Regulation, environment, cyber and reputation: a risk manager’s perspective on France’s top risks

Anti-bribery, corruption and ethical issues are the top compliance challenges for France, according to Francois Malan, chief risk officer at Nexity.

Speaking to StrategicRISK, Malan says: “In the EU, we have anti-corruption and bribery regulations, as well as other ethics regulations. Risk managers must develop risk mapping to help assess the risks and comply with regulations.

“It’s not new, but today it’s compulsory to have a special risk assessment and mitigation programme and you have to be able to prove it.”

Environmental risks

On environmental risks, he says: “The [World Economic Forum’s] global risk report highlights environmental issues; climate change; and the rules we have to follow to reduce our carbon footprint. For me, this is the top risk.

“You have to adapt your products and keep an eye on your supply chain. You can’t manage this very easily because the risk is so difficult to assess.”

Cyber risks

Similarly, he believes that cyber risk should be near the top of most risk managers’ priority list. He points to the increase in remote working, the prevalence of cyber connectedness, and the trend towards self-driving cars, as new innovations that make risks harder to manage.

Interconnectedness is particularly complex because it’s hard to establish how deep your cyber risks are. “It’s a big issue because you have to describe all the links you have with counterpart clients and suppliers. It’s difficult to know what the links are and what data you share. And then you have to audit and assess risk in your supplier factory too, and you have to know how they are protected.”

Brand damage

The risk underpinning regulation, environment and cyber is reputation damage. The ramifications are huge if this is ill-managed. “It’s a big issue, especially companies with clients and customers worldwide, because when a risk arises it’s difficult afterwards to mitigate it.

“We have to show clients, customers and shareholders that we’re doing our best and demonstrate clearly our mitigation.”

The combination of a complex risk landscape and new emerging issues means risk managers must make sure they educate themselves, collaborate with other stakeholders and learn about everything from blockchain to cloud computing. Often, this requires training and a shift in mindset.

Malan explains: “You need to work with other specialists, such as the IT security team, the safety team and the legal team. Risk management can’t work on its own, it’s more a project team solution than a risk manager one. You can lead and help people, but you need to work as a team.”

He says that risk managers need to develop their financial knowledge and expertise. “Risk managers help the company to reach its objectives, so first you have to understand and know them. To do this you have to be closer to management and improve your financial knowledge. Lots of risk managers are lawyers and engineers so they need to develop financial skills.”

Malan also believes that risk managers need be included in business planning and strategy at board level. This is becoming more commonplace. In the past, risk managers would only be involved in evaluating the risks of new business operations and strategies after decisions have been taken. But now, it is not unusual for some organisations to involve risk managers in board meetings as a matter of course.

“Risk managers have to be trusted. They need to talk in public, present risk in board meetings. Soft skills are important.”