Asia Pacific Corporates Unprepared When Facing Risk Management and Compliance Concerns
(20 November 2017 – Hong Kong) While cybersecurity is at the forefront of risk and compliance concerns for corporates in Asia Pacific, current risk management strategies are found to be ineffective, new research from SWIFT and East & Partners Asia has found.
The newly released report, titled: Asia Pacific Corporate Risk and Compliance Index, interviewed 915 of Asia Pacific’s Top 1,000 revenue ranked enterprises across 10 major economies. It found that only 15% of corporates can claim with certainty that they have not experienced a cybersecurity breach in the past 12 months. While around 42% responded in the affirmative, more than 40% of corporates in Asia Pacific were “unsure” or unwilling to provide a direct answer.
The report found that more than one third (34.7%) of corporates said monetary loss posed as the biggest impact for corporates who experienced a cybersecurity threat. Other outcomes resulting from a breach include loss of client data (17.6%), cyber extortion (9.6%) and identity theft (7%).
Malware was found to be the leading cause of cyber-attacks, with nearly 50% of all corporates nominating it as how the breach occurred. Spyware (48.4%), phishing (39%) and ransomware also ranked highly among causes of breaches.
Despite the high instances of cyber-security breaches and low awareness of associated risks, Asia Pacific corporates lack risk and compliance personnel, especially at the management level. The report found that Chief Risk Officers (CROs) were not at all prevalent in the region, highlighted by 58% of corporates saying they do not have one in place.
Australian corporates stand out in the market, with 42.4% reporting they have a dedicated CRO. In contrast, the relatively mature market of Hong Kong is more aligned with Asian peers, with just 22.5% employing a CRO. Additionally, the presence of a senior risk officer increased corporates’ average total risk and compliance FTE headcount (23) by nearly four times as those without.
Regionally, corporates rated their current risk management strategies as relatively poor. On a scale of 1 (totally achieved) to 5 (not achieved), Asia Pacific corporates rated themselves as below average (2.94). Although Australian corporates bettered the regional average at 2.89, those in developing markets such as Indonesia report some of the lowest levels of risk management effectiveness (4.02).
Alarmingly, for Asia Pacific corporates, over half reported not having standardised internal procedures in the management of newly identified risks, with no plans to implement one. This figure jumped to between 80-90% for corporates in Taiwan and Indonesia, indicating severe gaps in risk and compliance governance.
The issues in effectiveness of risk and compliance governance are also being exacerbated by corporates’ lack of willingness to take responsibility internally. Across the region, nearly half of all firms (46.1%) reported banks should be primarily responsible for compliance. That jumps to nearly two-thirds (64.8%) among Taiwan based corporates.
According to the corporates interviewed, the primary motivation for observing compliance regulation was to avoid fines and penalties (78.9%), followed by protecting the firm’s reputation (71.6%) and improving data and information security (69.9%). The results demonstrated significant variance by market however, illustrated by Australia (70.7%) and Hong Kong (79.6%) nominating reputational risk most prominently, while Indonesia based corporates ranked it fourth, giving higher importance to quality of information and data security.
While just six percent of Asia Pacific corporates have sourced risk management advice from banks, compared to between 25% to 35% giving preference to legal advisors, technology vendors or specialist consultants.
“Although risk and compliance concerns will be an on-going challenge for CFOs and treasurers, corporates across Asia Pacific are currently under-equipped to effectively manage it,” Stella Lim, Head of Corporates, APAC, SWIFT said.
“This stems from a lack of understanding and awareness, as well as the low levels of importance placed on the issues by senior management.”
“To mitigate external threats and reduce their impact on operations, corporates need to show more urgency in increasing their responsibility and levels of control for compliance and risk management measures, reducing dependency on banks and financial institutions,” Lim said.
For more information about the report, please contact:
Head of Media
About the research
Reporting is based on direct interviews with 915 corporates surveyed evenly across the 10 major economies in the Asia Pacific region, comprising Australia, China, Hong Kong, India, Indonesia, Japan, the Philippines, Singapore, South Korea and Taiwan. The target population was segmented against the Top 100 revenue ranked corporates in each country.
About East & Partners Asia
East & Partners Asia is a leading specialist market research and consulting firm in the business, corporate and investment banking markets of Asia Pacific, works across 10 countries in the region delivering both multi-client and proprietary market analysis services to two sectors - Financial Services and Travel Hospitality.