Gustavo Benedetti, Chief executive Darep Ltd at Groupo Santander

In my opinion regulatory change is not a risk: it is a challenge that needs to be managed to be compliant; if it becomes a risk it is because companies are doing something wrong.

Cyber is the most concerning risk, although it is not a new risk. However, it has become such a sophisticated crime that it is dangerous and challenging for industries such as ours because, to be competitive, we depend heavily on information and technology.

Much like anything humanity does, we constantly invent faster, better things. However, eventually, it becomes clear that the new faster and better thing comes with a new set of challenges, which by virtue of not having existed before, could not have been predicted properly. This process happens over and over again. Someone will always find a solution but, in the meantime, insurance will usually try to cover the gap.

Every institution needs a general framework of action for risk management, but risk managers need to be aware of the local, national and regional laws.

There should be common principles and a common risk appetite across the organisation, but risk management teams need to be adapted to the local risk landscape, where there are often differences in regulations.

 

This article was first published in StrategicRISK’s Financial Institutions Report, published in association with Zurich. To download a copy of the full report, click here