operational model of the extended enterprise to a risk-adjusted model of the digital extended enterprise by integrating risk-adjusted profitability measures in their operations, governance and business decisions. Long-term capital planning on an economic supply chain risk-adjusted basis is one example where manufacturing firms have an ample room for improvement. As opposed to the financial services industry, capital-intensive industries such as mining or automotive can increase their return on investment if economic supply chain risk is taken into account at the planning stage of the investment process.

Prerequisites to adoption of economic supply chain risk capital

While technology has evolved and created boundaries for the application of ESCRC, it is important to note that organisations can only implement ESCRC successfully if it is fully supported by senior management. This can only happen if staff is properly trained and appropriate talent is available, whilst the board is supportive of the inevitable change programme. Statistical supply chain risk models are only as good as the data that is used to calibrate them. Collecting and preparing these data, and moving to a digital supply chain require investment in technology as well as in people’s skills. Simply put, with the evolution of DLT, big data and analytics, achieving an end-to-end supply chain visibility is now possible. With this capability in store, executives can embrace ESCRC as a new strategic supply chain management tool to make better-informed decisions. 

This article was originally published in The European Financial Review on 21 August 2018. It can be accessed here: https://www.europeanfinancialreview.com/on-economic-supply-chain-risk-capital/

About the Author

Kamil J. Mizgier is Senior Quantitative Analyst in the financial services industry. He received his MSc in Applied Physics from the Warsaw University of Technology and a Ph.D from the ETH Zurich’s Department of Management, Technology and Economics, where he also worked as a Senior Researcher until 2016. He does research in Supply Chain Management, Risk Management and Insurance and Manufacturing. His most recent publication is “Zurich Insurance Uses Data Analytics to Leverage the BI Insurance Proposition.”

References

1. Mizgier, Kamil J./Jüttner, Matthias/Wagner, Stephan M. (2013): Bottleneck Identification in Supply Chain Networks, International Journal of Production Research, Vol. 51, No. 5, March, pp. 1477-1490

2. Mizgier, Kamil J./Thakur-Weigold, Bublu/Wagner, Stephan M. (2014): Pragmatic Risk Management in a Tightly-Coupled World, Ivey Business Journal, March/April 2014

3. Mizgier, Kamil J./Wagner, Stephan M./Jüttner, Matthias (2015): Disentangling Diversification in Supply Chain Networks, International Journal of Production Economics, Vol. 162, April, pp. 115-124

4. Mizgier, Kamil J. (2017): Global Sensitivity Analysis and Aggregation of Risk in Multi-Product Supply Chain Networks, International Journal of Production Research, Vol. 55 , No. 1, January, pp. 130-144

5. Mizgier, Kamil J./Kocsis, Otto/Wagner, Stephan M. (2018): Zurich Insurance Uses Data Analytics to Leverage the BI Insurance Proposition, Interfaces, Vol. 48, No. 2, March-April, pp. 94-107

6. Autry, C. W./Griffis, S. E. (2008), Supply Chain Capital: The Impact Of Structural And Relational Linkages On Firm Execution And Innovation. Journal of Business Logistics, 29: 157-173.

7. Mizgier, Kamil J./Pasia, Joseph/Talluri, Srinivas (2017):  Multiobjective Capital Allocation for Supplier Development Under Risk. International Journal of Production Research, Vol. 55, No. 18, 5243-5258

The post On Economic Supply Chain Risk Capital appeared first on The European Business Review.

By learning to proactively manage supplier risks through digital strategies, companies can mitigate the adverse effects of disruptions, enhance supply chain resilience, and stabilise cash flows in the face of uncertainties.

“A strategy is necessary because the future is unpredictable.” — Robert Waterman

Reducing cash flow volatility has always been a strategic goal for companies across various industries. A key aspect of achieving this goal is implementing proactive risk management strategies that anticipate and address potential supply chain disruptions.

Supply chain disruptions can have a significant impact on a company’s cash flow. When a disruption occurs, it can lead to delays in the supply of raw materials, components, or finished products. These disruptions can result from various factors such as natural disasters, geopolitical events, logistics issues, supplier bankruptcies or labour disputes, and lead to production stoppage and revenue losses.¹ The consequences of these disruptions can affect a company’s financial performance and cash flow stability.

However, with the advancements in digital tools and technologies, businesses can now leverage these resources to assess supplier risks and enhance supplier relationship management. The ability to proactively manage supplier risks through digital strategies can help mitigate the adverse effects of disruptions, enhance supply chain resilience, and stabilise cash flows in the face of uncertainties.

In this article, we explore how digital strategies can play a crucial role in proactive supplier risk management, enabling companies to mitigate risks and optimise their supply chains in anticipation of potential supply chain disruptions.

Leveraging Digital Tools for Risk Assessment

With the increased availability of digital tools, firms can now assess supplier risks more effectively. By leveraging data analytics and intelligence platforms, companies can gain deeper insights into their supplier base, identifying potential risks and vulnerabilities. These tools provide a comprehensive overview of supplier performance, financial stability, and compliance with regulatory changes, allowing businesses to make informed decisions and implement proactive risk mitigation measures. The landscape of supplier intelligence platforms keeps evolving, and at the time of writing this article, the major players are listed in Figure 1.

Integration of Supplier Relationship and Risk Management

Leading companies are recognising the value of integrating supplier relationship management with risk management capabilities through the utilisation of digital tools. By combining these functions, businesses can enhance supplier visibility and establish stronger partnerships with their suppliers. Digital platforms enable the seamless sharing of information, fostering collaboration across functional areas and facilitating the proactive identification and mitigation of supplier risks. This integration ensures that risk management becomes an integral part of the supplier relationship management process.

Actionable Insights and Targeted Sourcing Strategies

The adoption of data analytics tools such as Craft further enhances supplier visibility and enables the transition from raw data to actionable insights. By analysing large datasets, companies can identify patterns and trends, allowing for more targeted sourcing strategies. These strategies can consider global regulatory changes, ensuring compliance and minimising supply chain disruptions. Digital tools empower businesses to optimise their supplier base, select the most reliable partners, and proactively manage risks associated with sourcing and procurement.

Using Generative AI to Manage Supplier Risk

With the increasing availability of generative AI tools like ChatGPT, a new source of supplier risk intelligence has become available at the organisations’ fingertips. AI offers valuable capabilities for managing supplier risk by analysing unstructured data sources, web crawling, enhancing supplier evaluation, and improving supply chain forecasting accuracy. However, while AI is still in its infancy, human expertise and judgment remain crucial for validating insights and making strategic decisions based on the generated information.

Supply Chain Finance and Risk Mitigation

Supply chain finance offers opportunities to reduce the risk of bankruptcies by optimising payment terms for both small suppliers and large buyers. For example, PrimeRevenue is a service provider which enables businesses to improve cash flow, provide working capital to suppliers, and foster financial stability within the supply chain. However, caution must be exercised when implementing supply chain finance programmes, as there are instances where it has led to risky situations (think of Carillion or Greensill). It is essential to establish robust risk management frameworks and evaluate the potential impact of supply chain finance on overall supplier risk exposure using digital tools and information available through RapidRatings, Moody’s or S&P Capital IQ.

Establishing Risk Appetite and Allocating Risk Capital

Finally, the implementation of economic supply chain risk capital allows companies to define their risk appetite, allocate risk capital to business units, and evaluate performance on a risk-adjusted basis.² By quantifying risk exposure and assessing potential losses, businesses can make informed decisions regarding risk management strategies. Digital tools can assist in measuring and monitoring risk metrics, providing real-time insights into the effectiveness of risk mitigation efforts. An example of a platform providing this emerging capability is the RAAD360’s partnership with Microsoft.

Putting Strategy into Action

In an era of increasing supply chain complexities and uncertainties, digital strategies play a vital role in proactive supplier risk management. By leveraging digital tools, companies can assess supplier risks more effectively, integrate risk management with supplier relationship management, gain actionable insights for targeted sourcing strategies, and optimise supply chain finance practices. Furthermore, the implementation of economic supply chain risk capital empowers businesses to establish risk appetite, allocate resources efficiently, and evaluate performance in a risk-adjusted manner. By adopting these digital strategies, organisations can enhance their ability to mitigate supplier risks, reduce cash flow volatility, and achieve long-term success in today’s dynamic business environment.

The execution of digital strategies needs to be accompanied by finding internal stakeholder buy-in, which can only be achieved if the digital tools in question are recognised by the business leaders. This necessitates close coordination among various functions beyond procurement, supply chain and technology and requires skilled resources who understand the data and the consequences of data-driven decision making.

About the Author

Dr. Kamil J. Mizgier is the former Global Supplier Relationship and Risk Management Leader at Dow with 15 years of experience in implementing risk management strategies across industry sectors. Before this role, he led enterprise risk modelling projects and teams, among others, at BNY Mellon and UBS. He has published more than twenty academic and practitioner journal articles on risk management and is a frequent public speaker. He obtained his master’s degree in applied physics at the Warsaw University of Technology and a PhD in supply chain management at ETH Zurich.

References

1 Schlegel, G.L., & Trent, R.J. (2014). Supply Chain Risk Management: An Emerging Discipline (1st ed.). CRC Press.
2 Mizgier, Kamil J. (2022): The Path Forward to a Unified Risk Framework. The European Business Review, January-February 2022, pages 8-11.

The post Digital Strategies for Proactive Supplier Risk Management appeared first on The European Business Review.

The closure of a terminal in China at the world’s third-busiest container port is one of the last examples of supply chain bottlenecks that led to disruptions propagating across the world of trade. The Greensill collapse that wreaked havoc in the financial services industry earlier this year calls for a better understanding of risk management interdependencies between manufacturing and financial services sectors.

Sometimes things must go wrong before they’ll go right

As demand for vehicles is increasing, the inventory to sales ratio (which serves as an indicator of the number of months of inventory that are on hand in relation to the sales for a month) hit rock bottom in July 2021, to levels not seen in modern history as depicted in Figure 1.

Industries such as automotive form complex supply chains, with production outputs vulnerable to disruptions due to shortages of inputs across tiers and geographies. At the same time smaller businesses reported delays with suppliers, concentrated in other industry sectors such as chemical, construction, and labor services. To make things even more complicated customers expect services and products to be available through a combination of digital and physical channels. So, what can companies do to measure, mitigate, and hedge the risk of lost sales?

The light at the end of the tunnel

Risk management is a profession with a long history and while main advances and breakthroughs are typically attributed to risk modeling techniques developed in the financial services industry, other industry sectors have important contributions and areas of application as well. The chemical industry is a good example, with various techniques and standards developed over the last decades, including the operational loss distribution approach (Meel et al. 2007). Environmental and health safety, hazard identification techniques, risk analysis and heat maps to mention a few are well-established risk management techniques. The industry regulatory bodies led the development of various regulatory standards (such as the ISO standards) that are closely followed in practice.

Financial services firms, on the other hand, focused on the innovation in risk modeling techniques to address Basel regulatory requirements. The main regulatory requirement is the amount of capital that needs to be held by financial institutions in case of a severe economic downturn and this is the area where banks and insurance firms historically directed significant resources.

However, due to the digital transformation and data availability which has grown dramatically over the last few years major advances and convergence in risk modeling techniques across industry sectors can be seen.

The recipe for risk management success

There are several factors driving the advances of risk management techniques that can help your organization to cope with these challenges.

1. Data availability increased over the last few years

While financial services firms have built their business models predominantly using data, manufacturing firms have made enormous progress in terms of data availability and analysis. ERP systems providers form the lifeblood of any organization’s data capabilities, and most risk management modules are interconnected with the central data repository allowing for model development in real time.

2. Companies have realized that they must invest in technology to remain profitable in the digital era

With the unfolding of digitalization, companies that are willing to stay ahead of the pack are investing in technology to remain profitable. Adding new technologies to the existing technology stack has never been easier and companies are using third party vendors to enhance their capabilities.

3. Covid-19 accelerated the transformation and enabled tech driven customer/supplier management

The side effect of the pandemics is that digitalization was forced to happen at an unprecedented scale and speed. With the majority of knowledge workers completing their tasks remotely, new ways of communication and global collaboration have emerged as a result. Customer and supplier relationship models emerge driven by data that allow for predictive analytics across industry sectors.

4. Sustainability agenda is driving the visibility in supply chains

Climate change and the regulatory developments in the sustainability space are the drivers as investors expect ESG to be part of the firms’ long-term commitment. With the goal to reduce CO2 emissions in the extended value chain, there is a lot of opportunities for increased supplier visibility.

5. Risk modeling methodologies converge at the intersection of data and enterprise risk analytics.

As an example, Value at Risk, still largely unexplored by non-financial firms is gaining increased interest as the concepts of resilience and tail events drive corporate risk agendas.

Another useful measure, Time to Recovery (see Mizgier et al., 2013) is an essential concept used in scenario building and stress testing. Cross industry workshops can help to establish common data sources (similarly to ORX) that firms can use to validate their corporate risk models. Economic Capital (see Mizgier, 2018) can also help to assess the ROI and decide how to steer the business to achieve the best risk-return profile and manage supplier relationships on a risk-adjusted basis.

Conclusion – when managing risk think globally, act locally

Financial services and manufacturing firms form a complex system of suppliers, customers, capital providers and insurers that is densely interconnected on a global scale. Covid-19 brought this dependency to the forefront and the repercussions can be seen unfolding to this day and will stay with us for the unforeseeable future. Luckily, risk managers have tools and techniques at their disposal that can help them to navigate these troubled waters if used wisely across industry sectors.

It is time to revisit your risk management strategy, think globally and act locally according to your industry’s level of maturity. For this to occur, more collaboration is needed both in terms of data sharing and understanding of risk management tools. It is not going to happen in one day, but we can already see progress in that space that will materialize in the years to come.

About the Author

Kamil J. Mizgier works as Global Supplier Relationship and Risk Management Leader at Dow. Prior to this role, he gained professional experience in risk modeling at BNY Mellon, UBS and Aduno Group. He has published several academic and practitioner articles on risk management. He obtained his Master’s degree in Applied Physics from the Warsaw University of Technology and a PhD in Supply Chain Management at ETH Zurich.

References:

1. Meel, L.M. O’Neill, J.H. Levin, W.D. Seider, U. Oktem, N. Keren, Operational risk assessment of chemical industries by exploiting accident databases, Journal of Loss Prevention in the Process Industries, Volume 20, Issue 2, 2007, Pages 113-127
2. Mizgier, Kamil J./Jüttner, Matthias/Wagner, Stephan M. (2013): Bottleneck Identification in Supply Chain Networks, International Journal of Production Research, Vol. 51, No. 5, March, pp. 1477-1490, doi: 1080/00207543.2012.695878
3. Mizgier, Kamil J. (2018): On Economic Supply Chain Risk Capital, The European Financial Review, August/September 2018.

The post The Path Forward to a Unified Risk Framework appeared first on The European Business Review.