BCG-Global ESG, Compliance, and Risk Report 2024: New Ways to Combat Rising Complexity and Costs
BCG | Julia Gebhardt, Katharina Hefter, Eva Kalteier, Malgosia Zegar, Matteo Coppola, Bernhard Gehra, Thomas Pfuhler, Jeanne Kwong Bickford, Abhinav Bansal, and Pierre Roussel
The December, 2024 edition of the Hub is highlighting a survey report from BCG (2024) which explores the answers to the question related to evolving risk environment, internal & external requirements for increasing resilience and managing complexity & associated costs, highlighting practical measures that companies can take to achieve these goals.
Key Challenges Identified
The report highlights escalating complexity in risk and compliance frameworks due to evolving non-financial risks (ESG, geopolitics, cybersecurity, and AI), compounded by growing external regulatory demands and internal requirements. Companies often tackle risks in a fragmented manner, leading to policy proliferation, higher costs, and reduced efficiency.
Survey Insights
A survey of 200 executives revealed:
- Risk Prioritization Shifts: ESG concerns, particularly emissions reporting (EU Corporate Sustainability Due Diligence Directive, Corporate Sustainability Reporting Directive, the German Supply Chain Due Diligence Act, SEC’s Enhancement and Standardization of Climate-Related Disclosures for Investors rule, as well as California’s stringent disclosure requirements), have become top risks, overtaking cybersecurity.
- Adverse Media Coverage: It reflects the growing importance and fragility of reputational risk in recent years. Many companies have not implemented a holistic framework to manage, monitor, and react to reputational risks, leaving themselves vulnerable in the fast-moving social media landscape.
- Responsible AI and Data Protection: As AI continues to evolve; companies must stay agile, continuously adapting their compliance frameworks to meet new legal and ethical standards.
- Complexity Drivers: Internal (increased attention from management and the board, heightened requirements from internal audits, and the emergence of new risk types such as AI and ESG) and external requirements (such as additional regulatory demands and pressures from auditors) are almost equally responsible for driving risk and compliance complexity.
- Underutilization of GenAI: Despite its potential, companies largely limit GenAI to simple tasks like risk assessment and training.
Recommended Actions for Companies
BCG suggests a fourfold strategy to streamline processes, cut costs, and enhance risk management:
- Adjust Governance and Risk Management Approaches: Conduct a thorough risk assessment to prioritize risks in order of severity. More resources to higher-priority risks while simplifying management of lower-priority ones.
- Simplify Risk Management: Align risk management with audit activities to prevent overlap and ensure a strong defence model against non-financial risks.
- Enhance Risk and Compliance Frameworks: Use advanced analytics and AI for real-time risk monitoring and compliance adaptation.
- Leverage GenAI for Risk Mitigation and Effective Risk and Compliance Management: GenAI is a potentially powerful tool for managing rising risks and adapting to a changing environment. GenAI remains massively underutilized as a tool for risk management, and most companies do not recognize the potential of using AI and data analytics to boost efficiency and reduce costs. To successfully scale AI solutions, organizations must integrate a comprehensive responsible AI framework that will help them identify, measure, mitigate, and steer the associated risks.
Success Stories
Leading companies achieved:
- 20-50% reduction in regulatory documents.
- 30% efficiency gains through streamlined governance.
- Enhanced focus on critical risks via centralized risk assurance.
Conclusion: The Imperatives for Combating Complexity
Four imperatives are critical for companies to combat complexity and reduce costs while positioning themselves to manage emerging and evolving risks more effectively:
- Adjust approaches to risk management on the basis of risk priorities.
- Simplify risk management holistically.
- Enhance risk and compliance frameworks to adapt faster.
- Harness GenAI for advanced risk mitigation and compliance tasks.
(Note: IICA duly acknowledge the authorship / ownership of BCG and its associates / partners in respect of this document and republishing the same only for educational purpose of ID Databank members)
