Agility means being adaptable to whatever happens
Businesses are heeding the call to be agile with the goal of adapting to whatever is thrown at them. The flying objects can be new competitive threats, regulatory mandates, operational risks, or other change triggers.
In every sector, companies are digitally transforming. Initiatives intended to achieve agility and global competitiveness have shaken businesses to the core, forcing them to invest and change everything from structure and strategy to business processes and people. It’s meant an investment in technology, not only in IT, but also in every other department.
In its research on large global companies transforming into agile organizations, the business consultancy, McKinsey & Company, noted the mindset shift required by “next-generation enabling technology.”
“Technology is a supporting capability that delivers specific services, platforms, or tools to the rest of the organization as defined by priorities, resourcing, and budget.”
“Technology is seamlessly integrated and core to every aspect of the organization as a means to unlock value and enable quick reactions to business and stakeholder needs.”
If your organization is attaining more agility by investing in technology, we salute you. Here, we’ll point out some additional reasons for agility related to compliance and risk.
Regulatory change can be a new regulation, a regulation that’s changed, or a regulation that expires. The biggest, most talked about regulation of late is GDPR. If your company collects and/or processes data of EU citizens, you’ll need to comply with the General Data Protection Regulation (GDPR). The regulation takes effect on May 25. The penalty for non-compliance is severe–up to 20 million Euros or four percent of your company’s annual global revenue, whichever is greater.
Other regulations are gaining attention like NAIC’s Insurance Data Security Model Law and New York’s Cybersecurity Requirements for Financial Services Companies. In fact, cybersecurity legislation is gaining favor with individual states and industries. The financial industry has been told to expect regulatory easing but until it happens, it’s business as usual. In other words, if your organization is agile and adaptable, you’re better prepared for regulatory changes regardless when they happen.
Incidents and disaster recovery
One of the advantages of being an agile organization is that you have plans and processes in place should something unexpected occur. An incident could be a workplace accident that requires an investigation, recording of the incident, or a form submission to OSHA. The incidents exacerbated by the digital shift are cybercrimes and data breaches. Organizations with clearly defined incident management processes, along with threat monitoring and vulnerability feeds, are most agile and vigilant. But it’s not that incidents won’t occur. It’s that when there is one, it’s managed correctly, and the process is reviewed and changed if necessary. That’s what agile organizations do.
Disaster recovery calls for business continuity planning that outlines the steps your company will take to recover. Disasters can be hurricanes, supply chain disruptions, anything that interrupts business operations. Here again, agility is your friend. Regardless of the disaster, you’re able to restore operations quickly.
While many organizations have pursued agility, many more are slow to attempt agile initiatives. Something this big changes the way a company is structured, shifts its strategy and transforms processes and people. That’s a tremendous undertaking. It requires a cross-functional team, a project champion, and a directive from executive leadership.
From there, it’s about selecting the right technology platform that configures with business processes, bridges organizational silos, brings strategy to life, and empowers people to be catalysts for their organizations. Before agility can be a reality, a mindset shift is required. Visualize what’s possible. Agility starts with you.
NSCC members face a new compliance requirement: cybersecurity confirmation. It sounds easy, complete a form, but risk is high. Here’s guidance.
Compliance departments are seriously challenged these days. As business swirls in response to COVID-19, compliance has taken a back seat. That can lead to trouble—violations, fines or both—due to missing deadlines. Management, in a questionable move, may ask compliance to do something taboo. Instead of reading a half empty glass post designed to help compliance deal with these challenges, they instead get a half full glass post that is brimming with optimism for compliance’s role during COVID-19.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.