COVID-19 will go down in history as an epochal event: a pivotal point after which business will probably never operate or function quite the same again. For risk professionals, Covid-19 is requiring a sustained effort to monitor and manage all risk actions and is laying bare the need for all enterprises to have a sustainable rapid risk response mechanism. What does this mean for the future of risk management? We must think beyond the immediate crisis and look to enhance our ongoing risk management operations.
The threat of a global pandemic is not new. In May 2006, the Homeland Security Council issued the National Strategy for Pandemic Influenza Implementation Plan. The chapter devoted to Continuity of Operations urged the private sector to plan with the assumption that up to 40% of their staff may be absent for periods of 2 weeks or longer at the height of a pandemic wave. The report further elaborated that in addition to those who are incapacitated by the virus itself, absences may be due to employees under voluntary quarantine, employees caring for ill family members, or employees simply feeling safer at home. Ironically, absenteeism that many businesses are currently facing due to workers mandated to stay home as a result of government restrictions was not included. Unfortunately, most companies did not heed the recommendations of this 2006 report and were largely ill prepared for a large percentage of employees and contractors to work remotely when the COVID-19 pandemic did arrive.
We believe that COVID-19 is a watershed moment for business. A turning point from which managing business disruption risk should never be the same. Many companies will recognize this in hindsight, but we urge you NOT to treat this outbreak as an anomaly. In our current interconnected business ecosystem, it is unlikely to be the last disease outbreak with global business ramifications. On top of that, add the increasing likelihood of other catastrophic natural disasters like extreme weather events or geo-political events with global impact and thus the need for a new risk management model is evident.
While it’s unclear when the negative effects of COVID-19 will be fully played out, one thing is certain though: The traditional third-party risk management, or TPRM, practices that financial institutions have relied on are inadequate going forward. However, companies still rely on the point-in-time and periodic risk assessments approach to TPRM.
Companies must make the shift towards continuous risk monitoring through a proactive risk operations center (ROC) for better risk preparedness.