1.    Can you describe your approach to Risk Management within the Financial Services sector? How has it evolved over time?

My approach to risk management has definitely evolved over time, I think as you find yourself in different roles, at different levels and interacting with different people within an organisation your approach needs to adjust and reflect the conversations you are having.

In saying that my starting point is normally a position of curiosity, especially if I am new to the organisation or it is a new project or product. I will ask a lot of questions – what are/is the objectives of the organisation or project, why are we here what are we trying to achieve? What maybe stopping us from achieving that objective? What are the friction points?

This helps to frame and assess where I can add value, where risk management can act as an enabler to the organisation and remove obstacles or reduce friction in a process.

If you approach risk management(both as a risk professional or as someone in the business) as an enabler to achieving objectives, then you will generally get a better outcome than if you come in wielding a big stick.

2.    What are the key risks facing the current market?

The easy answer here would be AI, however my approach to this may differ from others or not be what you expect. I believe AI is just the next thing in a long line of ‘things’ and the actual key risk is innovation, both the amount and pace we are seeing in the market. If an organisation has a great framework for how they approach any innovation, whether it be technological or otherwise then the risk of not adapting or missing the opportunity all together is reduced.

Other key risks that would be playing on the minds of Boards and CEO’s/Executive teams would (should) be:

Implementation of CPS 230 – this is a big change in the industry and will be tested multiple times in its formative years. It will call into question how well your risk management is around your 3^rd and 4^th party suppliers, how strong those relationships are, and ultimately how resilient the industry as a whole really is.

ESG/Climate Change/Greenwashing –there was a very big push a few years back to have a climate change/ESG risk on your key risk registers, however I believe the real challenge is how you are looking at all your risks with an ESG lens, this is a more integrated approach and will require a certain level of maturity from organisations to be able to not just ring fence ESG but see it as part of the whole picture.

Cyber/Data Security – this risk is still evolving and there is a lot of debate on whether the actual risk (as a key risk) is more crisis management if or when an incident occurs. A lot of organisations put cyber on the risk register and are have the right KRI’s and controls in place due to some very talented CIO’s, but the discussions centre more on crisis management or reputational issues around these incidents, this is where a good CRO or risk professional can steer a board discussion in the right direction.

3.    What emerging risks do you anticipate will have the most significant impact on the Australian Financial Services industry over the next 3-5 years?

I believe the three risks above will be big players in the next 3-5 years. I would also add Regulation to that list, whilst not an emerging risk keeping an very close eye on the horizon for big regulatory changes will set organisations up for success, having a well resourced reg change function or a risk and compliance team that is highly skilled in this area will be a game changer for businesses to navigate the amount of change and how well the organisation adapts.

4.    Where do you see the Risk Management profession and career paths heading in future? From a resourcing perspective, pass comment on where the biggest needs will be.

I have seen multiple cycles of what risk management ‘should’ look like, it oscillates between periods of specialist technical focus to periods of strategic business partnering.Currently I am seeing more focus on the technical roles in response to the amount and pace of reg change – AML/CTF, Privacy reforms, CPS 230 just to name a few.

I do think the best career path, given the cyclical nature, is to find a speciality that you are interested in(if you want great traction at the moment look at brushing up on AI) but always look at how you can add to your toolbox. Being able to go deep on a few technical areas will always hold you in high demand.

In the next 3-5 years I think the highest demand areas will be risk professionals that can manage regulatory change, but also have excellent communication skills to be able to bridge the gap for businesses from the highly technical cycle into implementation and making it work in the real world.   

5.    Crisis Management & Resilience remains at the forefront of the Risk Management practice. How did the COVID-19 pandemic shape your approach to risk management?

I am not sure the pandemic changed my approach much, it certainly added extra complexity and brought crisis management and business continuity into the limelight. As a risk professional I have always been on the BCP/crisis management bandwagon so in a perverse way it was nice to see those plans that have been slaved over for hours get used and put into action, and work!

The pandemic highlighted the need for a standard like CPS230, this will probably be the biggest impact that will come out of the pandemic from a pure industry resilience response.

6.    What qualities do you look for when building aRisk Management team? In today’s competitive climate, what can professionals doto differentiate themselves?

I have built many teams over my years leading risk management teams and my starting point is always good communicators, one of my interview questions is always – if you were at a BBQ with friends of friends and they asked you what you did, what would you say? How would you explain risk management? This helps me to assess if the person can communicate outside of risk speak and talk to people in a way that they would understand.

I like to have a good balance of technical experts and generalists on the team, I also like to have people that are a lot smarter than me in those technical roles. If I am given a clean slateI like to build pathways in the team so that everyone can see clear career progression and have something to work towards, I also think this adds diversity of thought to problem solving.

To stand out in a competitive environment I would make sure that your technical skills speak for themselves but your soft skills – communication, stakeholder management, influencing, and relationship building – really stand out. Look at ways that you can show how you applied these skills in tough environments. In a 2 person race I would always take someone who has really strong soft skills, technical expertise can be taught.

7.    What advice would you give to upcoming professionals in the risk management field who aspire to take on leadership roles?

Go through any door that opens for you – you never know what lesson you will learn or what experience you will gain.

Find a risk leader that inspires you and see if they will mentor you – a lot of the big lessons I have learnt have been through experience, and sometimes all it takes is asking someone you trust what they would do to give you a different perspective.

Check in with yourself regularly (daily, weekly, monthly) –did you add value? If you had to invoice for your work would you feel comfortable sending that invoice? I have spoken to a lot of business leaders and they all say the same thing – they want risk people that understand their business, that have an opinion, and can give clear, articulate (non risk jargon) advice. They don’t want someone that regurgitates standards and regulation at them.