September 26 2017 Marsh Panel Counsel Symposium Risk Perspectives for Boards of Directors TABLE OF CONTENTS
1 On the Edge: Opportunities in a Polarized World 2 John Drzik, President, Global Risk and Specialties at Marsh 2 Preparing for Disruption, Political Risk and Crisis in an Era of Uncertainty 5 BRINK Editorial Staff 3 Climate Change: An Emerging Risk for Corporate Directors and Officers 8 Arati Varma, Head of FINPRO Practice, Singapore and ASEAN at Marsh 4 How the Board Can Be a Company’s Strongest Strategic Asset 10 Peter Gleason, President of National Association of Corporate Directors 5 Six Ways to Ensure AI Creates Jobs for All, Not Just a Few 13 Stephane Kasriel, CEO of Upwork 6 How a 10-Minute Conversation with a Machine Saved $12 Million 16 Colin Parris, Vice President for Software Research at GE Global Research 7 T-Minus 11 Months for EU Privacy Regulation 18 Omer Tene, Vice President of Research and Education at International Association of Privacy Professionals 8 Cybersecurity Regulation on the Rise: Is Your Company Prepared? 21 Pamela Passman President and CEO of Center for Responsible Enterprise and Trade 9 Five Principles for Stronger Board Oversight of Cybersecurity 24 Robyn Bew, Director of Strategic Content Development for the National Association of Corporate Directors 10 EU’s New Data Regulation Requires Action Now 26 Peter J. Beshar, Executive Vice President and General Counsel for Marsh & McLennan Companies 11 The EU’s New Data Regulation Creates Opportunity for Change 29 Peter Johnson, Cyber Leader for Marsh UK 12 Taking Charge of Disruptive Technology Risks 31 Brian C. Elowe, Managing Director and U.S. Client Executive Practice Leader at Marsh 13 Disruptive Technology Brings Risk and Opportunity to Infrastructure Projects 35 Adrian Pellen, Infrastructure Segment Leader, U.S. and Canada, Construction Practice at Marsh 14 Why Asian Infrastructure Needs Multilateral Development Banks 38 Ryan Soon, Senior Research Analyst at Preqin Tom Carr, Head of Real Assets Products at Preqin 15 How Banks Can Keep Up With Digital Disruptors 41 Scott A. Snyder, Senior Vice President, Managing Director and Chief Technology and Innovation Officer for Safeguard Scientifics 16 Reimagining the Pharmaceutical Sales Representative Model in Asia 45 Joseph Mocanu, Principal and Practice Lead, Life Sciences and Digital Health, Asia-Pacific at Oliver Wyman 17 Rising Migration Demands “Roaming” Health Coverage 48 Eduardo P. Banzon, Principal Health Specialist, Sustainable Development and Climate Change Department at the Asian Development Bank 18 Fintech in China: What’s Behind the Boom? 50 Cliff Sheng, Partner and Head of Financial Services, Greater China at Oliver Wyman Jasper Yip, Engagement Manager of Financial Services, Greater China at Oliver Wyman 19 A Rapidly Evolving Risk Landscape: What has Changed for Risk Managers? 54 Lutfey Siddiqi, Visiting Professor-in-Practice, London School of Economics and Adjunct Professor at the National University of Singapore/Risk Management Institutek 20 Can Emerging Market Multinationals Become Global Leaders? 56 Lourdes Casanova, Senior Lecturer and Academic Director of Emerging Markets Institute, Johnson School of Business, Cornell University INTRODUCTION
The articles included in this publication were selected for the ways in which they examine global risk issues critical for boards of directors. They provide key insights into ongoing and emerging risks in the geopolitical, regulation, and emerging technologies and cyber areas, as well as more traditional economic risks. These articles also highlight opportunities available to companies best positioned to take advantage of them.
This report was prepared for Marsh’s 3rd Annual Panel Counsel Symposium. As the first and only broker developed Panel Counsel initiative, the Marsh Panel Counsel is a unique approach to retaining top tier legal talent for investigations and litigation on an optional, pre-approved basis, providing Marsh clients with benefits that extend beyond the insurance relationship. The Panel Counsel initiative is designed to foster collaboration between Marsh, its clients, insurers, and law firms.
All articles first appeared on BRINK, the digital news service of Marsh & McLennan Companies’ Global Risk Center, managed by Atlantic Media Strategies. BRINK gathers timely perspectives from experts on risk and resilience around the world to inform business and policy decisions on critical challenges.
BRINK Compendium 1 GEOPOLITICS ON THE EDGE: OPPORTUNITIES IN A POLARIZED WORLD
John Drzik President, Global Risk and Specialties at Marsh
Business leaders today must ranging from collapsing trade citizens of Paris, Brussels, Nice, navigate a shifting global landscape agreements to the rising threat Istanbul and elsewhere. Moreover, of risks ranging from geopolitical of nuclear proliferation. cautionary admonishment from tensions to social instability to high-profile visionaries regarding emerging technologies. The shifts On the social front, a number the weakly governed application are creating new threats as well of dynamics are increasing of artificial intelligence amplified as new opportunities. instability. Many citizens the already uneasy public debate in advanced economies are about advanced technologies Two years ago, the confluence struggling with their economic exacerbating unemployment of global risks was pushing the future, facing protracted threats and exposing society to new risks. world toward a tipping point. Since to employment and retirement then, geopolitical pressures have security. Meanwhile, in developing Companies, either alone continued to grow and societies economies, more citizens are moving or collectively, cannot control have continued to polarize. into the middle class, creating new the underlying causes that give demands on their governments that rise to these global risks, but Political shocks and other they have been slow to meet. better awareness of their depth, unexpected events in 2016 were breadth and scope can inform part of a broad geopolitical turn The ever-present threat of plans and processes to address toward protectionism that has terrorism changed its face in 2016 the challenges—and opportunities been building for years. This as the specter of the “lone wolf” —these risks present. has put global cooperation under emerged inside the borders of strain, as seen in developments advanced economies to terrorize
2 mmc.com GLOBAL RISKS causes, which include rising income REPORT 2017 and wealth disparity, a fraught geopolitical environment and The Global Risks Report, prepared disruptive technological change. by the World Economic Forum with The 2017 report also explores the support of Marsh & McLennan the interconnections among risks. Companies and other partners, Social instability was at the center looks at the major threats facing of the web, both increasing and being the world today. increased by a number of major risks. The just-released 12th edition Two major themes dominate of the report highlights the social the 2017 report: growing social and political risks that crystallized and political turmoil and the throughout the world in 2016 emerging technologies of the and examines some of their root Fourth Industrial Revolution.
TOP TEN SOCIAL INSTABILITY RISK CONNECTIONS*
Source: World Economic Forum, Global Risks Report 2017
TOP 10 SOCIAL INSTABILTY RISK CONNECTIONS
SOCIAL INSTABILITY
ECONOMIC GEOPOLITICAL SOCIETAL
*Global Risk Perceptions Survey (745 responses worldwide): Respondents were asked to identify three to six pairs of the most strongly connected global risks. Thickness of connecting lines corresponds to citation frequency.
BRINK Compendium 3 SOCIAL AND POLITICAL to spawn a wide range of potential or the individual programmer who CHALLENGES disruptions to business activity, wrote the initial code? Development from civil disturbance and terrorist in risk governance for AI in parallel Across the globe, people are sending attacks to government policy with its commercial deployment a clear message to political leaders. reversals and regime change. is critical to ensure risk/reward They are hurting, frustrated and As a corollary, companies may also tradeoffs are clear for businesses. angry. They feel let down and they more easily find themselves on the want change. At the ballot box in wrong side of volatile social, political advanced economies, voters have and environmental issues. IMPLICATIONS rejected the political establishment FOR BUSINESS and the status quo, most notably in the UK Brexit vote and the THE FOURTH INDUSTRIAL To thrive in such challenging United States presidential election. REVOLUTION (4IR) times, businesses will need to think Anti-establishment sentiment is also creatively about scenario planning, reverberating across the Eurozone, Technology will continue to play including second‑ and third- where populist movements sprung a vital role in promoting global order consequences such as likely to life and are gaining momentum in prosperity. New advances are poised government responses and cross- Austria, Belgium, Denmark, France, to increase economic productivity, border impacts. Gaming out plausible Germany, Greece, Hungary, Italy, the provide radical healthcare solutions developments and worst-case Netherlands, Poland and Sweden. and combat climate change, scenarios will provide a baseline for among other benefits. The pace gauging which assets are at risk and Citizens have also taken to the streets of innovation is also creating new the scale of the potential damage. in large numbers. In France, strikers risks, ones that will be amplified Having done this, companies can have disrupted fuel supplies and there in a world where geopolitical and stress-test supply chain approaches have been regular demonstrations social instability are on the rise. and investment decisions while in major cities against proposals evaluating potential changes to for labor market reforms. In The report highlights artificial business and risk management Germany, policies to accommodate intelligence (AI) and robotics strategy that will help diversify or the large influx of refugees have as a technology area needing better transfer exposure to disruptive been a lightning rod for broader governance. AI is quickly showing events within and across countries. frustration. In countries such it has the power to take jobs away as Argentina, Brazil, Iceland, from both blue- and white-collar New kinds of analysis are also South Africa and South Korea, workers, challenging policymakers needed. In this era of “fake news” corruption exposures and allegations looking for ways to build resilience and volatile social issues, firms have depressed the trust of to the impact of automation. At a should reevaluate whether they citizens in their leaders. Societies time of significant unemployment are doing enough to protect and are increasingly polarized and the concerns and growing social manage their reputation with stress on established democratic instability among lower-income customers, employees and other norms is reaching a breaking point. groups, companies may also stakeholders. Rumor and allegation experience mounting pressure are not new problems for companies, Democratic leaders are to align their automation and but in today’s “always-on” world, being confronted with some employment strategies with such matters can go viral within uncomfortable trade-offs. To restore what is deemed politically hours and be more challenging democracy to a healthier state, and publicly acceptable. to overcome. policymakers must grapple with several major challenges, including The AI field is fraught with other We are living in a time of high how to make economic growth more complications, for example, new risk, but it can also be a time inclusive, how to reboot the political liabilities where legal precedent of great reward. Every challenge system while maintaining continuity is embryonic at best. If self-driving will need an innovative solution; in systems of government and how cars cut the roughly 40,000 while new policies may close some to manage the renewal of societal annual U.S. traffic fatalities in doors, they will inevitably open identity while balancing elements half, auto manufacturers might get others. With a careful eye on the such as assimilation versus diversity. 20,000 lawsuits instead of 20,000 emerging global risks landscape, thank-you notes. Where does companies can thrive in this Surges in social and political the liability lie? Is it with the volatile environment. instability have the potential carmaker, the software developer
4 mmc.com SOCIETY PREPARING FOR DISRUPTION, POLITICAL RISK AND CRISIS IN AN ERA OF UNCERTAINTY
BRINK Editorial Staff
Among technological disruption, risk managers have to be prepared Disruption’s Impact on Strategy geopolitical tension, and escalating for a multitude of scenarios. and Risk, Philip Reitinger, president cyber risk, the future will be defined and CEO of Global Cyber Alliance, by its instability. The best way for “Mitigation response has to follow predicted that cybercrime would organizations to respond to this alternative views of the future,” be particularly difficult to limit. turbulent and uncertain vision Wittenberg said. “You can’t just of the future is to develop a robust build for a best-case scenario, “This is bad math, but if you plan that engages with the threats and certainly if you just build projected out (the compound looming on the horizon. for the worst-case scenario your annual growth rate in cyber shareholders are going to crucify losses) the entire world economy Uncertainty and blind spots you. If you only understand one will be eaten by cybercrime regarding risk were the key topics or two versions of the future, I can in 2025,” Reitinger said. “Now at the recent Marsh & McLennan pretty much tell you that’s probably that’s ridiculous, that’s not going Companies’ annual government not what’s going to happen.” to happen, but it’s hard to see where contractors’ forum titled (cybercrime) is going to slow down.” Growth in an Unpredictable World: Strategies for Resiliency. CYBER RISK IS SOARING Unfortunately, dangerously Alex Wittenberg, executive director few working professionals— of Marsh & McLennan’s Global Cyber risk should already especially risk managers and Risk Center, emphasized that no be on every risk professional’s C-suite executives—appear to single plan for the future could save radar—but few are aware of the be aware of the disruptive forces an organization from disruption; full extent of the problem. During on the verge of upending their the forum’s first panel,Technology industries. In a recent survey from
BRINK Compendium 5 Marsh and the Risk & Insurance GLOBAL EXPANSION Identifying Management Society, more than MEANS LOCAL RISK half of the respondents said potential crises that their organization had not As organizations expand and become conducted a risk assessment increasingly international, they’ll and building to expand their understanding need to adhere to local customs of disruptive technologies. and regulations in the variety of response countries they’re operating in. The Even more disturbing was the frameworks second panel, titled Third-Party finding that many of those surveyed Uncertainty from Geopolitical were unaware of technologies in in advance Instability, addressed the risks of use within their own organizations. wading into new legal and regulatory Forty-eight percent of risk must be every environments in the local context. professionals responded that their risk professional’s organization wasn’t using or Nina Gross, head of BDO planning on using the Internet Consulting’s Washington, D.C., priority. of Things; the actual use number Global Forensics practice, explained was 90 percent. that many organizations seeking to work abroad often lacked the local Marsh’s Jim Holtzclaw, echoing context necessary to operate legally. Wittenberg’s keynote, argued that organizations need to develop “Whether I’m Nigeria, or plans that have a wide berth Mexico, or Brazil, or Germany, or for future change: “Organizations Switzerland, or fill-in-the-blank, I’m need to be looking at ways to going to enforce my laws,” Gross said. adopt these technologies, they “Many of us don’t even know what need to be proactive, they need those laws are. And so I think the to plan accordingly.” dynamic now is: We need to be aware of what’s happening—not just in the However, Holtzclaw also cautioned U.S. or where you’re headquartered— that adoption for the sake of but what’s happening around the adoption, without the appropriate world where you do operations. That, due diligence, could be catastrophic. I think, is the biggest risk right now.” “If you’ve ever pictured the iceberg However, adherence to local laws that’s floating in the ocean, and can be complicated when countries you see the part that’s above the have a record of corruption, waterline, that’s what the vendor is crime, or terror risks. Beyond just telling you about,” Holtzclaw said. knowing local laws and regulations, “What he’s not telling you about is organizations need a clear that large chunk that represents the understanding of the risk landscape maintenance, the upkeep of that in the country they are in or plan on solution that sits below the waterline. working in. That maintenance tail may not fit within your organization, and that Julie Martin, who leads Marsh’s technology will be a failure.” Public Agency Team, gave a historical example: “Going back a However, when an audience member couple decades, the only way that asked the panel about potential you could do business, for example, avenues for older companies in Indonesia, is if you were in unprepared for newer platforms, partnership with a Suharto family Holtzclaw responded frankly: “Those member. But when Suharto was kinds of companies? We’re seeing toppled that then became a big them die every day. They have no negative. So you obviously need choice but to innovate.” to consider who your partners are.”
6 mmc.com The best approach, Gross explained, Reputational risk can be increased is due diligence well in advance by a number of factors, ranging of a deal. Mobilizing accountants from bad conduct and questionable to conduct audits and look into business judgment, to internal potential international partners and external attacks. These isn’t an extraneous cost—it lays risks are amplified in a crisis the groundwork for successful due to a confluence of factors: business operations going forward. • Crises are inherently unpredictable, “When you start to pull back that so most organizations aren’t onion, you realize, ‘well their prepared for them business is dependent upon paying bribes, and the head of the business’s • The 24-hour news cycle and son-in-law is the head of trade in social media have the potential such-and-such ministry,’” Gross said. to expand the crisis beyond “You’ve got to start asking questions its original proportions early on in the deal. Once you get too • Social media also increases far in, you’re almost beholden and the expectations for a company you have to complete that deal and response, which often runs it may end up being a big problem.” counter to a desire for fact-finding or measured silence
RESPOND • The unpredictable nature of crises TO REPUTATIONAL makes accurate information RISK CRISES difficult to come by
The final presentation at the forum, Seymour emphasized that Social Instability: Optimizing most problems cannot be easily Talent During the Storm, focused contained to any one department. on reputational risk. First, Chandra A cyber issue, for example, is not Seymour of Marsh Risk Consulting an IT problem; it could easily put the worth of a reputation into spill over and become a business concrete numbers. and communications problem.
“Reputation typically accounts Therefore, mirroring the suggestions for about 30 percent of a company’s of speakers before her, Seymour actual stock price or value,” Seymour argued that the goal for any said. She cited a recent airline PR organization unwilling to risk crisis, after which the company’s its reputation would be to develop stock price took a 1 percent dip. a streamlined, comprehensive “For that organization, a 1 percent dip response structure. That would represented $255 million,” she said. entail identifying potential crises “So that’s a big number, especially and response frameworks well when, what studies have also shown, in advance and training spokespeople is that typically a stock price will dip and management to respond quickly anywhere from 20 to 30 percent after and clearly. a major reputational issue.”
BRINK Compendium 7 ENVIRONMENT CLIMATE CHANGE: AN EMERGING RISK FOR CORPORATE DIRECTORS AND OFFICERS
Arati Varma Head of FINPRO Practice, Singapore and ASEAN at Marsh
Climate change is fast emerging climate-related exposures. We that is both meaningful and beneficial as one of the most significant risks expect to see the development to the directors’ decision-making facing the economy, and Asia is of claims against companies and process. Boards, in turn, need considered to be one of the most their directors arising out of the to provide guidance to the risk vulnerable regions in terms of its disclosure (or lack thereof) of committee, as part of enterprise-wide physical impacts. climate-change related risks. risk management, so that risks and opportunities resulting from climate In recent years, climate change Knowledge and awareness of risks change can be incorporated into the has become a headline issue for and opportunities associated with strategic planning process. Prudent, both governments and the private climate change are critical for boards long-term planning is important sector due in part to emerging rules and senior executives. Directors and to mitigate the adverse impacts and and regulations. However, most officers can expect increased scrutiny take advantage of the opportunities companies in Asia have only just in the years ahead from shareholders, presented by climate change risks. begun to address the potential impact regulators, and young prospective of climate change at the board level. employees regarding their Social and environmental The increasing call for clarity in companies’ responses to address considerations fall within the climate risk disclosure has spurred the emerging risks and opportunities purview of fiduciary responsibility risk managers, board members, and of climate change. The absence of board members. This is because chief financial officers to examine this or lack of board awareness and evolving management risk exposure. they have fiduciary duties to act in accountability on climate change the best interests of their company THE TIME TO ACT IS NOW and sustainability may result not with reasonable care and due only in breach of regulations but diligence, in following their mandate Regulators, large institutional also reputational damage and lower to maximize returns, concurrently. investors, and sovereign pension company valuations relative to those and wealth funds are increasingly of more engaged industry peers. focusing on the performance WHAT’S TRENDING? of companies in the face of climate Risk managers must therefore change risks. This includes the understand and communicate Directors’ and officers’ liability preparedness of companies and climate-change risk issues to their exposure continues to grow their boards to effectively deal boards. This includes focusing on in the climate risk space. Of particular with operational, regulatory, and issues that concern boards and note are the following trends. reputational risks resulting from presenting information in a manner
8 mmc.com Increasing call for clarity in climate Negative impact on company and officers of a company for their risk disclosure. valuation and reputation. personal liability to pay damages to Shareholders and regulators alike Liability from direct or inadvertent a third party, resulting from an actual are increasingly seeking greater climate‑related risks can be or alleged wrongdoing. This includes a transparency on corporate policies significant, if not catastrophic, breach of their duties in the course of related to the environment. as demonstrated in the case managing the affairs of the company. Directors and officers may be of asbestos, oil spills and ground Noteworthy in the climate change required to respond to allegations leaching. A company can go bankrupt context is the pollution exclusion of failure to disclose the company’s cleaning up a site or defending typically contained in a D&O policy, climate‑change related risks, or lawsuits arising from environmental which is designed to prevent the to ensure compliance with climate torts. There is also a danger D&O policy from covering physical related laws and regulations. Recent that adverse publicity generated and environmental perils, as physical legislative developments in Asian through unexpected social-media perils are afforded cover under countries such as India and Thailand coverage might harm product sales other insurance policies available now enable investors to commence as customers turn to substitutes. in the market. However, most securities-related class action Therefore, crisis management D&O insurers allow the insured litigation. A derivative suit might preparedness is increasingly to “buy back” some cover within occur where failure to prepare or valuable. Companies that are the pollution exclusion for non- respond to climate risk results in unwilling or unable to integrate indemnifiable claims, which are considerable financial loss to the climate change considerations claims for which the company cannot company. Even a shareholder class into operational and investment reimburse an executive for liability action might arise if the failure to decisions may be viewed negatively or defense costs. D&O insurance disclose climate risk exposure or by customers and shareholders. in Asia has become an integral events was to cause material negative part of sound risk management impact to the company’s share price. for many companies as it provides THE SAFETY NET financial protection for executives Increased regulatory action. against the consequences of actual Regulators are becoming more As with other parts of the world, or alleged wrongdoing. vigilant, and enforcement is becoming many countries in Asia such as Japan, more broad. Increased regulatory Hong Kong, Thailand and Singapore Climate change is a key global activity often leads to increased are moving toward a more litigious risk. It follows that the law may liability. Some regulations now culture, with the objective of making be increasingly used as a means require disclosure of a corporation’s companies and individuals more of forcing the corporate sector climate change‑related risks. It is accountable. There is a growing trend to respond to its challenges. As the possible that within the next few toward seeking punitive and personal legal landscapes across Asia evolve, years, guidelines—if not mandatory legal action against senior executives further litigation will likely emerge rules concerning climate risk for failure to follow regulations in Asia from the issues and laws disclosure—will be established and standards. associated with climate change. in many countries. Furthermore, as companies expand their business The globalization of risks Risks for companies and their operations to new and foreign and exposures and increased management are growing and jurisdictions, directors need awareness of consumer rights in Asia liability claims arising from climate to be aware of the various legal and is resulting in investigations, criminal change-related risks can be extremely regulatory developments overseas. prosecutions, or civil litigations over complex and costly. Action on climate This goes beyond traditional financial alleged wrongdoing. These action change is gathering pace and boards regulators, and includes other have put company and individual are more aware of the need to act on climate change‑related regulatory assets at risk. In such cases, senior the unprecedented challenges posed and quasi‑regulatory bodies. executives might look to the Directors’ by it. Directors and officers need Severe penalties can be imposed on and Officers’ (D&O) liability insurance to recognize their responsibilities: directors who fail in their duties to policy to help with defense costs, They need to accept that good consider and disclose the potential settlement, or judgments. management of environmental risks of climate change, including governance is imperative for the D&O liability insurance or fines and/or disqualification from protection and enhancement of management liability insurance, holding directorships. shareholder value of the company. provides indemnity to the directors
BRINK Compendium 9 IN PRACTICE HOW THE BOARD CAN BE The board A COMPANY’S STRONGEST of directors can STRATEGIC ASSET be a company’s
Peter Gleason strongest President of National Association of Corporate Directors strategic asset with a bit of nuanced strategy.
The world in which corporate boards strongest strategic assets. This operate has been transformed need to encourage self‑driven in fundamental ways in recent years. transformation was the impetus The operating environment has for assembling the 2016 Report changed dramatically: Globalization, of the NACD Blue Ribbon the ascendency of the internet, Commission on Building the corporate scandals and financial Strategic-Asset Board. crises have fundamentally altered the business risk landscape, Building boardroom leadership is no unleashed mountains of regulatory easy task, in part because director requirements and prompted greater turnover remains low, particularly engagement between investors in the U.S. According to a 2015 and companies. NACD survey of some 1,000 public company directors, boards added All of these changes have resulted 1.2 directors on average to either in greater director accountability replace a director or expand the size and new areas of oversight, which of the board. That trend is drawing is why the modern-day board increasing scrutiny from the investor must be one of the company’s community. A recent report found
10 mmc.com that 41 percent of the 413 shareholder performance until an event demands a matter of course. The skills that activist campaigns mounted in 2015 it, be it a director’s departure, an initially brought a director into the were intended to unseat a director. activist investor engagement, or boardroom are not guaranteed to be In addition, the California Public a calamity that leaves the public relevant to the company’s strategy in Employees’ Retirement System and at large asking: Where was the perpetuity. As such, directors need to the Council of Institutional Investors board? Instead, nominating and keep the company’s best interests top updated their proxy voting guidelines governance committees should use of mind and have the fortitude to step to call investors to consider length the company’s strategic plan as the down if need be. of service as an indication of roadmap to determine what skills independence. and capabilities are needed in the Third, maintain a pipeline of talent. boardroom—not just today or next Formulaic age- and tenure-limiting Consider these statistics in year, but three to five years out. mechanisms can deprive the board of conjunction with a few troubling the richness and depth of knowledge boardroom trends. NACD public A proactive stance is also that can only be brought to the company survey data indicates that important in communicating board table by seasoned professionals. more than 50 percent of boards composition choices. Consider how Instead, determine an appropriate do not conduct individual director investors might respond to the slate balance between retaining tenured evaluations. In its own study, the of directors and address any potential directors and bringing on new talent. Committee on Capital Markets concerns well in advance of proxy Candidates should be selected on Regulation found that, between 2010 season. Some boards, in addition the basis of how they will diversify and 2014, 85 percent of the directors to providing the basic biographical the board’s thinking and outlook. who failed to receive majority information required by the When bringing on new recruits, shareholder backing remained in Securities and Exchange Commission leverage institutional knowledge their board seats. in company filings, provide context to onboard new directors and get that speaks to why each director was them up to speed on the company Although board composition has elected to the board and how they and its governance processes so that become a battleground issue, add value. they can actively and constructively emphasizing change for the sake contribute to boardroom of change not only fails to get at Second, boards need to have conversations as soon as possible. the heart of the issue, it’s a line a long‑term outlook. of thought that can ultimately As part of their fiduciary Another important element of board undermine the efficacy of the board. responsibilities, directors should talent maintenance is performing Specifically, director tenure becomes always consider the long-term needs regular evaluations at the full board, a target of public criticism. While of the organization in addition to committee and individual levels. A some readily conflate length of short-term goals. As noted above, third-party evaluation can be helpful service with an inability to provide because the nature of doing business in encouraging candid feedback on independent oversight, long-standing is rapidly evolving, it’s important how well the board is functioning as directors can bring invaluable to evaluate not only how the skills a whole. industry experience and institutional represented on the board meet knowledge to boardroom current demands, but also how Aligning board composition with deliberations. they will meet future challenges. company strategy will ultimately To this end, having a diversity of drive long-term performance, and This year’s NACD Blue Ribbon perspectives represented on the the recommendations of the NACD Commission instead recommends a board can be critical to enriching Blue Ribbon Commission report more nuanced approach that focuses boardroom dialogues. are designed to help boards look at on seven critical dimensions of themselves through a new lens. If continuous improvement for boards. In addition, continuing education boards pay attention to these factors, programs can be a powerful tool in when it comes time to ask whether The key takeaways regarding board ensuring that all board members they are ready to confidently guide composition are as follows: are staying abreast of the emerging their organizations through the business issues likely to impact tumultuous year ahead, the answer First, boards need to be proactive. their organizations. At the same will be a well-qualified “yes.” There is a tendency for boards to time, sitting directors should not push off evaluating composition and expect annual renominations as
BRINK Compendium 11 GOVERNANCE PRINCIPLES
Source: Report of the NACD Blue Ribbon Commission on Building the Strategic-Asset Board
Leadership and Oversight
Board Composition/ Recruiting Succession and Onboarding Planning
Strategy Board Governance Continuing Evaluation Director Processes Principles Education
Tenure-limiting Communication Mechanisms with stakeholders
12 mmc.com TECHNOLOGY SIX WAYS TO ENSURE AI CREATES JOBS FOR ALL, NOT JUST A FEW
Stephane Kasriel CEO of Upwork
Whenever I talk to people about It’s easier to see the jobs that Revolution,” after steam power the potential impact of artificial will disappear than to imagine (the first), electric power (the second) intelligence (AI) and robotics, the jobs that will be created and digitization (the third). The it’s clear there is a lot of anxiety in the future. If, as The Wall fourth, which incorporates AI and surrounding these developments. Street Journal suggests, we think robotics as well as other technologies, of AI as a technology that predicts, will have an even greater impact. And no wonder: These technologies it’s much easier to map its impact. already have a huge impact on the We must push ourselves to do that Of course, most new technologies world of work, from AI-powered and understand the future of work. create new opportunities at the algorithms that recommend same time as they eliminate old optimal routes to maximize Lyft Here are six principles to keep jobs, but there is rarely a perfect and Uber drivers’ earnings; to in mind as we imagine how correspondence between these machine‑learning systems that help the world of work will evolve. two forces. The people whose jobs optimize lists of customer leads so go away aren’t easily retrained salespeople can be more effective. for the new jobs, and that can 1. EXPECT MASSIVE lead to anger and social unrest— We’re on the verge of tremendous DISRUPTION and, in the short term, massive transformations in the way we inequalities across both geographies work. Millions of jobs will be As Klaus Schwab, founder and groups of people. affected and the nature of work and executive chair of the World itself may change profoundly. Economic Forum, explains, we’re It’s essential to prepare for We have an obligation to shape this in the midst of a “Fourth Industrial change by keeping abreast of new future—the good news is that we can. technologies, both in general and
BRINK Compendium 13 in your specific field. Learn as much eliminated by AI. Newer studies look involve complex human interactions as you can and keep your skills up at specific, repetitive tasks instead and relationships. to date. of whole jobs and find that, for most of us, some fraction of the work we To help prepare for this future, do each day could be done better investigate AI-powered tools in 2. AI WILL REPLACE with AI. But for most jobs, computers your own field. Learn how to use REPETITIVE TASKS aren’t going to replace everything them and exploit them to increase your own productivity. MORE THAN JOBS we do. For the majority of us, AI will take A recent study from the OECD away the most repetitive and boring poured cold water on earlier tasks, enabling us to spend more estimates that nearly half time on creative problem-solving of American jobs are at risk of being and on the parts of our jobs that
TOP TEN SKILLS
Source: Future of Jobs Report, World Economic Forum 20152015 20202020
1. 1.ComplexComplex Problem Problem Solving Solving 1.1. ComplexComplex Problem Problem Solving Solving
2.2.CoordinatingCoordinating with with Others Others 2.2. CriticalCritical Thinking Thinking
3.3.PeoplePeople Management Management 3.3. CreativityCreativity
4.4.CriticalCritical Thinking Thinking 4.4. PeoplePeople Management Management
5.5.NegotiationNegotiation 5.5. CoordinatingCoordinating with with Others Others
6.6.QualityQuality Control Control 6.6. EmotionalEmotional Intelligence Intelligence
7. 7.ServiceService Orientation Orientation 7.7. JudgementJudgement and and Decision Decision Making Making
8.8.JudgementJudgement and and Decision Decision Making Making 8.8. ServiceService Orientation Orientation
9.9.ActiveActive Listening Listening 9.9. NegotiationNegotiation
10.10.CreativityCreativity 10.10. CognitiveCognitive Flexibility Flexibility
14 mmc.com 3. MIDDLE-SKILLED JOBS jobs in the U.S. What they found is they facilitating human productivity WILL BE HIT HARDEST a strong regional impact: For every and happiness? new robot introduced in a particular Designers, computer scientists The job market will not, however, metro region, an estimated 6.2 jobs and CTOs all need to understand be untouched by automation. The were lost in the same geographic the ethical implications of how OECD estimates that 9 percent of U.S. area. But when examining the we create and use robots and AI. jobs are, in principle, automatable. country as a whole, they found This needs to be a topic of discussion If that happens, it’s going to have the that the impact was about half or among business leaders on national worst effect on people with mid‑level equivalent to three workers losing and global stages. Merely calling skills. Both mid- and low-level jobs their jobs for each additional robot. for a universal basic income is will be the easiest to automate, but One possible explanation is that sidestepping the question of how there’s a stronger business case the automation of industrial jobs technology makers will account for replacing mid-level workers with in the Midwest and U.S. South for human dignity and work in their machines because mid-level workers is partially offset by new types very products. are more expensive. of jobs in coastal cities. If the people replaced by AI and But that’s no comfort if you’re living robots aren’t retrained well, they’ll 6. THE LONG-TERM in one of the states with a net decline be forced to apply for low-skilled TREND CAN BE in jobs. Those who have lost their jobs, leading to an oversupply of jobs need retraining, and we need POSITIVE—IF WE workers at that level and depressing an education system that prepares those wages even further. MAKE IT SO all U.S. children, not just a privileged At the same time, there will subset, for the jobs of the future. Eventually, after the Industrial be fewer people qualified for Revolution, there were at least as We also need to acknowledge high‑skilled jobs, increasing wages many jobs as there were before, and the uneven geographic impact in that segment. This dynamic, they were better ones. The net result of automation and take steps, if unchecked, will hollow out the was an increase in productivity and as businesses and collectively middle of the job market and lead in the number of people employed, as a society, to increase to even greater polarization. which raised overall wealth. But opportunity in geographic that wasn’t a foregone conclusion. To mitigate the impact, society areas that are affected adversely. needs to provide education and job In the 21st century, we’re facing placement opportunities for those a massive change in the technologies most affected by automation. 5. TECHNOLOGY and types of jobs available, similar DESIGNERS HAVE to that faced by our grandparents in RESPONSIBILITY the early 20th century. Like them, we 4. OPPORTUNITIES can’t be certain that both productivity WILL BE UNEQUALLY The ethical mandate is not just and employment will rise. DISTRIBUTED— in education, but also in the design We, as a society, need to make of technology products themselves. AT FIRST the commitment to guide our Autonomous technologies are technologies responsibly and not value-neutral with respect Over time, jobs will return. But they to capitalize on the prosperity to the jobs they impact. Carnegie we are creating, just as those who won’t be the same kinds of jobs, and Mellon robotics professor Illah they will, in all likelihood, appear in came before us did. That way we Nourbakhsh makes the case in a will ensure that AI technology different parts of the country from recent podcast that the makers where automation destroyed jobs. creates opportunity for all, not of robots and AI software need just for a lucky few. to think ethically. Are they creating For instance, researchers Daron technologies whose sole purpose Acemoglu and Pascual Restrepo have This piece first appeared on the is to replace human workers or are examined the impact of robots on Agenda blog of the World Economic Forum.
BRINK Compendium 15 PERSPECTIVES ON INNOVATION HOW A 10-MINUTE CONVERSATION WITH A MACHINE SAVED $12 MILLION
Colin Parris Vice President for Software Research at GE Global Research
A call comes through on my tablet. with artificial intelligence algorithms from human-to-human, to human- It’s a familiar digital voice letting that allow it to see, think and act to‑machine, to machine-to-machine, me know that one of GE’s power just like human beings do. In my and we’ve given it a new name: generation turbines installed at ten-minute conversation with this the Internet of Things. We see the a utility customer’s power plant digital twin, we figure out a solution Internet of Things (IoT) in the home was experiencing a change in its that will save $12 million for the when we talk to Amazon Echo’s operating profile. This change was customer with a simple adjustment Alexa or to Google and ask them for causing a critical part to wear more in how the turbine operates. The information or to perform a simple rapidly than usual. It would not drop-off in performance and higher task. To understand those questions necessarily cause a problem today, repair costs will be avoided thanks and requests, Alexa uses a dictionary or even in the coming months, to a few simple changes the twin from Wikipedia—and its capabilities explains the caller. But further itself recommended based on its are developing quickly, since much down the line, it could become an assessment of historical data, other of the digital infrastructure of the issue that would reduce the overall turbines in the fleet, and its deep consumer IoT is already in place. performance of the power plant and knowledge of the physical stress lead to more expensive repairs. on the turbine in question. The industrial IoT is developing even quicker, despite exponentially That voice on the other end of the The Internet ushered in the world higher technological and regulatory line is not a human operator. It is the of connectedness on a level no one complexities. Industrial devices— turbine’s digital twin, an exact digital had previously imagined. Today, like a power generation turbine, a replica of the physical machine built that connectedness has spread jet engine, a locomotive, or an MRI
16 mmc.com machine—are beginning to be linked But no human spends time watching All views expressed are those via a digital thread. We’re building one single turbine or jet engine. of the author. the knowledge domains for digital Technicians are called when an asset twins, introducing industrial terms has already broken. The digital twin This piece first appeared in the like shroud, nozzle, blade and gets ahead of the problem. This Perspectives section of GE Reports. spallation (that engineers might allows for the technicians to better associate with a jet engine, for plan their days and eliminate example). As the digital industrial their own downtime. Those who dictionary grows, conversations with don’t service machines but work industrial digital twins will be like with them—techs operating the those with Alexa, but the economic, ultrasound, nurses and doctors, etc.— societal and financial stakes of this can focus their time on their patients, back and forth will be much higher. clients, and customers. Instead of eliminating jobs, the digital twin will Recently, Gartner, one of the world’s enrich them by letting humans focus leading information technology on personal development, new ideas research firms, cited the digital twin and interpersonal interactions. in its 2017 list of top 10 tech trends. Unlike many of their industry and Just consider that unscheduled enterprise precursors, the twins are maintenance events with aircraft not just big data crunchers. Through not only cause great stress and their machine learning and AI inconvenience for passengers capabilities, they continually learn, because of flight delays and adapt and change even as the physical cancellations, but they also cost the machines and their environments global airline industry an estimated change. So a twin of a 20-year-old jet $8 billion according to The Future engine will act and think differently of Work report published by GE. than a twin of a newly minted one. Eliminating unplanned downtime is routine with the digital twin, which In health care, you often hear can mitigate airline costs and the doctors tell you to “listen to what inconvenience and stress caused by your body is telling you” to remain travel delays. In renewable power, the healthy and feel as good as you ability of digital twins on wind farms can. That’s what we’re now able to talk with each other and to share to do in industry with digital twins. and act upon insights about factors The twins have given industrial such as the prevailing wind direction machines a mind and a voice to speak has contributed to making wind cost their mind. We can listen to what our competitive and helps to reduce our machines are telling us, so that our carbon footprint. customers can receive the highest level of performance, productivity We value the contributions of and efficiency possible. digital twins in the hundreds of millions of dollars. A more specific The industrial IoT is manifested number is impossible to predict, through the arrival of the digital but if a simple adjustment in a steam twin and it’s disrupting how industry turbine’s operation saved a company will work in the future. For GE and $12 million, the possibilities of what the rest of the industrial world, this the digital twin can do are endless. means trillions of dollars in new growth opportunities. The digital The digital twins’ impact on the twin will become a major pillar of the industrial worker is also worth data economy for industry. To date, noting. From the outside, it seems we have only just begun to scratch as though the digital twin has taken the surface of the immense impact the job previously done by a human. the twin will have in years to come.
BRINK Compendium 17 TECHNOLOGY T-MINUS 11 MONTHS FOR Companies EU PRIVACY REGULATION that have well‑developed Omer Tene Vice President of Research and Education at International Association privacy of Privacy Professionals programs have less work to do in preparation for the EU’s new GDPR.
With fines of up to 20 million The GDPR introduces new euros ($23 million) or four percent obligations on matters such as data of global annual turnover—which, subject consent, data anonymization, for Fortune 100 companies, could breach notification, trans-border reach billions of euros—and new data transfers, and appointment of rules on a right to be forgotten data protection officers. In addition, and data portability, the European it requires companies that handle General Data Protection Regulation the personal data of people (GDPR) has grabbed the attention in the EU to undertake major of compliance professionals and operational reforms, implementing C-level executives alike. Far from new governance mechanisms being just a European law, the and technological tools. GDPR extends to companies that handle any European’s personal Companies that already have data all over the world. As less than well-developed privacy programs a year remains until the date of its have less work to do. The GDPR implementation, the GDPR requires follows the general outline of the companies to quickly devise and 1995 data protection directive and implement comprehensive data codifies many existing industry governance programs. best practices. But it also changes the game in some innovative
18 mmc.com ways. For example, companies may need to be protected, but since certain companies to designate need to adapt to new rights and those types of information do not a DPO if their data processing obligations, such as the right to be relate to an individual, they are not activities fit either of two situations: forgotten and the restriction on personal data and are not covered profiling, and implement these rights under the GDPR. • The “core activities” of the into their products and services. company involve “regular and It is important to realize that systematic monitoring of data Companies that are starting from “personal data” under the GDPR subjects on a large scale” scratch are in for a lengthier journey. is not necessarily sensitive. It could They must first understand the be as mundane as a name, email • The company conducts scope of application of the new address or telephone number. “large‑scale” processing of “special regulation and whether it applies Moreover, to be protected, categories” of data, including to their activities. Next, they must personal data need not be secret. any data that reveals “racial or set up a privacy program, including In fact, even publicly available data, ethnic origin, political opinions, appointment of a data protection such as a class roster or a public religious or philosophical beliefs, officer (DPO) and appropriate comment with a name attached, or trade union membership,” training for staff. Finally, they is considered personal. as well as “genetic data, biometric should build lasting internal data for the purpose of uniquely accountability mechanisms to map The GDPR distinguishes between identifying a natural person, data flows, document privacy impact two types of entities: controllers data concerning health or data assessments and deploy privacy and processors. This is an important concerning a natural person’s by design and by default. distinction since controllers bear sex life or sexual orientation” ultimate responsibility for any This brief overview serves as a primer activity with respect to their The DPO must be a person with to the scope of the GDPR and the customers’ and employees’ data, even “expert knowledge of data protection provisions that may prove most if stored or analyzed by third-party law and practices” who reports significant for companies that seek processors. A controller is defined directly to “the highest management to avoid its substantial penalties. as the entity that “determines level” of the controller or processor. the purposes and means of the The job of a DPO involves monitoring processing” of personal data. compliance with the GDPR and SCOPE OF GDPR other data protection laws, including Processors are entities that actually managing internal data protection The GDPR applies to any process personal data on behalf activities, training data processing organization that is established of controllers. For example, a real staff, and conducting internal audits. in the EU, offers goods or services estate firm may outsource its payroll The DPO also serves as a point of to individuals in the EU, or monitors to a separate company. In this case, contact for data subjects and data the behavior of individuals in with respect to its employees’ salary protection authorities. Given the the EU For example, a developer data, the real estate firm is the broad scope of the DPO requirement, of a dating app that is based in controller—the entity that controls experts estimate that the GDPR California—but used by thousands the information and decides how will drive a thriving market for of individuals in the UK, Netherlands, it is treated. The company processing tens of thousands of data protection and France—is subject to the GDPR, the payroll information is the professionals in Europe and beyond. even without any physical presence processor—responsible for handling, in Europe. storing and distributing the data to employees, financial institutions BUILD A LASTING The GDPR regulates the collection, and tax authorities. storage, use and disclosure of PRIVACY PROGRAM personal data—that is, data about Privacy professionals use a set identifiable people. This means START WITH EXPERTISE of consistent and scalable tools the GDPR only applies to data to implement effective data handling about individual human beings, Once an organization determines practices throughout a company. not companies, governments or it is subject to the GDPR, it must Chief among these tools is the other organizations. Trade secrets or proceed to create a privacy program. privacy impact assessment (PIA), confidential government information Importantly, the GDPR requires a practice that assesses the risks
BRINK Compendium 19 associated with the processing DON’T FORGET to put in place time-consuming of customer data at the beginning THE DETAILS expensive solutions such as standard of any operational process. contractual clauses or binding The GDPR creates clear lines corporate rules. PIAs aim to reduce the risks to of accountability between organizations and data subjects controllers and processors. created by misuse of their personal It expands the controller’s CHALLENGE AND information by mapping data responsibility for processing OPPORTUNITIES flows, prescribing lines of control, activities and sets out specific limiting use to specified purposes, rules for contractually allocating The GDPR presents a challenge and ensuring proper disposal. responsibility between a controller and an opportunity for companies. Under GDPR, privacy pros must and processor. Liability under In our data-driven modern economy, also incorporate “privacy by design” the GDPR falls primarily on the the potential mismanagement and “privacy by default,” ensuring shoulders of the controller. But of customer data is a serious that privacy is part of the product if a processor acts as a controller risk both to companies’ brands development cycle from conception or outside the scope of authority and consumer trust. to implementation. When coupled granted to it, then it is treated with a robust understanding of the as a controller for purposes Improper handling of data can expose GDPR’s requirements, incorporating of that processing. companies to enormous reputational these practices will help companies harm and civil liability. Companies to comply with global privacy norms. Processors’ duties include the that succeed in implementing privacy requirement to process data only practices from the ground up will A robust privacy program must as instructed by a controller, have a competitive advantage. The also implement processes to to use appropriate technical GDPR is simply a catalyst, providing accommodate the new rights of data and organizational measures a legal incentive and a due date for subjects under the GDPR: the right to ensure data security, to delete implementation of best practices to be forgotten and the right to data or return data to the controller for data privacy. portability. The right to be forgotten once processing is complete, and allows subjects to request deletion to submit to specific conditions for IAPP’s Westin Research Fellows, of personal data and removal from engaging any sub-processors. In the Cobun Keegan and Calli Schroeder, publication. Controllers must comply event of a data breach, processors assisted with this article. unless maintaining the information are required to notify controllers, is in the public interest or necessary who are themselves required to defend against legal claims, or to notify data subjects and data where deletion is outweighed by protection authorities. freedom of expression. Additionally, if an individual requests removal of Consistent with the recent trend personal information that has been toward regulating the transfer made public, the controller must of data across national lines, take reasonable steps to inform other the GDPR only permits personal parties that already process the same data to be transferred to countries data about the request. outside of the EU under certain conditions. The path of least The right to data portability requires resistance is an “adequacy decision” controllers to provide personal data from the European Commission, to the data subject in a commonly which designates a receiving country used machine-readable format as “adequate” under European data and to transfer that data to another protection standards. controller upon an individual’s request. This will no doubt stoke Absent adequacy, however, competitive tensions with companies cross‑border transfers may still be that try to preserve their existing possible, but companies are required customer base.
20 mmc.com TECHNOLOGY CYBERSECURITY REGULATION ON THE The rising tide RISE: IS YOUR COMPANY PREPARED? of cybersecurity regulation and Pamela Passman President and CEO of Center for Responsible Enterprise and Trade recommendations complicates the landscape for companies.
Data breaches and other cyber frameworks and best practices incidents are on the rise and on that industries can choose to adopt. the agenda for corporate boards and the C-suite, and for good reason: This rising tide of cybersecurity Loss of customer information, regulation and recommendations trade secrets or other confidential further complicates the landscape assets can significantly diminish for companies. These new a corporate reputation, financial requirements are often inconsistent standing and competitive advantage. among different governments, between agencies of the same However, these aren’t the only risks government and from industry for companies. The diversity and to industry. One of the major complexity of cybersecurity risks, unknowns for companies is and their evolving character, have whether they can embrace one caused governments to respond overall information security in many different ways. Some have framework, or whether they will face taken action directly to require a splintered environment with an the cybersecurity of various public unmanageable number of different and private networks and systems, corporate, industry and government while others have encouraged requirements, standards the development of voluntary and practices.
BRINK Compendium 21 NEW AND EXPANDED risks at their own firms and among it serves as a foundation for their own CYBERSECURITY subcontractors and suppliers. cybersecurity roadmap. REGULATION The shared view among governments The NIST Framework is also and industry is that cybersecurity being reviewed and considered Governments around the world is an important and growing problem, by governments and the private have adopted or are considering and that many existing practices sector internationally. NIST itself legislation that would specifically are inadequate or inconsistent. has been meeting with European and impose cybersecurity requirements Yet, while there is a common other governments and information on industry in various ways. appreciation of cyber risks, at security bodies, including the For example, more than 240 bills, least at a high level, there is little European Commission, the UK, amendments and other legislative coherence in these efforts, even Italy, Poland, Romania and others, proposals dealing with cybersecurity within national borders, and even to discuss how the NIST Framework have been introduced in the U.S. less coordination internationally. and other approaches could be Congress in the past three years. aligned on a global scale. Requirements fall in a variety GROWING USE To date, use of the NIST Framework of categories. Some are direct AND IMPORTANCE is voluntary. Compliance with the requirements to implement Framework is neither mandatory cybersecurity protections. OF CYBERSECURITY as a condition for government For example, companies in FRAMEWORKS contracting nor is NIST the formal the critical infrastructure sector standard against which information now face regulation in the U.S. AND STANDARDS security practices have been and similar requirements in Europe measured in litigation following With cybersecurity regulation and Asia. Government departments data breaches. However, the landscape on the rise, how can a company are also seeing a rise in cybersecurity is changing. The trend to promote prepare? To help companies seeking requirements, such as risk such guidelines—and in particular to address these new requirements, assessments, training and controls. the NIST Framework—seems likely governments and the private sector Trade secret protection laws also to develop into more mandatory are working together to develop require “reasonable steps” be taken requirements, to which other security frameworks and guidance to keep information confidential cybersecurity measures will designed to protect confidential from cyber threats. be mapped. information more effectively For publicly traded companies, from cyber risks. The NIST Framework could very securities laws and shareholder well be the guideline that courts The voluntary Framework expectations are increasingly and regulators will use to determine for Improving Critical demanding that those companies whether companies are managing Infrastructure Cybersecurity, safeguard their confidential data security adequately in a range developed by the National Institute information and reputation against of legal contexts. cyber-attacks—or face administrative of Standards and Technology penalties and civil damage remedies. (NIST) unit of the U.S. Department Other information and cybersecurity This is particularly true in the U.S., of Commerce, is to-date the most standards are also proliferating. where shareholder litigation and comprehensive, risk-based tool The principal information security some Securities and Exchange for managing information security. standard at the international level Commission guidance and U.S. federal government agencies is ISO 27001, which many companies enforcement have already are enthusiastically embracing are implementing and are seeking been launched. the NIST Framework. One recent certification of their compliance. survey of 150 federal government The NIST Framework—although Governments around the world IT and security professionals structured quite differently than this are also increasingly insisting that found that 82 percent are using ISO standard—includes and makes contractors and suppliers that wish the NIST Framework to improve numerous references to particular to do business with the government their security, while 74 percent say ISO 27001 requirements. also closely manage cybersecurity
22 mmc.com IMPLEMENTING LEADING PRACTICES
Cybersecurity tools and standards such as the NIST Framework and ISO 27001 are proving useful to companies and other organizations. Use of a risk management program, such as the NIST Framework, provides the opportunity to bring some uniformity and cost-effectiveness to the varying cybersecurity efforts and requirements that have been developing to date. Such an approach can also help organizations assess, manage and respond to their particular cyber risks more effectively, both internally and down the supply chain.
The bottom line for agencies in the public sector, government contractors, the U.S. and multinational companies: Given the flood of new cybersecurity regulation, the use of leading practices such as the NIST Framework may become virtually, or actually, mandatory. Thus, taking steps now to implement protections will position organizations to proactively meet these ever-evolving cybersecurity requirements.
BRINK Compendium 23 IN PRACTICE FIVE PRINCIPLES FOR STRONGER BOARD OVERSIGHT OF CYBERSECURITY
Robyn Bew Director of Strategic Content Development for the National Association of Corporate Directors
One of the most important jobs of the and major capital investment on Cyber‑Risk Oversight. It is built board is to challenge management decisions such as facility expansions around five core principles that and test their assumptions and upgrades, R&D processes, apply to boards of organizations about strategy, the competitive HR policies and more. As a result, in all sizes and sectors: environment, and associated cybersecurity has moved out risks and opportunities. Many of the IT silo and sits front and 1. Directors need to understand directors would say that they are center on boardroom agendas. and approach cybersecurity most passionate about this part as an enterprise-wide risk of their role, and in today’s business Yet 97 percent of respondents management issue, not just environment it has never been more to NACD’s most recent survey an IT issue. critical. Cybersecurity is a common of board members still find theme in such discussions, because cyber‑risk oversight challenging 2. Directors should understand the it’s a significant enterprise-wide (about 60 percent say it is “somewhat legal implications of cyber risks risk and strategy issue that affects or very” challenging), and only 14 as they relate to their company’s all organizations. percent of directors believe their specific circumstances. board has a high level of knowledge Just by reading the news headlines, about cyber risks. 3. Boards should have adequate it’s clear that cyber risks can have an access to cybersecurity impact well beyond technology— To help directors make headway expertise, and discussions about they affect new business plans on this critical issue, NACD cyber-risk management should and the Internet Security Alliance and product/service offerings, be given regular and adequate recently released an updated mergers and acquisitions, supply time on board meeting agendas. chain and purchasing decisions, edition of the Director’s Handbook
24 mmc.com 4. Directors should set the deep‑dive briefings with Fast facts expectation that management third‑party experts, leaders will establish an enterprise‑wide from government agencies cyber‑risk management and law enforcement, and/ 51% framework with adequate or by leveraging the board’s staffing and budget. existing independent advisors. Directors who report that they are “very 5. Board-management discussion • Individual directors can take confident“ their company of cyber risks should include advantage of opportunities to identification of which risks enhance their own cybersecurity is properly secured to avoid, which to accept, awareness and knowledge by against cyberattack and which to mitigate or transfer participating in relevant director through insurance, as well education programs. as specific plans associated with each approach. For some companies in select 146 industries, cyber expertise on the The five principles help directors board may indeed be the right Median number to establish processes that decision. NACD believes that of days an organization support high-quality dialogue responsibility for board composition on cybersecurity matters. and director recruitment belongs is compromised before Key takeaways include: with the nominating and governance discovering a cyber‑breach committee: The group that is • Understand the specific cyber specifically charged with filling threats that are most material current and future skill requirements to the organization. Ask on the board. They have the 15% questions such as: What are our best firsthand knowledge about organization’s most critical data what the board needs, and are in Directors who say assets? Where are they located? communication with the company’s they are “very satisfied“ Who has access? How are they investors to hear their perspectives. protected? From there, the board with the quality can work with management to But directors don’t need to be of cybersecurity determine the level of cyber risk technologists or cyber experts to information the the organization is willing to accept play an effective role in cyber-risk board receives in the course of its operations, oversight. Like any other significant from management. and how cybersecurity resources business risk, cyber-risk oversight and investments will be allocated. requires directors to have a thorough understanding of the company’s • Stay informed by internal business model, experience in and external counsel strategy and leadership, sound 53% about the changing legal business judgment, and the and regulatory landscape, ability to constructively challenge Cyberattacks first identified including industry‑specific management—in other words, by law enforcement rules and requirements, as the fundamental elements of or third parties, rather well as those that are applicable high-quality board leadership. than organizations who at the state/region, national, And improving the effectiveness of and international levels. cyber-risk oversight practices can have been attacked and should be part of every board’s • Set clear expectations about the continuous improvement activities. format, content, and level of detail of the cybersecurity information $2 trillion management provides to the full board and to key committees. Projected annual cost • Bring additional expert of cybercrime by 2019 perspectives on cybersecurity into the boardroom by scheduling Source: NACD
BRINK Compendium 25 TECHNOLOGY EU’S NEW DATA REGULATION REQUIRES ACTION NOW
Peter J. Beshar Executive Vice President and General Counsel for Marsh & McLennan Companies
The countdown has begun. In May Indeed, the scale of this task PRIVACY AS A 2018, the European Union’s General and its potential complexity was FUNDAMENTAL Data Protection Regulation (GDPR) underscored earlier this month will come into force and impose when Germany became the first RIGHT IN EUROPE sweeping new obligations EU member state to pass national Before looking forward, it is helpful on organizations and their handling legislation implementing the to consider the historical context of personal data. The rapporteur GDPR. While the GDPR will apply for these new laws. First, in the assigned by the European Parliament directly to the EU’s 28 member wake of World War II, Europeans to lead the negotiations around the states, many of them are expected enshrined the right of privacy GDPR, Jan Philipp Albrecht, boldly to adopt implementing legislation as a fundamental human right declared that the new regulation that will tailor certain aspects of the in Article 8 of the European “will change not only the European GDPR to their national laws. As an Convention of Human Rights. data protection laws but nothing example, the just-passed German less than the world as we know it.” Data Protection Amendment Act Half a century later, the internet imposes slightly different obligations and the smartphone have changed The harsh reality is that most with respect to the process for the way that we live. With these companies—large and small—will obtaining employee consent, for new technologies, both companies struggle over the next 300 days utilizing closed-circuit televisions and the government developed to comply with the regulation’s to monitor security in publicly unprecedented abilities to track myriad requirements. accessible spaces and for conducting individuals’ profiles, aggregate scientific research.
26 mmc.com consumer data and use algorithms connection with the offering without first notifying users of how to predict habits and preferences. of goods or services to EU citizens, their data will be stored, processed or monitoring of such citizens’ and protected. It also requires that As these capabilities developed, behavior, regardless of where the any individual consent obtained for however, so did a strong belief organization is located. Accordingly, processing data be “freely given, across Europe that privacy rights its data privacy protections, and specific, informed and unambiguous.” were being eroded. It is against this requirements, follow wherever the This “affirmative consent” will backdrop that European authorities data travels. In practice, the broad potentially require users to felt compelled to act to limit, control jurisdictional provisions mean that click on a consent notice or take and expose the sweeping collection the GDPR’s complex regulations other measures to affirmatively and use of personal data. will have a global impact. demonstrate agreement to allow for the data collection. THE CORE ELEMENTS BREACH NOTIFICATION The GDPR will also codify the OF THE GDPR “right to be forgotten,” which allows For the first time, European individuals to demand that personal In elevating the rights of consumers, companies will be required data be deleted so that it cannot be the GDPR represents a sea change to notify regulatory authorities, searched online by third parties. in how companies will have and potentially consumers, in the European courts have already to operate. While the regulation event of a significant cyber breach. recognized that this right exists is nearly 100 pages long, four Following the Dutch implementation and currently are considering themes dominate its core of a “mini-GPDR” in 2016, thousands how broadly it can be applied of incidents were disclosed to the on an extraterritorial basis. 1. Individuals will have enhanced Dutch Data Protection Authority tools to protect their right within months. Extrapolating of privacy. this sample across the entire EU GLOBAL WEB OF provides an early window into the CYBER REGULATION 2. Companies will be forced likely ramifications for management to reassess the manner in which teams and supervisory boards. Europe is far from the only they process and retain data. government authority seeking 3. Companies will need to review DATA SECURITY to impose greater data and cyber their contractual arrangements protections on business. Earlier this year, the New York State Department with a host of third parties. The GDPR provides guidance on of Financial Services adopted practices to protect data, such 4. Companies will be held to the most comprehensive set of as delinking data from names far stricter accountability cybersecurity requirements in the (“pseudonymization”), encryption, and sanctions. United States. The DFS regulation regular assessments of technical imposes new requirements around controls and incident response plans Those companies running afoul concepts such as multi-factor for maintaining the confidentiality of GDPR provisions could incur fines authentication for password and integrity of data. To ascertain of as much as 4 percent of their global protection, encryption at rest what controls are needed, companies turnover. According to Oliver Wyman and protocols for patching software will need to undertake privacy impact research, fines and penalties vulnerabilities (think the WannaCry assessments and consider engaging in the first year may exceed $6 billion, and Petya attacks). for Financial Times Stock Exchange external experts. Businesses can (FTSE) 100 companies alone. expect regulatory authorities, There is a growing awareness the media and individuals to of the cybersecurity threat scrutinize their data practices. in Asia, as evidenced by China’s SWEEPING JURISDICTION new cybersecurity law and its AFFIRMATIVE CONSENT “data sovereignty” requirements. The GDPR’s reach potentially AND THE “RIGHT Given cybersecurity threats and this extends beyond the EU borders, expanding matrix of new regulation, as its focus is its citizens’ personal TO BE FORGOTTEN” including the GDPR, business leaders data. The GDPR applies to may wish to consider one or more The GDPR prohibits any company any organization that collects of the following steps: or processes personal data in from collecting personal data
BRINK Compendium 27 Set a tone at the top of awareness to lobby, but rather to share insight, Executives should and urgency. information and help shape the rules Executives should assert leadership as they evolve. take ownership regarding—and take ownership of—cyber risk. Data security is not No one has all the answers. of cyber risk. the sole responsibility of the IT Corporate leaders should act today department. The threat is simply to give their companies the best Data security too great and cuts across multiple chance to adapt to a new world order departments within organizations. that offers both great opportunity is not solely the and substantial risk. Identify translators. responsibility Too often, the technical team responsible for information of the IT technology (IT) security speaks a language the C-suite does not department. understand. Executives need to have translators in place who are able to understand both the technical requirements of the company’s systems and the reputational risk to the company’s brand.
Implement best practices. The WannaCry and Petya ransomware events drove home the importance of developing consistent protocols for patching known software flaws. The GDPR and other regulations will require a similar awareness around data processing and privacy issues. In addition to implementing security measures such as firewalls, penetration testing or “detonation” software, has your organization conducted a credible tabletop exercise simulating a cyber attack?
Start communicating with customers and shareholders now. Companies should prepare their stakeholders for an era of greater transparency and disclosure and the almost inevitable day when a cyber intrusion occurs. Help your customers understand how you collect and use their personal data, and how you are complying with regulations.
Make up for lost time. The penalties for noncompliance with the GDPR are severe. Executives should reach out to regulators, law enforcement authorities and policymakers—not so much
28 mmc.com TECHNOLOGY THE EU’S NEW DATA REGULATION The GDPR CREATES OPPORTUNITY FOR CHANGE can repair the breakdown Peter Johnson Cyber Leader for Marsh UK in trust between consumers and organizations in terms of personal data security.
The challenges faced by organizations Nowadays, we hear near-daily as a result of the European Union announcements of new ways that General Data Protection Regulation technologies are changing lives (GDPR) are substantial. While and business strategies. Along many of the headlines to date have with that comes numerous cyber focused on the potentially sizeable attacks aimed at disrupting business penalties and compliance issues, and stealing private information little attention has been given to or holding it for ransom. It’s no the opportunities the GDPR presents surprise, then, that a recent survey for proactive organizations. Key from software firm SAS found that among those are enhancing their data 62 percent of United Kingdom security capabilities, developing a respondents welcomed the GDPR deeper relationship with customers provision for the right to erase and growing their business. personal data from certain systems, or that about half of Americans feel The GDPR, which represents the their data is less secure than it was most significant change to data five years ago, according to the Pew protection law in Europe in 20 years, Research Center. is scheduled to take effect on May 25, 2018. New data protection legislation Data privacy and the right is certainly overdue. European of individuals to choose and Directive 95/46/EC, from which control how their data is used the current Data Protection Act 1998 and accessed have not kept pace (DPA) derives and which the GDPR with technological advancements replaces, preceded both the internet and the digital economy. Along with boom and the birth of social media. a loss in consumer trust regarding
BRINK Compendium 29 organizations’ use of personal data, Under the GDPR, some organizations Businesses must be able to an impact can be seen on profitability will face an additional requirement demonstrate these elements when as the number of consumers using to appoint a Data Protection relying on consent for processing. ad-blocking software continues Officer (DPO) whose role will Special categories of personal data, to increase. be to independently supervise such as health information, will compliance with the GDPR and require explicit consent. When advise staff who deal with personal an organization relies on consent to SEEING THE data. It is hoped that the requirement process an individual’s personal data, OPPORTUNITY that DPOs report into the highest the individual will have the right to management level of their companies withdraw that consent at any time. IN CHANGE will help promote a cyber-risk culture and may even improve They will also have the right to obtain Some organizations will consider board‑level ownership of cyber and port their personal data for their compliance with the GDPR a costly risk within these organizations. own purposes across different service and disruptive undertaking. On providers (“data portability”), as well the other hand, forward-thinking as an enhanced right of erasure organizations will see it in a different CONSENT AND (the “right to be forgotten”), light. They will embrace the should they wish to do so. challenge to develop their technology TRANSPARENCY: and their information management A NEW RELATIONSHIP Consent must be a positive indication and cybersecurity systems. For WITH THE CONSUMER of agreement that personal data can too long, many organizations have be used in the specific manner and for captured swathes of data without The GDPR aims to provide EU the specific purposes set out by the proper protocols surrounding its citizens with greater control over controller. A pre-ticked box will not processing, storage and sharing. the use of their personal data. be valid consent. Consent requires Many have lacked an understanding Some organizations, no doubt, engagement, and engagement enables of data’s relevance and value to their worry about how that will manifest businesses to better understand the business, or of consumer preferences and the potential for consumers needs and desires of their customers on how it is used. to deny them access. As pointed and develop a relationship based on trust and transparency. The GDPR and its requirements out in a recent study by Lippincott, consumers are increasingly willing should help to reduce the staggering Overall, the GDPR will provide to give that consent to companies cost of cybercrime to the global an impetus to improve data they trust and with which they want economy, where estimates range security and controls around to develop a meaningful relationship. from hundreds of billions to trillions the use of personal information. of dollars. Organizations that The customer of the future “expects In turn, it presents an opportunity embrace the GDPR are likely to take everything to be precisely tailored to for organizations to better steps that enhance cybersecurity her, especially with all of the data she understand their data and how it may and therefore reduce the potential gives up,” Lippincott notes, adding: be used to add value to their business. for data loss, operational disruption, “Be transparent. … (The consumer’s) Most importantly, it is hoped that physical damage and reputational trust goes to crowd-verified, fully the actions required of organizations and brand damage. transparent products and processes, to comply with GDPR will go a long so open up your customer experience way toward helping to repair the Organizations’ levels of recent breakdown in trust between understanding around cyber for full accountability. Ground your trust in transparency, not authority.” consumers and organizations in risk continue to increase, due in terms of how personal data is used. part to continued high-profile Central to this transparency cyber incidents, including the is consent, and there are challenges: This can only be done if companies recent WannaCry and Petya The threshold for consent under move away from viewing the GDPR ransomware attacks. There is still the GDPR is higher than under as a compliance-driven tick-box a long way to go for many in order existing legislation. To meet the exercise and embrace it as an to map and quantify their cyber new requirements, consent needs opportunity, a means to improve data exposure and establish the cultural to be freely given, specific, informed management strategies in such a way change required throughout and unambiguous. that drives their business forward. their organizations.
30 mmc.com TECHNOLOGY TAKING CHARGE OF DISRUPTIVE TECHNOLOGY RISKS
Brian C. Elowe Managing Director and U.S. Client Executive Practice Leader at Marsh
There’s a lot of talk these days about disruptive technology was defined Internet of Things (IoT); yet, disruptive technology—3-D printing, as “one that purposefully displaces according to many estimates, 90 autonomous vehicles, blockchain an established technology and percent of companies will be using and more. It’s easy to find breathless alters an industry or way of doing IoT technologies within two or more descriptions of a world gone digital, business—including jobs—or a years. Similarly, only 25 percent be it the promise of connecting all ground-breaking product that of our respondents said their the world’s people to all the world’s creates a completely new industry.” organization uses or plans to use knowledge or the perils of poorly wearable technologies, while studies governed artificial intelligence For some companies, a lack of focus show 93 percent of companies across running amok. on such risks will bring financial a range of industries are already difficulty; for those with foresight, evaluating or using them. Despite the abundance of a focus on the risks will enhance information on disruptive the opportunities. Such disconnects show a gap in innovation, our research raises understanding: Too many risk questions about the level of A surprising number of respondents executives don’t seem to realize the discussion companies are having (24 percent) acknowledged that they pervasiveness of these technologies. about managing the risks of do not use or plan to use any of 13 Perhaps they are simply mesmerized disruptive technology. The 2017 common disruptive technologies; by the “gradual evolution rather Excellence in Risk Management the numbers were even higher than radical change” with which project from Marsh and RIMS, the around individual items. technology now disrupts the Risk Management Society, looks at business world. But companies an array of issues around disruptive For example, 48 percent of risk cannot afford to be surprised when technology risks. For this survey, executives told us their organization technology fails or goes awry. doesn’t use or plan to use the
BRINK Compendium 31 HOW MANY DISRUPTIVE TECHNOLOGIES IS YOUR ORGANIZATION USING OR PLANNING TO USE?*
(Percent of respondents) Source: Marsh, RIMS; Excellence in Risk Management
�o disruptive technolo�y use 2�
�se 1 to � disruptive technolo�ies ��
�se � to � disruptive technolo�ies 22
�se � or more disruptive technolo�ies �
� �um�ers add up to more than 100� due to roundin�
Risk executives need to fortify their vehicle manufacturer? What about now to help organizations map out strategic role by understanding the software designer who built the the way forward? how technologies impact not just algorithm to “tell the car” what to do their own operations and business leading up to the accident? First, understand. models but also the direction of You need to know what disruptive entire industries—both theirs and By definition, disruptive technologies or innovative technology is. What related ones. can make or break a business. is your organization already using? Assessment and analysis of the risks What is coming? If our Excellence ALIGN AND ASSESS need to be integrated into existing survey is any indication, this is a business strategy decisions. Why, dangerous gap that needs to be A primary responsibility for then, this lack of focus on assessing bridged by risk executives. any risk executive is to ensure disruptive risks? “Other areas that new and emerging risks are have greater priority,” was the top The pace of innovation is truly being identified and assessed. Yet answer when respondents were fascinating. As our colleagues at we found a significant number asked about the biggest impediment Lippincott put it: “There is no more (60 percent) of respondents saying to understanding disruptive important question to answer than no risk assessment is being done technology risks. ‘What is the big, unstated need of for disruptive technologies. That tomorrow?’ The answer is deep, should make people nervous given But today’s risk executives need constant, and insatiable inquiry.” the impact that disruptive technology to develop insights that will Educate yourself on terminology, can have on an organization’s help leadership prepare for the on leading-edge innovations, about strategy. In fact, such lack of unexpected. Disruption from hits and misses, emerging risks, and attention to the risks should be technology is an area that unexpected other disruptive technology topics, viewed as unacceptable. events will no doubt emanate from especially for those your organization and should be treated as a priority. or industry is using or planning From a liability standpoint alone to use. these innovations may upend the status quo. Look at a driverless car TAKE CHARGE OF In doing so, expand your network, or truck or train. When the vehicle DISRUPTIVE RISK the people and places you turn to of the not-so-distant future is for answers and ideas. There may be involved in an accident and injures The transformational changes other industry sectors with experts a pedestrian or damages property, that come with managing you don’t typically tap into that can will that be the fault of the owner, disruptive technology risks can help you to better understand how who is not actually driving the be difficult. So what can be done disruptive technology may vehicle? Will liability fall to the
32 mmc.com WHICH OF THE FOLLOWING DISRUPTIVE TECHNOLOGIES IS YOUR COMPANY CURRENTLY INVOLVED WITH OR PLANNING TO USE?*
(Percent of respondents) Source: Marsh, RIMS; Excellence in Risk Management
Telematics 52
Sensors (to track, analyze, and predict) 48
Internet of Things 48
Smart Buildings 44
Fintech 41
Drones 34
3D Printing 31
Sharing Economy 29
Advanced Robotics 28
Artificial Intelligence 28
Wearable Technology 25
Autonomous Vehicles 13
Blockchain 8
* Multiple answers allowed
shift your risks—or how it is already Second, invest. Risk professionals have told us for changing them. The inability to model the magnitude many years that their organizations of disruptive technology risks was intend to invest in data and analytics, “You can’t stick your head in the cited as a strong impediment to yet usage remains elusive: Analytics sand with what’s happening with managing them and undoubtedly ranked near the bottom of techniques disruptive technology,” the director contributes to the lack of focus. our survey respondents said they use of risk management for a major Models, data, analytics—such tools to assess and model disruptive risks. freight company told us. “At some can help prioritize, but they require point, you have to adapt.” investment from leadership.
BRINK Compendium 33 And it’s more than just money that us. “It provides a level of comfort needs to be invested. A commitment that people can understand. If you of time and collaboration to discuss get too detailed or technical during disruptive risk issues across conversations about disruptive the organization will help set technologies, people may be less priorities, lay out the implications willing to engage. But if you keep for decision‑makers, and develop it general, keep it high level, and talk mitigation strategies. One way about potential cyber threats and to do that is through the effective managing them—that’s an easy way use of cross-functional risk to tart the conversation.” committees. And yet, we continue to see a decrease in the number of Companies should also make use organizations reporting they have of an executive-level risk committee such committees. This year, only to discuss broader disruptive 48 percent of respondents said technology risks. Risk professionals they have a cross-functional risk can help lead the way as companies committee, a drop from 52 percent adapt to technology innovation, but last year and 62 percent five years they will be relegated to support ago. Interestingly, 41 percent of roles if they fail to understand and respondents without a committee address the unique issues the fourth said their company should have one. industrial revolution brings. The good news is that the desire and Finally, engage. ability to play a leading role are there. Organizations generally, and risk management professionals in particular, need to adopt a more proactive approach about disruptive technologies—what is already in use, what is on the horizon, and what are the risks and rewards.
Forward-thinking executives will look for alternative means to generate the necessary discussions to raise the risk profile of disruptive technologies. For example, in most organizations today, the term “cyber” is likely to attract attention. In our survey, “establishing effective cybersecurity” was the top concern related to disruptive technology among respondents across various industries. While data breach and privacy issues are real and should not be downplayed, the focus on cyber risk may at times obscure other concerns organizations should consider regarding disruptive technologies.
Several risk professionals we spoke with suggested using the current allure around cyber risk to pivot to broader discussions: “‘Cyber’ is a good catch-all word,” a risk executive at an industrial contracting firm told
34 mmc.com TECHNOLOGY DISRUPTIVE TECHNOLOGY BRINGS RISK AND OPPORTUNITY TO INFRASTRUCTURE PROJECTS
Adrian Pellen Infrastructure Segment Leader, U.S. and Canada, Construction Practice at Marsh
The infrastructure industry has not roads, bridges, pipelines, and ports— Consider something as basic typically been known for its embrace industrial infrastructure, or social to society as roads, and add of new technology. In a recent paper, infrastructure, technological to that the coming of autonomous the World Economic Forum (WEF) advancements are creating vehicles—both for passengers and attributed the industry’s relatively efficiencies in the way we operate. in trucking. Because autonomous slow adoption of technological While technology adoption can help vehicles rely to a large degree on innovation to a number of internal to promote sustainable growth, there sensing technology, we need to and external challenges in the are also risks to be managed. consider if roads, bridges, tunnels, engineering and construction sector: and other infrastructure are being “The persistent fragmentation designed adequately for this new of the industry, inadequate INNOVATION means of transportation. Beyond collaboration with suppliers TRANSFORMS efficiency gained from proper design, and contractors, the difficulties what are the potential liability in recruiting a talented workforce, INFRASTRUCTURE implications for inadequate design? and insufficient knowledge transfer DESIGN from project to project.” Big data and analytics have Innovation dictates also infiltrated how we design Change is inevitable and innovation that infrastructure needs infrastructure. For example, building is disrupting the way we design, to be conceptualized information modeling (BIM) build, operate and use infrastructure. and designed differently. is realizing broader applicability Whether it’s in civil infrastructure— as its technology develops.
BRINK Compendium 35 Historically used for 3-D modeling international construction firm, Change is in the design phase, continuing suggests that by 2050 some innovations in BIM will enable infrastructure will be built inevitable faster and better infrastructure without physical human labor. development, as well as provide It is not difficult to anticipate that and innovation insights into how a project will in our lifetime infrastructure will perform throughout its life cycle, be designed and constructed using is disrupting allowing a view into a project’s future 3-D printing and installed by robots risk profile. This innovation in BIM and mechanistic devices that operate the way we promotes efficiency by allowing those with artificial intelligence. who design infrastructure to provide design, build, real-time support to those building it. OPERATION operate and use BUILDING SITES AND UTILIZATION infrastructure. BENEFIT FROM NEW OF INFRASTRUCTURE TECHNOLOGIES WILL CHANGE Once these innovative infrastructure Construction sites are incubating assets become operational, they grounds for a range of technology will likely include embedded innovations in such areas as technologies, such as the intelligent wearables and telematics. transportation systems (ITS) Wearable technologies, for example, used on many highways and are rapidly changing the work freeways. These incorporate landscape and promoting safety, a variety of technologies including accuracy and efficiency. Among Bluetooth, video, and other wireless the advancements in construction systems to promote efficient traffic technologies is the smart hard management, allow for toll tracking hat, which allows technicians and billing, enhance emergency to project 3-D images in the response times, and assist law natural environment, such as a enforcement. With the coming bridge span, through augmented of autonomous vehicles, it’s likely reality (AR)—the same technology that additional sensing technology behind Pokémon Go. will be needed to improve safety.
Enhanced safety vests borrow Beyond impacting how society uses concepts from vehicle telematics. and engages with roads and other These vests are equipped with infrastructure, interconnectivity GPS and radio-communicating will allow individual components technology to enhance workforce to interact on an almost “live” safety and prevent injuries by basis. For example, it’s anticipated warning users as they enter that, in the near future, individual hazard zones. It’s not hard to infrastructure components will imagine a future in which workers contain monitoring technology wear an exoskeleton that will that will provide real-time improve safety, enhance efficiency, information about their operating and allow for the instantaneous efficiency and life span. When such exchange of data. components need replacement, the sensors will put in the order. Technology will also enable infrastructure to be built by fewer There is no question that innovation humans—potentially enhancing in robotics, automation, and safety and promoting resource other technology will continue efficiency. Balfour Beatty, a large to alter the way infrastructure evolves and the way we use it.
36 mmc.com These technologies promote risk related to infrastructure but need to adopt strong cyber-risk efficiency, connectivity obsolescence could be builders, management practices from day one. and sustainable growth. engineering firms, and/or equity firms and financiers developing Thankfully there is a bustling market and maintaining infrastructure. emerging in the risk management INFRASTRUCTURE RISKS and insurance industry to address ALSO SHIFT Cybersecurity. cybersecurity. In addition to Because infrastructure now needs consulting services developed to With innovation comes risk, however, to be able to integrate with and assess and manage cybersecurity as technological disruption also connect to technology, such as smart exposures, insurers have developed increases volatility and exacerbates buildings, autonomous vehicles, products to transfer the risks that emerging issues, including those and transit systems, cybersecurity infrastructure stakeholders face as related to social stability as well risks become more of a threat than well as support risk mitigation by financial viability and cybersecurity. in the past. The interconnectedness establishing incident response plans. of our infrastructure through the These products, which are triggered Social disruption. Internet of Things (IoT) will face by cybersecurity breaches whether If innovation does eventually displace cybersecurity risks. Infrastructure motivated by financial crime or large numbers of construction crews, may increasingly become a target terrorism, can cover expenses related drivers, or other workers, it’s possible for sophisticated organized to extortion, property damage or there could be considerable social crime looking to extract sensitive financial loss related to a data and unrest in some parts of the world. information. Firms with proprietary privacy breach or network outage. According to executives participating software, systems and infrastructure in a recent World Economic may become targets of corporate One recent estimate from the Global Forum event, it will be critical for and political espionage. Infrastructure Hub, a G20 initiative, industry to plan ahead by investing says there is a need for $94 trillion in education and training for workers Hackers have long probed for in infrastructure investments whose jobs could be made redundant weaknesses in critical infrastructure. by the year 2040. due to technological advancement. The ability for cyber events to affect infrastructure has grown, as seen At the same time, it’s clear Financial viability. in two recent global attacks involving that rapid technological As technology advances, will the malware—WannaCry and Petya. advancement is changing infrastructure we design and build Infrastructure from hospitals to the way we design, build, operate, today be useful in 20 to 30 years? marine ports suffered financial losses and use infrastructure. Innovation How quickly will it become obsolete? and damage due to those events. in infrastructure will enable What if we have flying cars? That growth and promote economic, may sound harebrained at face Perhaps the most frightening risk environmental and social vitality. value, but compare the world we from an infrastructure perspective But advancement comes with live in today to what people thought is that of cyberterrorists seeking to risks—including social disruption, was possible just 20 or 30 years invoke fear. In the age of digitization obsolescence and cybersecurity ago. Once we integrate technology and IoT, there are legitimate threats. These risks can be into physical infrastructure, concerns that cyberterrorists mitigated by forward-thinking it can quickly become outdated. could gain access to flood control gates, traffic lighting systems, city planning, investment, This is particularly important in public transit systems, or even and integration of education into the context of privately financed the doomsday scenario of shutting our workplace as well as an increase infrastructure, where the private the electric grid down completely. in cyber‑oriented defenses. sector takes on the life-cycle Cybersecurity continues to be one management of infrastructure. of the global risks of highest concern. Obsolescence is of particularly heightened risk to private Today’s new technologies almost concession companies who have always increase connectivity, assumed revenue risk (e.g. tolling) including in the ways we build, based on financial models that were operate, and maintain infrastructure. unable to incorporate disruption Companies involved in infrastructure in infrastructure utilization. can no longer afford to think The firms exposed to the financial of cyber risk as an afterthought,
BRINK Compendium 37 ECONOMY WHY ASIAN INFRASTRUCTURE NEEDS MULTILATERAL DEVELOPMENT BANKS
Ryan Soon Senior Research Analyst at Preqin Tom Carr Head of Real Assets Products at Preqin
What do a highway in rural of transparency with regard partnership (PPP) transportation Philippines, a power plant in Laos to regulations. projects, while Myanmar recently and a natural resources refinery unveiled an urban improvement plan in Indonesia have in common? According to Preqin’s Infrastructure for public utilities and roads. Based They are all funded by multilateral Online (IO) (subscription‑based),the on Meeting Asia’s Infrastructure development banks (MDBs). pace of infrastructure investments Needs, a report published by ADB, in Asia has accelerated in the past developing countries in Asia MDBs such as Asian Development few years, from just over $28 billion require an estimated $26 trillion Bank (ADB), World Bank and in transaction value in 2012 in infrastructure investment from the recently established Asian to $139 billion in 2016 (Exhibit 1). 2016 to 2030—or $1.7 trillion Infrastructure Investment Bank The average transaction size has per year—to meet infrastructure (AIIB) play an important role also surged; it is now $306 million, demands. in Asia’s infrastructure by filling a 151 percent increase compared a funding gap that was opened due to $122 million in 2012. to traditional lenders shunning PLUGGING ASIA’S investments in emerging economies Developing Asian nations, especially INFRASTRUCTURE GAP as they are likely to face an uncertain in Southeast Asia, are actively pursuing social and economic political environment and a lack MDBs have the financial firepower infrastructure expansion. Vietnam to help emerging Asian nations is seeking investors for public-private
38 mmc.com modernize roads, rail networks development projects. More recently, additional financing into a country. and ports, as well as improve AIIB revealed that it was in discussion They can also provide governments access to electricity and clean water. with World Bank to co‑finance with hands-on support during more infrastructure projects the preparation, construction, ADB was involved in one of in 2017 and 2018, underscoring and ultimate implementation the largest MDB-sponsored the institution’s commitment to the of infrastructure projects. deals—a $465 million loan facility region. With a quick start, AIIB has to construct the Nam Ngum 3 Hydro already become an important player MDBs also seek to develop Power Plant in Laos. Not only will in the MDB financing landscape, quality0infrastructure assets. the 440 MW hydro-generated power and its importance will only Japan has recently agreed to provide plant reduce energy shortage in Laos, increase going forward. $40 million over a two‑year period it will also export excess power to to ADB, which aims to bring Thailand. In 2016, the Manila-based MORE THAN high‑level technologies to the institution’s lending and grants design and implementation of provided to the region hit an all-time JUST CAPITAL projects, as well as promote quality high of more than $30 billion. ADB infrastructure in Asia. This benefits Besides the provision of capital, has also recently pledged to increase both parties; private investors can MDBs also promote private sector its financial support to Asia over earn long-term returns and achieve participation by acting as anchor the next few years. diversification in their portfolios, investors in unlisted infrastructure while developing nations in Asia funds. ADB previously committed MDBs will work together with can get much needed infrastructure to Berkeley Energy’s Renewable other institutions to maximize their investment and technical know-how. financial assistance for infrastructure Energy Asia Fund, which targets development. Data from Preqin’s IO a range of renewable projects in shows that Indonesia is the greatest developing markets, including COOPERATION IS KEY beneficiary of MDB infrastructure India, the Philippines and Vietnam, financing in Asia with participation while World Bank invested Cooperation between MDBs, from various institutions making in IDFC Alternatives’ India the private sector and governments up one-fifth of such loans in the Infrastructure Fund. The vehicle is key to infrastructure development region (Exhibit 2). For example, seeks opportunities in India’s energy, in Asia, because it can encourage in June 2016, AIIB and the World transportation, telecommunications economic growth, improve Bank each contributed $216 million and social sectors. With the local livelihoods, and enhance to the National Slum Upgrading dry powder—or uninvested regional connectivity. Project in Indonesia, which aims capital—of Asia-focused unlisted to improve urban infrastructure infrastructure funds at an all-time Infrastructure investments and services in several shanty high of $25 billion as of September in developing countries may hold towns. In terms of project stage, 2016, MDBs are in a position to less appeal to some investors as greenfield assets constitute 79 play a significant role in narrowing they typically involve greater risks, percent of MDBs’ financing projects, the disparity between the supply but the presence of MDBs has followed by brownfield (17 percent) and demand of assets. helped instill investor confidence and secondary (4 percent). in emerging Asian economies and PPPs are an important method their infrastructure development. in securing private financing; MDBs are increasingly partnering AIIB ENTERS THE FRAY 90 percent of infrastructure with other institutions, including investors with a preference for Asia export banks and sovereign wealth 2016 witnessed a record high in terms participate in such partnerships. funds, via co-financing arrangements, of lending by MDBs in Asia; 18 However, emerging Asian economies syndication or project bonds. Asia MDB-backed infrastructure deals generally have limited experience faces several challenges in its pursuit were completed worth an aggregate and expertise in structuring a PPP of infrastructure progress, but MDBs $3.8 billion, a portion of which was framework. MDBs can add value are doing their bit in helping address contributed by AIIB, the new kid by working with governments on the region’s infrastructure funding on the block. Officially established regulatory reforms, establishing gap with capital and by providing in 2016, AIIB has a smaller capital PPPs and managing risks. By their technical expertise. base than either the World Bank providing guidance on standards or ADB, but has already approved and best practices, MDBs build a loan facilities for several major solid foundation that can attract
BRINK Compendium 39 NUMBER AND AGGREGATE VALUE OF INFRASTRUCTURE DEALS COMPLETED IN ASIA, 2012 2017 YTD AS AT MAY 2017
Source: Preqin ���������c���� ������
NO. OF DEALS AGGREGATE DEAL VALUE ($ BN)
700 200
180 600 160
500 140
120 400
100 300 80
200 60
40 100 20
0 0 2012 2013 2014 2015 2016 2017 YTD
No. of Deals Reported Aggregate Deal Value ($ BN) Estimated Aggregate Deal Value ($ BN)
PROPORTION OF INFRASTRUCTURE DEBT FINANCING TO ASIA WITH PARTICIPATION FROM MDB’S BY LOCATION, ALL TIME
Source: Preqin ���������c���� ������
Others 17% 20% Indonesia
Bangladesh 8%
Pakistan 19% Philippines 10%
11% India 15% Laos
40 mmc.com TECHNOLOGY HOW BANKS CAN KEEP UP Despite WITH DIGITAL DISRUPTORS their historic advantages, Scott A. Snyder Senior Vice President, Managing Director and Chief Technology and Innovation Officer banks need for Safeguard Scientifics to start transforming themselves to deliver highly personalized physical and digital experiences.
Hardly a day goes by without seeing speech: “Over the next 10 years, we a new business article or blog post will see a number of very significant on digital disruption. Blockbuster disruptions in financial services, is dead, taxis are struggling and let’s call them Uber moments.” hotels are losing customers, who are increasingly renting rooms Ten years may be wishful thinking, in homes of ordinary people. We as significant disruption is already get it: Incumbents get disrupted happening. Massive investments by new entrants armed with digital in fintech are spawning a wave technologies, talented and highly of new companies reinventing incentivized teams and fresh venture everything from payments and capital. There are very few industries money management to lending in which CEOs do not live in fear and financial planning. The chart of digital disruption. below shows examples of companies disrupting financial services. Some Banking is no exception: Executives analysts believe Fintech disruption believe digital disruption will drive could take as much as 10 percent 40 percent of companies out of to 40 percent of bank revenue the top 10 in the next five years. and eliminate 1.7 million banking As Antony Jenkins, former CEO jobs by 2025. of Barclays, aptly put it in a 2015
BRINK Compendium 41 Couple this with increasing month on average, versus 14 times sees the need for physical presence regulation, historically low per month for retailers. Most brands with the roll-out of lockers, pick-up interest rates and the fact that spend billions to increase customer points and even Amazon Go stores. most (73 percent) millennials engagement. Banks already have it, would prefer to get their banking yet bank loyalty is not much better Knowledge. services from a non-financial than cable companies. Banks have an enormous amount services company, and banks seem of data on customers and their to be headed the way of Blockbuster. Reach and trust. needs, spanning from where you The blend of physical and virtual work to what you buy, how much Before we declare the game over, touch points can extend to more you save and even where you like let’s think about some of the unique of people’s everyday needs; people to vacation. Banks should know if advantages banks possess. want to know banks are nearby you have a side job as an Uber driver and part of the community. Defunct to save for a new house and therefore Frequency. online banks such as Wingspan be ready with a business banking Next to social media platforms, banks and ING Direct, now Capital One account, a car loan to upgrade and are the second‑most frequently 360, didn’t scale without the brick- even home‑financing options. Yet touched platforms in our lives. People and‑mortar element, much like most of this data lives in silos across engage with their banks 17 times per Amazon, the e-commerce giant, now disparate data sources, preventing these types of integrated offers.
IN YOUR INDUSTRY, HOW MANY COMPANIES WILL LOSE THEIR PLACE Despite these historic advantages, IN THE TOP 10 DUE TO DIGITAL DISRUPTION OVER NEXT FIVE YEARS ? banks need to start transforming Source: Global Center for Digital Business Transformation, 2015 themselves from inflexible, analog monoliths to delivering highly Hospitality/Travel personalized physical and digital 4�3 experiences in order to be relevant Financial Services to the next generation of banking consumers. The key opportunities More companies at risk to do this are the following:
Make banking seamless. When Disney launched its Retail Education MagicBand wristband at its theme Technology Products and Services parks, the company integrated Telecommunications 3�7 ������� a wearable that combined CPG and Manufacturing frictionless transaction and Healthcare Media and Entertainment personalization features that improved the customer experience and increased consumption by around 8 percent per guest without Fewer companies at risk requiring additional effort on their Pharmaceuticals part. Banks need to do a similar job of integrating banking into everyday life experiences to stay Utilities relevant. Examples include BBVA’s Wizzo app, which makes getting and sharing money easy; TransferWise, which takes the pain out of moving money across borders or Quicken Loans’ Rocket Mortgage, which enables mortgage approvals when Oil and Gas 2�5 you need it.
42 mmc.com EXAMPLES OF COMPANIES DISRUPTING FINANCIAL SERVICES
Source: Author’s research
�������� ���������
�������� PayPal, Dwolla, Square, M-Pesa, Billtrust, Kantox, Traxpay, Venmo
����������� ���������� Bitcoin, Bitstamp, Xapo, BitPay, Etherium, ZCash
������� ��� ������� ������ Bankrate, MoneySuperMarket, LendingTree, Credit Karma
�������� ������� ���������� Fintonic, Moven, MINT, Digit
������ ���������� ��� ������ Batterment, Wealthfront, SigFig, Personal Capital, Nutmeg
������������ �������� ��� ����� Lending Club, Kickstarter, Crowdfunder, AngelList, SeedInvest
���� ��� ������������ ������� LendingClub, Prosper, Kreditech, Lenddo
Hyper-personalize. greater digitization, the trend training talent to match the new While 69 percent of customers seems to shift away from physical digital-savvy customer base. have tried mobile banking, only 25 touchpoints. As we see in retail, percent use it regularly. Much like the leaders are figuring out how Adopt a customer-centric the challenge other mobile apps face to rationalize their physical innovation model. in maintaining ongoing engagement, space with smaller footprints and In this new era of empowered banking apps tend to lose relevance automation while also equipping digital end users, either you find by using a one-size‑fits-all approach, employees to become ambassadors a way to make the customer part failing to leverage recent activity in the customer experience, since of your innovation model or they patterns and context, and not brick-and-mortar conversion rates will innovate around you. The best taking advantage of different modes (25 percent) are still significantly part is organizations that do this of engagement based on what higher than online (2.3 percent). well—such as Waze, Pandora and users prefer. In order to deliver Betabrand—are incredibly capital “hyper‑personalized” experiences Retail brands such as Sephora efficient because they leverage OPM, that increase engagement, banks and Nike have enabled customers or “Other People’s Money,” via smart must combine predictive analytics to easily move from online to devices, broadband connections and with multiple modes of interaction. the local store experience by social media platforms that someone By using data to adapt to customer allowing them to browse store else already paid for. behaviors, banks can determine inventory, make appointments J&J has created a patient experience which customers will respond and even interact with associates. center for iterating on new well to self-service robo-advisors Bank of America has started to healthcare innovations firsthand versus human ones, or which connect its online and local branch with patients and providers before customers can elevate their financial experience more tightly via its mobile deploying into the field. In the case literacy and savings discipline app, and Capital One now has 16 of the African micro-finance service through apps such as Simple or banking cafes aimed at creating a M-Pesa (created by Vodafone), Digit. With emerging touchpoints more relaxed banking environment. it was the local wireless carrier, such as voice agents and wearables, The industry as a whole is still behind Safaricom, that saw the opportunity the opportunity to capture data when it comes to offering a truly to innovate around the large and personalize will only improve. connected and personal branch experience. To make the experience population of unbanked mobile Turn branches into more like Starbucks and less like consumers, and the two teamed experience centers. McDonald’s, banks will need to up to do it. Now M-Pesa has become Nearly 6,000 bank branches have ramp up investments in automation the largest payment platform been closed in the U.S. since 2009, (digital integration, automated in sub-Saharan Africa. In banking, according to the FDIC, and with tellers) as well as attracting and TD Bank partnering with Moven to engage millennials with basic
BRINK Compendium 43 banking services is a good example and scale required by the core This piece first appeared on of customer-centric innovation, but business. IT is no longer just the Knowledge@Wharton, which is the banks still have a long way to go to cost of doing business, but a key online research and business analysis fend off consumer-centric players enabler to innovation. journal of the Wharton School of the such as Apple, Google and Amazon University of Pennsylvania. from disrupting their markets. In October, banking regulator Office of the Comptroller of the Currency Create a two-speed business model. (OCC) established an Office When GE CEO Jeff Immelt of Innovation, implemented declared that the data coming from a framework for responsible equipment is now worth more innovation, and is even exploring than the equipment itself, it forced special bank charters for fintech GE to rethink how it captures and companies. With the potential delivers value to its future customers. for a more relaxed U.S. regulatory As part of GE’s transformation, every environment under the new business unit now has a chief digital presidency, we could see these officer, and GE Digital is becoming innovation avenues open up even one of the largest industrial software further. This is similar to what companies in the world, projected the FDA has been doing around to generate $15 billion by 2020. digital health and mobile medical apps: establishing guidelines and In a similar vein, BBVA chairman examples to facilitate innovation Francisco Gonzalez has said that versus being a barrier to it. the innovation process for banks “might be compared to changing While there are signs of progress the tires of a truck while still in on the regulatory front, most banks motion.” BBVA started its journey continue to lag on digital innovation. towards a two-speed business Despite being one of the top sectors capable of big innovations (“Big I”) for technology investment over more than seven years ago, shifting the last two decades—including from an 80/20 current operations/ the creation of major products such future innovation focus to 60/40. as ATMs, debit cards, credit scoring This came with dramatic changes and check scan and deposit—banks to the organization structure, a are lagging behind other industries, dedicated digital organization and a such as those in retail, transportation number of external innovations and and even healthcare, when it comes ventures that allowed transformation to digital transformation. of the company while still executing on the current business. The good news is that banks are still very well-positioned to win Other banks are starting to follow with the new wave of empowered suit, such as Citi with its Innovation digital customers, given their rich Labs, Umpqua with its Pivotus historic data and balance of physical Ventures subsidiary or Rabobank and digital touchpoints; however, incubating its MyOrder venture it will take a strong commitment separate from the core business. to a customer-centric vision, In order to support continuous a two‑speed business model innovation in the core business, and agile infrastructure to enable or “Little I,” in parallel with creating “Big I” innovation and a data-driven and accelerating “Big I” innovations approach to delivering personalized, that will likely disrupt the core relevant banking experiences. business, banks need to have talent aligned to both missions. They also For bank executives, it’s time need an agile infrastructure that to decide if you want to be Netflix supports rapid experimentation or Blockbuster. Your customers won’t along with the reliability, security wait forever.
44 mmc.com SOCIETY REIMAGINING THE PHARMACEUTICAL SALES REPRESENTATIVE MODEL IN ASIA
Joseph Mocanu Principal and Practice Lead, Life Sciences and Digital Health, Asia-Pacific at Oliver Wyman
In this age of information, The diminishing returns of sales an unprecedented move of directly unprecedented levels of scientific reps have been highlighted even intervening in the price of several understanding, increasing use of earlier. More recently, two key drugs, most notably demanding a 50 formularies, and the growing call catalysts prompted change. First, percent price cut in Opdivo, a leading for evidence-based medicine, why the looming pricing uncertainty, immuno-oncology drug. do we still see pharmaceutical and second, the emergence of viable sales driven primarily by sales alternative models. Today, with roughly 70 percent representatives (sales reps) who rely of pharmaceutical revenue coming more on messaging and relationships from the U.S., EU and Japan, how than on hard clinical evidence? PRICING UNCERTAINTY would price cuts of even 5 percent or 10 percent impact the industry? Indeed, the role of the sales rep has For most countries in Asia, a Can they hope to make up those been facing significant pressures combination of increasing health losses elsewhere in the world, from regulators, physicians and technology assessment use, or will they have to look inward? policymakers (see table), but they reference pricing, and strong In the near term, the latter seems are still ever-present. There are negotiating power have kept prices more probable. The Chinese an estimated 450,000 sales reps substantially lower than in the U.S. government recently announced still directly employed by the Even Japan, traditionally viewed price cuts for 36 branded drugs, industry, and their related activities as a pricing haven (sometimes even averaging discounts of 44 percent account for 62.5 percent of all sales awarding companies with superior compared to the previous year and marketing expenses. pricing to the U.S.), has made and with some reaching as high
BRINK Compendium 45 as 70 percent. Other governments thrive by better knowing their THE WAY FORWARD in the region are undoubtedly doctors, and a good number of them taking notice. are looking for ways to better Thousands of sales reps can’t be collaborate with pharmaceutical eliminated overnight, but their companies. roles can gradually be transformed DIGITIZATION AND THE through upskilling and remodeling EMERGENCE OF VIABLE But why do sales reps need all this incentives. This transformation if they already know their doctors needs to be accompanied by ALTERNATIVES very well from their numerous visits? partnerships with those who Can sales reps do more? understand doctors in a more Dr. Stanley Li of DXY gave a neutral and systematic way, as well particularly compelling internal Some reps surely do and can, as by maximizing technology that example (DXY is a leading Chinese but they are simply not properly can replace the traditional sales rep digital health platform that has 70 incentivized to. In the increasingly function at scale. Some companies percent of all doctors in China as short and scarce visits, they must are trying to do just this, albeit in users) during his keynote speech at focus what little time they have on the medical device space, replacing the Galen Growth Asia Health Tech products rather than the needs of the in-person support provided by CEO Summit last December. their physicians (let alone patients traditional sales reps with virtual and other stakeholders) in order to He described a small “experiment” tech consults that are less intrusive satisfy their own performance targets and far more cost effective. of “only” 27,000 doctors who sought to as well as their company’s targets. compare the effectiveness of message Thousands of boots on the ground delivery between the DXY platform Some pharmaceutical companies still have direct visibility to what is and traditional pharmaceutical have publicly changed their sales happening in the real world. A first sales reps. The hypothesis was that rep compensation model as a first step may be evolving their roles into by understanding what physicians step to changing the way they behave one that is more oriented to customer read and shared, and how they and interact with physicians; yet and institutional support, community interacted with their patients and fundamentally they are still focused engagement, or even involved in the communities online, a virtual profile on a face-to-face “push” interaction. collection of real-world evidence and of the physician could be constructed In the minds of most pharmaceutical competitive intelligence (potentially in much greater detail than what a companies, alternative channels mean even threatening the monopoly typical sales rep could do in their providing the rep an iPad, or leaving of certain health informatics daily interactions. Moreover, how behind more elaborate reading companies). As they do this, there will physicians portray themselves to a rep materials, rather than fully exploring be numerous opportunities for digital may differ from what the physician the various channels in which health companies to support them is really interested in and how the the physicians wished to interact in this journey. physician actually practices medicine. and truly understanding what the The experiment was a success with physicians need from pharmaceutical Ultimately, it’s the patients who will the effectiveness of message delivery companies to better practice medicine benefit most. improving by 3.6 times. and save patient lives.
The striking part of this pilot was Sales reps and their organizations not that it was more effective in need to adapt to the increasing message delivery, but rather how well complexity of care, with physicians DXY knew its doctors. If a company sharing decision-making roles with knows its doctors better, it is obvious payers, third party agreements that it will have better results. This (TPAs), hospital administrators, and also shattered the myth that you even patients as they become more need a face-to-face relationship empowered. Focusing solely on the to be successful. physician is not going to be enough in most Asian markets going forward. The good news is that DXY is not alone in this regard in Asia. Some health insurers, third party administrators and even startups
46 mmc.com ROLE OF SALES REPRESENTATIVE UNDER PRESSUE
Source: Oliver Wyman
Country Year Example
“No Advertising Please” campaign by Australian general practitioners, calling on physicians Australia 2014 to make a pledge and display signs refusing sales representative visits
State Council of China calls for the restriction of sales representative activities to only communicate China 2017 academic information and to provide technical support, neither of which can be tied to sales (e ectively acting as medical science liaisons)
Russia 2011 Proposal by Prime Minister Vladimir Putin to ban all sales representatives (did not pass)
National registration and ID system to track sales representative visits and reduce illegal Turkey 2015 promotional activities
U.S. 1998 The Everett Clinic group banned all sales representatives from visiting their physicians
The Sunshine Act, preventing any gift greather than $10 as well as requiring doctors to publicly U.S. 2014 declare the compensation they receive from pharmaceutical companies
ZS Associates reports that only 44% of physicians are readily accessible to sales representatives, U.S. 2016 18% of physicians have severely limited access
BRINK Compendium 47 SOCIETY RISING MIGRATION DEMANDS “ROAMING” HEALTH COVERAGE
Eduardo P. Banzon Principal Health Specialist, Sustainable Development and Climate Change Department at the Asian Development Bank
As movement across countries of the non-poor informal sector, when they are in foreign countries, becomes easier and more frequent, and fully subsidize the insurance as well as for foreign residents. the one situation most people dread coverage of the poor and other is getting sick and needing to access vulnerable populations. health services in a foreign country. CROSS-BORDER Even as they worry about getting Pooling these various revenue HEALTH COVERAGE well, they end up worrying more sources, NHIs then leverage about how to pay for it. their purchasing power to buy FOR MIGRANT WORKERS health care services from public For low-income migrant workers and private providers for their Countries need to make from developing countries of Asia respective covered populations. their health coverage “roam.” and the Pacific, getting sick may If increasing mobility, innovative not only put them at risk of losing Indonesia’s national health insurer thinking, and collaboration across their jobs and income, with huge now covers 169 million people; and countries has rapidly made phone bills to pay. It may very well drive the Philippine government reports roaming a reality, health coverage them into poverty. that 92 percent of all Filipinos are should be able to roam as well. insured. India will soon expand Many Asian countries have made health insurance coverage to over Asians, up to 31 million in 2015 alone, impressive strides toward providing 800 million people, while the covered are increasingly moving around the health coverage for their citizens— population in China is over a billion. region—mostly to find jobs. That particularly the poor—by setting number will rise as the Association up national health insurance systems But as countries expand health care of Southeast Asian Nations (NHIs) that compel the formal services for the covered population, (ASEAN) Economic Community sector to contribute to premiums. they also need to guarantee the makes it easier for workers to cross NHIs also facilitate the enrollment same health coverage for citizens borders. The increasing movement
48 mmc.com across borders into growing and of pre-payments, including In a world interconnected economies will surely taxes and insurance premiums, make roaming universal health into single funds that not only where borders coverage (UHC) a reality soon. cross-subsidize from the rich and young to the poor and old, are becoming This is crucial for informal but also reduce implementation communities like migrant workers, inefficiencies. This has happened increasingly who are vulnerable to a range of in the Republic of Korea, where the infectious and noncommunicable introduction of a single-pool NHI permeable, diseases, mental health disorders, decreased administrative costs maternal mortality, substance from 6.5 percent to 4.5 percent of health coverage use, alcoholism, malnutrition, total expenses. Government health and violence. They face barriers purchasers are being strengthened needs to be just to decent health care—especially by social and political buy-in for UHC. if their legal status is uncertain. as mobile. In the Philippines, lawmakers Imagine how much easier their lives earmarked in 2012 the most would be if their home country NHI incremental sin tax revenue could cover the treatment they need increases to subsidize the poor and overseas and also foot the bill. Within other vulnerable people. And there ASEAN, for instance, a national is increasing centralization of health health insurance card of one member information and sharing of health country would be enough to ensure data across public and private health coverage in the others. People of the systems. This is making many NHIs Asia-Pacific region would finally have more strategic and efficient. health care that is at least regional, if not universal. These developments provide a solid platform for roaming health Sadly, roaming health coverage coverage. It would also help to have has not matured in Asia. more clarity in benefits packages, payment methods, and health The Philippines requires its guarantees. Interconnected and outgoing migrant workers to get interoperable health information health insurance coverage, but this systems across countries would means paying upfront and getting facilitate bilateral and multilateral reimbursed later. Indonesia, Nepal mutual recognition and agreements and other countries are implementing that could formalize roaming. similar schemes and experiencing the same weaknesses and problems. Within ASEAN, negotiations for multilateral recognition of Southeast Asian countries may not be needed at MORE BUY-IN FOR UHC all. ASEAN can act as a launching pad for roaming coverage as the EU does, The limited coverage is not surprising which allows roaming health coverage given that several countries for any EU citizen in any EU country. still struggle to ensure financial protection with their NHI and other In a world where borders health coverage schemes. The share are blurring and becoming of household out-of-pocket payments increasingly permeable, health for health care services is persistently coverage needs to be just as mobile. high, at more than 50 percent of total If ot, it will never be truly universal. health spending in Cambodia, the Lao People’s Democratic Republic, This piece first appeared on the Asian India, Pakistan and the Philippines. Development Blog.
But here, too, there is positive news. NHIs are pooling all types
BRINK Compendium 49 TECHNOLOGY FINTECH IN CHINA: WHAT’S BEHIND THE BOOM?
Cliff Sheng Partner and Head of Financial Services, Greater China at Oliver Wyman Jasper Yip Engagement Manager of Financial Services, Greater China at Oliver Wyman
China has struggled to shake off the imbalanced financial system in an the fintech market have, on average, perception that it’s lagging behind open regulatory environment. doubled or even tripled every year. developed economies in technology For example, the outstanding loan and innovation. And while much of We believe the development of balance for online peer-to-peer that perception is warranted, there fintech in China has reached an lending platforms surged from is one industry where China can be inflection point. From this point, 31 billion yuan ($4.64 billion) in considered a leader: fintech. technology will be the key driver January 2014 to 856 billion yuan of value-chain disruption in an three years later (Exhibit 1). The country makes some of the increasingly data-driven industry. world’s largest investments in the The explosive growth in China’s sector, and it has adopted fintech fintech sector is further characterized technologies faster than anywhere UNPARALLELED by its relatively short maturity curve. else. Companies such as Alipay, Lufax GROWTH WITH UNIQUE For example, it took four years for and ZhongAn Insurance have made peer-to-peer transaction volume to their names across the globe by using CHARACTERISTICS exceed $5 billion in the U.S., while it fintech to develop some of the most took only two years in China. Lufax, Over the past half decade, we have disruptive business models. These a Chinese peer-to-peer lending witnessed phenomenal growth in players have enjoyed the fruits of platform founded in 2011, reached the Chinese fintech industry. 2013 is fintech’s unprecedented growth by an annual loan origination amount widely recognized as the onset of the filling the gaps in China’s structurally of 9 billion yuan in just two years, boom. Since then, major segments of
50 mmc.com compared to five years for Lending in China from 2011 to 2015, compared the traditional financial services Club, the biggest peer-to-peer lending to 166 percent in the U.S., according system. The unregulated growth has company in the U.S. to our analysis. The bank-driven led to several high-profile scandals. indirect financing model in China For example, over 60 percent of the Venture capital investments in has historically been structured 5,890 online peer-to-peer platforms China’s fintech sector are soaring, and around large and government- that ever existed are estimated to these investments have given rise to related corporates. Most SMEs and have ceased operations based on data several unicorns. retail customers have been largely from Wangdaizhijia.com. Ezubao, a unserved, amid limited and imperfect peer-to-peer lending platform that credit infrastructure. raised more than 1.5 billion yuan “FIN” AS THE HISTORICAL in a year and a half, was proved to VALUE DRIVER— Noticing the structural imbalances, be a Ponzi scheme, making it the RIDING THE WAVE OF the Chinese government is gradually biggest-ever financial fraud case pushing for financial reforms. in China. The recent Zhao Cai Bao TRANSFORMATION Coupled with the timing of the default illustrated how online wealth Internet boom, this has created an management products were offered to When compared to the U.S., China’s opportunity for fintech players to investors who did not have access to financial system has historically bridge the gaps in traditional financial transparent information. exhibited three main structural services by capitalizing on their imbalances or inadequacies, namely strong online presence and loose Such incidents created growing underserved retail and small- and regulation. concerns over the legitimacy of medium-enterprise (SME) segments fintech and prompted policymakers in the bank-dominated indirect Despite the impressive growth, not to incorporate fintech into the financing model, a deposit-driven all players that emerged in this wave regulatory framework. The tightened investment model and trailing of transformation are truly “fintech” regulatory environment will infrastructure development. in nature. Some of the players grew undoubtedly challenge some of the rapidly by exploiting their less- fintech players that have grown For example, direct financing regulated status to offer products uncontrollably amid regulatory amounted to only 69 percent of GDP that were stringently regulated in loopholes.
INDEXED GROWTH OF CHINA FINTECH SEGMENTS*
Source: WIND, Analysys, CIRC, Insurance Association of China
3,000 Size in 2016 Metric (RMB billion) 2,773* Outstanding loan balance of 856* online P2P lending platforms
Transaction volume 10,825 1,500 1,448 of online WAM
Online distributed insurance 235 807 premium revenue 749 3rd party online and mobile 100 54,470 0 payments transaction amount 2013 2014 2015 2016
Financing Investing Insurance Transaction
*1. Methodology: One representative metric for each area adopted and indexed at 100 in 2013. Metric selection: Financing – outstanding loan balance of online P2P lending platforms; Investing – transaction volume of online wealth management platforms; insurance – online distributed insurance premium revenue; payment – total 3rd party online and mobile payments transaction amount. *2. Used outstanding loan balance at the end of the first month of the year after in lieu of the year-end figure as no o cial pre-2014 data was available, i.e. the outstanding loan balance of January 2014 is indexed at 100. *3. Figure at the end of January 2017 (see note 2 for details).
BRINK Compendium 51 TECH AS THE FUTURE 1. Financing. 4. Transaction. VALUE DRIVER—NEW, With the availability of Although still nascent, nonfinancial data and improved blockchain and its applications DISRUPTIVE BUSINESS knowledge of how to use it, could potentially be used to MODELS Chinese fintech companies provide low-cost, reliable could considerably improve transaction solutions across As the window of regulatory arbitrage their credit-risk management different areas of financial closes, future fintech leaders will capabilities and enhance the services. They could potentially differentiate themselves by pushing customer experience. They promote mutual growth with the frontiers of technological could expand the “lendable budding fintech business models innovation and disrupting traditional population” from around 200 that are only economically financial services business models million credit-card-carrying possible with support from such (Exhibit 2). prime borrowers to around 800 solutions. million, creating value for—and We believe big-data analytics, from—otherwise neglected We have not yet seen the full potential the Internet of things (IoT), and subprime segments. of fintech in China; but we believe blockchain technologies and that technological advances, coupled applications will form the bedrock 2. Investing. with the unique circumstances of for future fintech leaders, owing to With stronger computing China’s financial system, will propel their ground-breaking capabilities capabilities, online wealth fintech companies to further drive to acquire, assemble, analyze, and management platforms can innovation and disrupt the traditional apply information. Data treatment conduct detailed analysis by financial services space. and information processing are at pulling together various types of the heart of decision-making for data about the market, individual A second part to this piece will be financial services, especially in China securities, and investors. They published next week—it will delve into where data are often incomplete, can then offer low-cost, bespoke the implications of China’s growing not transparent, and sometimes investment solutions that are fintech market on various stakeholders. questionable. free of subjective and behavioral biases. Assuming these solutions For example, technology leaders attracted 2.5 percent of invested in China have already achieved assets by China’s historically self- a major leap in big data analytics directed investors by 2020, these computation capacity and made would represent assets under significant progress in machine- management worth a whopping 5 learning capabilities. Leading fintech trillion yuan. players are also increasingly adopting such techniques to facilitate their 3. Insurance. understanding of the market and The emergence of connected customers by building know-your- ecosystems, along with the product (KYP) and know-your- increased adoption of technology customer (KYC) capabilities. They gadgets, provides not only also use such techniques to support gateways to innovative insurance the development of innovative products but also alternative data products and dynamic pricing. In sources for tailored products and addition, big-data analytics also pricing. In our recent publication, enable the automation of decision- Insuretech in China, we estimated making processes and reduce labor that such technology upgrades costs. and ecosystem embedding would present insurers with premium The application of these technologies revenues amounting to 400 will create significant disruption billion yuan by 2020. along value chains and bring about distinctive values for each of the four major areas of financial services:
52 mmc.com RECENT REGULATORY DEVELOPMENTS FOLLOWING GROWING CONCERNS AND INCIDENTS KEY CONCERNS EXAMPLES / INCIDENTS RECENT REGULATORY MOVEMENTS Financing •• Borrower appropriateness/ •• Nude selfies for loan •• More stringent requirements on lending to borrowing terms •• Student suicides amid loan university student*¹ •• Inappropriate shark collection •• Capping borrowing balance by individuals collection approach (RMB 200 thousand) and organisations (RMB •• Enlarging but untraceable 1 million)*³ leverage; multiple sources borrowing Investing •• Visibility/transparency/ •• Ezubao’s Ponzi scheme •• Prohibit P2P players from exaggeration in traceability of investment flows •• Corporate default related prospectus and concealing of flaws and risks (e.g. Ponzi scheme) to Zhaocaibao (e.g. any guaranteed principal & return of •• Investor-asset risk mismatch/ interests); disallow P2P players from asset •• Accusation on JD.com securitisation*³ mis-selling “Baina” model •• Liquidity mismatch •• Investigation against Internet Co with AM license conducting inappropriate activities; against Cos without AM license but conducting such activities; against Cos with multiple licences on potential tunneling*⁴ •• Prohibit crowdfunding platform from engaging in public equity raising activities (more than 200 shareholders) and selling private funds*⁵ Transaction •• Fraudulent transactions/ anti- •• Yu’E Bao attracted transfer of •• Require real-name money laundering bank deposits identity verification*² •• Overexpansion of third party •• Classification of individual payment accounts, payment to deposit taking capping transaction volume and account balance*² •• Disallow settlement and custodian for other FI*² Protection •• Inappropriate product nature •• Emergence of •• Suspension of speculative products such as for speculation instead “innovative” insurance “limit down insurance of protection •• Emergence of internet (跌停险)” by CIRC •• Sustainability/potential “mutual help” model •• Challenge the provision of insurance activities fraud of emerging by non-regulated platforms insurance platforms (e.g. Quarkers (夸克联盟))*⁶
*1 “Notice on Strengthening Risk Management and Education Against Inappropriate Lending in Universities”, 2016 April *2 “Administrative Measures for the Online Payment Business of Non-Banking Payment Institutions”, 2016 July *3 “Interim Measures for the Administration of the Business Activities of Online Lending Information Intermediary Institutions”, 2016 August *4 “Issuing the Implementation Plan for Special Rectifications on Risks in Asset Management and Carrying Out Cross-boundary Financial Business Through the Internet”, 2016 October *5 “Issuing the Implementation Plan for Special Rectifications on Risks in Equity Crowd-funding”, 2016 October *6 “Note on Potential Risks Associated with Unlicensed Operation of Insurance Business by Internet Comapnies”, 2016 April – internal document of CIRC which was later exposed and discussed publicly Source: Oliver Wyman analysis
BRINK Compendium 53 SOCIETY A RAPIDLY EVOLVING RISK LANDSCAPE: Risk management WHAT HAS CHANGED FOR is much more RISK MANAGERS? than tools and metrics: it is Lutfey Siddiqi Visiting Professor-in-Practice, London School of Economics and Adjunct Professor about people, at the National University of Singapore/Risk Management Institutek conduct, processes and culture.
As today’s global risk landscape automation have consequences continues to change, the role of beyond the world of technology: the risk manager needs to evolve business models, industries, in tandem. Given the interplay of markets, regulatory and governance a multitude of rapid developments regimes have been thrown into flux. globally, specifically in Asia, the context of risk management New dimensions such as cyber and risk preparedness has changed risk have entered the fray. It is in recent years. increasingly difficult to differentiate between structural change and cyclical change. What were STRUCTURAL earlier considered structural DISRUPTION and institutional constants— the concept of a non-negative We are living through a period of risk-free rate for example—have multidimensional disruption, often turned into variables. As such, referred to as the “fourth industrial it is harder to differentiate risk revolution.” Developments from uncertainty. Are we wasting in extreme connectivity and extreme time trying to estimate “standard deviation” when the underlying
54 mmc.com distribution may be far from normal risk‑mitigating action—resulting in a saw the impeachment of the then and bear no resemblance to its own potentially wide divergence between president, fresh elections and the historical series? perceived risk and actual risk. appointment of a new president. Meanwhile, North Korea remains In recent years cyberattacks have We see this in the buildup of in the headlines with increasingly plagued both organizations and loss‑absorbing bank capital on the one belligerent missile tests. individuals. They have breached hand and a system-wide reduction nations and governments—often in trading liquidity on the other. We Separately, in January, the U.S. temporarily crippling them. The see increased use of unconventional withdrew from the Trans-Pacific Bangladesh Central Bank was robbed prudential policy at a macro level Partnership (TPP), a trade pact when hackers used the SWIFT and more granular microprudential that many Asian countries had credentials to send fraudulent money regulation of investment banks at a pinned their economic hopes on, transfer requests to the Federal “book level”—not always in a mutually leaving the trade agreement in Reserve Bank of New York. Similarly, consistent manner. limbo. Ramifications such as these there was a hacking attempt on put businesses, governments and Singapore’s Ministry of Defence For example, the imposition and individuals at risk. While events in early 2017. More recently in withdrawal of a cap on the Swiss such as these do create massive trade May and June 2017, the Wannacry Franc (which had the effect of problems, they also cause geopolitical and Petya ransomware attacks dampening local risk and heightening imbalances that leave the entire disrupted individuals, organizations, tail risk) had a direct bearing on region in a state of uncertainty. government services, and even subsequent value-at-risk calculations hospitals. Countries such as China, and trading risk capital. The “taper Japan, Australia, India and South tantrum” of May 2013 and the THE PEOPLE FACTOR Korea were all affected. Chinese stock market volatility of August 2015 were arguably policy- There is now a clear realization Asia provides an almost perfect induced sources of macro risk with that risk management is much environment for cybercriminals consequences for micro risk. more than tools and metrics: it is to thrive in. This is made possible about people, conduct, processes due to high digital connectivity, and culture. While modeling and massive digital penetration COORDINATION FAILURE continuous refinement of risk models accompanied with low cybersecurity will remain key to decision-making, awareness, and growing cross‑border We are also witnessing a slowdown, it is important to underline that data transfers. As an example, if not a reversal, of the kind of global models will not replace the role of government officials in some coordination that was a key risk- decision-takers. Judgment calls Asian countries still continue diminishing factor in the immediate need to be made and trade-offs need to use personal email accounts aftermath of the global financial to be assessed. To that extent, risk for official communication. crisis. Global financial standards are resilience is enhanced through the being rolled out in fits and starts, deliberate design of decision-making Though many countries in Asia the pace of implementation is processes. are now developing and introducing uneven, national regulators rightly cyber regulations, the framework impose entity-level constraints, and How do risk committees is still weak and much more needs administrative macroprudential function within banks? How to be done. In this context, Asian measures (including capital controls much constructive challenge is businesses and governments need if required) are now an acceptable entertained? How do they ensure to have a strong cybersecurity policy part of central banks’ repertoires. that a diversity of perspectives is in place to minimize damages. This, together with geopolitical considered? flashpoints and a weaker backdrop for international conflict resolution, From an Asian context, the cultural SELF-INFLATING RISK adds considerably to the base level of values imbibed in the region may be risk in the system. such that, across the board, hierarchy We are also living through a period is rigidly followed and not enough of rapid feedback loops in which In the Asia-Pacific region, the constructive challenge is posed in risk factors combine and aggregate territorial dispute in the crowded the decision-making process. This in intricate ways. In several arenas, shipping lanes of the South China Sea could make those processes brittle risk has become endogenous— remains a potentially combustible and less nimble. Asia needs to be that is, dependent on seemingly source of risk. In South Korea, we appropriately prepared.
BRINK Compendium 55 ECONOMY CAN EMERGING MARKET MULTINATIONALS BECOME GLOBAL LEADERS?
Lourdes Casanova Senior Lecturer and Academic Director of Emerging Markets Institute, Johnson School of Business, Cornell University Anne Miroux Visiting Fellow at Emerging Markets Institute, Johnson School of Business, Cornell University
Emerging economies have gained For instance, today, about 30 strength in wealth and influence percent of the firms in the Fortune CHINESE MNCS EMERGE over the past two decades, bringing Global 500 list (based on revenues) AS LEADERS about radical changes in the global are enterprises from emerging economic landscape. The rise of markets (less than 10 percent 10 Beyond the fact that emerging their multinationals, the so-called years ago). China leads the trend: market multinationals significantly emerging market multinationals With 98 companies, it ranked increased their presence among (eMNCs), is an illustration of second in 2015 in terms of number the largest corporations in the this phenomenon. of Fortune 500 firms—not far from world, perhaps as remarkable the U.S. (128), but much more is the fact that several have made The overseas expansion of eMNCs than the number 3, Japan (54). it to the very top, becoming world has indeed been remarkable: For However, a wide array of emerging leaders in their own sector. Let’s instance, about 20 percent of global economies is represented in the take eight key industries: banking, outward investment flows today list: 14 of the E20 grouping are logistics, automobile, telecom, are accounted for by a group of 20 mentioned, although sometimes engineering and construction, top emerging economies, the E20*; with only one entry in the list. petroleum refining, mining, crude which had a share of 2 percent at the The new players come mainly oil production and mining. In turn of the century. Not only have from China, Korea, India, Brazil, 2004, based on the Fortune Global emerging market multinationals Russia, Mexico and Indonesia. 500 ranking, there was no emerging significantly increased their market multinational among the investment abroad, but they have top five world leaders in these also made significant inroads industries while, in 2015, 40 percent in the global corporate world. of such leaders came from emerging economies, largely dominated by China.
56 mmc.com The shift has been particularly The competition from these new About 30 percent marked in banking (where all but leaders has become more acute one of the five leaders are Chinese), both in developed and emerging of the firms engineering and construction (where markets. Will the trend continue? all top five are Chinese), and mining Is the balance tilting in favor of these in the Fortune and crude oil production, as well as newcomers? Some observers would metals. In less traditional industries, argue that it is, given the increasing Global 500 list such as IT consulting for instance, weight and influence of emerging three Indian corporations are among markets in the world economy are companies the world’s largest (TCS, Infosys and the importance of consumer and Wipro). In e-commerce, or demand in those markets. It is an from emerging platform industries, a similar trend open question, even more today than is developing; witness Alibaba, and before, and this is for several reasons: markets. Wechat (Tencent), for instance. 1. Because growth has slowed worldwide, including in many PROFIT LAGS REVENUE of the emerging market multinationals’ home markets. While they have made remarkable This is not really to the inroads as global corporations, advantage of those firms that emerging market multinationals have surfed on this growth still have a significant gap to close wave, many of them focusing on compared to the more established the search for revenues rather western multinationals regarding than profit. profits. Indeed, the average profit margins of emerging 2. Because the established market multinationals lag behind players—the large corporations those of their U.S. and Japanese from developed economies— counterparts. This difference can should not be underestimated in be quite important: About 27 percent their capacity to react to this new of the Fortune Global 500 firms competition, building on their from emerging countries in the long experience of operating E20 group achieve a profit margin in very competitive markets, above 5 percent versus an average and their capacity to overcome of 39 percent for the totality of serious challenges and learn. Fortune Global 500. This suggests that, in their present expansion phase, 3. Because the past few months emerging market multinationals have have brought about a significant a stronger focus on revenues and degree of uncertainty, as market growth than on profit margins. protectionist measures are being seriously considered in a The overseas expansion of emerging number of key economies. On market multinationals has disrupted the other hand, the past 10 years the global competition landscape. have shown that many of the These firms have been deploying newcomers are fast learners, able themselves not only in their to expand globally and reach the natural markets—mostly other top at an impressive speed. emerging economies—but also more recently, and quite effectively, (Argentina, Brazil, Chile, in developed markets, conquering China, Colombia, Egypt, India, industry leadership positions (as Indonesia, Iran, Korea, Malaysia, illustrated above) in the process. Mexico, Nigeria, Philippines, Poland, Russia, Saudi Arabia, South Africa, Thailand, Turkey.)
BRINK Compendium 57 ABOUT THE GLOBAL RISK CENTER Marsh & McLennan Companies’ Global Risk Center addresses the most critical challenges facing enterprise and societies around the world. The center draws on the resources of Marsh, Guy Carpenter, Mercer, and Oliver Wyman – and independent research partners worldwide – to provide the best consolidated thinking on these transcendent threats. We bring together leaders from industry, government, non-governmental organizations, and the academic sphere to explore new approaches to problems that require shared solutions across businesses and borders. Our Asia Pacific Risk Center in Singapore studies issues endemic to the region and applies an Asian lens to global risks. Our digital news services, BRINK and BRINK Asia, aggregate timely perspectives on risk and resilience by and for thought leaders worldwide.
Copyright © 2017 Marsh & McLennan Companies, Inc. All rights reserved. This report may not be sold, reproduced or redistributed, in whole or in part, without the prior written permission of Marsh & McLennan Companies, Inc. This report and any recommendations, analysis or advice provided herein (i) are based on our experience as insurance and reinsurance brokers or as consultants, as applicable, (ii) are not intended to be taken as advice or recommendations regarding any individual situation, (iii) should not be relied upon as investment, tax, accounting, actuarial, regulatory or legal advice regarding any individual situation or as a substitute for consultation with professional consultants or accountants or with professional tax, legal, actuarial or financial advisors, and (iv) do not provide an opinion regarding the fairness of any transaction to any party. The opinions expressed herein are valid only for the purpose stated herein and as of the date hereof. We are not responsible for the consequences of any unauthorized use of this report. Its content may not be modified or incorporated into or used in other material, or sold or otherwise provided, in whole or in part, to any other person or entity, without our written permission. No obligation is assumed to revise this report to reflect changes, events or conditions, which occur subsequent to the date hereof. Information furnished by others, as well as public information and industry and statistical data, upon which all or portions of this report may be based, are believed to be reliable but have not been verified. Any modeling, analytics or projections are subject to inherent uncertainty, and any opinions, recommendations, analysis or advice provided herein could be materially affected if any underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. We have used what we believe are reliable, up-to-date and comprehensive information and analysis, but all information is provided without warranty of any kind, express or implied, and we disclaim any responsibility for such information or analysis or to update the information or analysis in this report. We accept no liability for any loss arising from any action taken or refrained from, or any decision made, as a result of or reliance upon anything contained in this report or any reports or sources of information referred to herein, or for actual results or future events or any damages of any kind, including without limitation direct, indirect, consequential, exemplary, special or other damages, even if advised of the possibility of such damages. This report is not an offer to buy or sell securities or a solicitation of an offer to buy or sell securities. No responsibility is taken for changes in market conditions or laws or regulations which occur subsequent to the date hereof.