(*Risky Business is a 1983 romantic comedy that launched Tom Cruise to stardom. It dramatized the value of taking risks to gain profits while at the same time, having fun doing so. It had a happy ending, an objective pursued by all businesses.)
Metro Manila residents recently participated in a metrowide earthquake drill. This was the second time such a drill was conducted. The drill aimed to increase awareness of the risks and prepare everyone for any possibility of a 7.2 magnitude earthquake hitting the metro. Scientists predict a major movement of the West Valley fault could occur within our lifetime, which could trigger such a devastating earthquake.
A 2013 study conducted by Swiss Re, a reinsurance company, considers Metro Manila as the second riskiest city in the world next to Tokyo because of flooding and also because of its vulnerability to earthquakes. This vulnerability has, unfortunately, been experienced several times. Three hundred sixty-nine years ago, the city of Manila was hit by one of the strongest recorded earthquakes that ever hit Luzon.
Although no one can predict exactly when the next big one will hit, we need to test our response capability and readiness. We also need to test our coordinating capabilities, our communications and the placement of triage equipment in preparation for an occurrence of that catastrophe. Note that scientists are predicting a 400-year cycle, so, it is not a matter of if it happens, but simply when.
This particular example of an “external risk” cannot typically be reduced or avoided unless we decide to move out of Manila. We simply focus on identifying the risk, try our best to determine the potential impact, which could range from simple disruption to our businesses, all the way to a total catastrophe, and figure out the best way to mitigate the effects when they occur.
Some external risk events are sufficiently imminent and we have to address them. For example, after the 1997 financial crisis, we anticipated that the economic slowdown would affect our electronic exports of consumer products. We determined that this market would contract, so there was a thrust to develop industrial products that were more resilient during recessions. Despite this, we still failed to anticipate the loss of a major consumer-based customer, Yamaha, which produced musical modules for instruments. This hurt us, but it could have been worse if we did not develop the other lines.
Most external risk events require a different approach, because their probability is very low and yet the effect could be quite dramatic. It is also very difficult for executives to imagine the effect during comfortable times.
Most of these external risks are natural disasters, which could have immediate and drastic effects. We experienced these in typhoons Yolanda in 2013 and typhoon Pablo in 2012, which were the worst typhoons to affect us in all three categories: casualties, damage and number of people affected.
Other external risks could be triggered by geopolitical and environmental changes with long-term impacts. These include political shifts such as the policy changes that occur when there is a change in administration. The effects could be subtle under peaceful electoral processes, but these could be drastic and complex when changes are brought about by a revolution similar to the 1986 revolution in the country, which started out as a coup attempt. Recall that there were succeeding coup attempts that paralyzed the city simply because the first try failed despite the successful people-power revolution.
We should also watch out for competitive risks that could give rise to the emergence of disruptive technologies like the internet. An example of this is the growing e-commerce sales even for major purchases such as automobiles. Some of our customers, currently estimated at about 5 percent, no longer shop in our dealerships but simply search for the best deals over the internet. They lock in on their aspirational dream cars and negotiate with our sales team through emails and over the phone. The only time they visit is to pay for the purchase and take delivery, but even these processes can be substituted by e- banking. The traffic conditions, which are paradoxically also caused by the growing volumes of cars sold, are causing this shift to internet sales. We definitely have to consider the ease that the internet brings to society and the changes that are yet to come.
This ability to weather the proverbial typhoons depends on how seriously executives take risk management when the sun is shining. We also have to remember that these risks are the very foundation that drives our business profits.
There are other risks that are completely controllable and avoidable. These are the other two categories: preventable risks and strategy risks.
Preventable risks are mostly internal risks that arise within the organization These should be eliminated through active monitoring and stringent operational processes. We also need to guide behavior through guidelines clarifying the company’s goals and values. As important, would be the example that senior executives have to make in walking the talk. Some recent examples of what could happen if processes are not in place were the rogue trades that occurred in some of the major foreign banks. Some of them led to the complete collapse of the banks while others had to pay stringent fines and penalties. The effects of a recent dollar scam involving a local bank led to a re-organization of the bank and the stricter implementation of dollar remittances.
While it is important that we place strict rules and policies to avoid unauthorized, illegal and unethical actions; we need to find the right balance so as not to stifle operations, which could be very costly. Undoubtedly, there is very little strategic value that could be derived by taking on preventable risks and most of these would reduce the company’s value.
The third category of risks is strategic risks. These are risks that we accept as a company in order to generate superior returns from the strategy. These are quite different from preventable risks because they are not inherently bad. A strategy with high expected returns generally requires that the company take on significant risks.
Our infrastructure business accepts regulatory risks as a given in order to grow our investment portfolio. We believe that our nation is sorely lacking in infrastructure, which we need for economic development. We also believe that this will be a sustainable business for years to come. Since throwing our hat in the ring, we have faced difficulties in securing right of way, permits and various changes in policy directions. Despite this, we have been steadfast in developing this business as it has been value-accretive.
We tend to overestimate our ability to influence events and become overconfident about the accuracy of our forecasts, especially if they are backed by complex financial models. We also compound these by favoring assumptions that reinforce our models and ignore others that depart from our expectations. We also tend to accept group thinking or herd mentality especially if we are led by an overconfident leader who would not accept delays or challenges.
It is important to realize that risk mitigation is not natural for most of us so we need to ensure that we have management processes that counteract those biases. We need to institute strong internal control systems and a segregation of duties to reduce misbehavior and temptation. A capable and independent audit and risk board should continually check compliance with internal controls and SOPs to detect violations. These independent boards should also encourage internal debates and healthy discussions about project risks.
Risks would always be inherent in our business. It is how we treat and manage them that would determine whether we stay in business.
Ronald Goseco is currently EVP for the Financial Executives Institute of the Philippines (FINEX) and COO for IDI-Volkswagen, an Ayala company.