Igor Buszta on learning risk management from the financial world

28 January 2020 Consultancy.eu

Business transformations can make or break an organisation’s future viability – but can also open up firms to huge unforeseen risks if they are not managed properly. If firms do not treat risk as a holistic issue, a siloed approach can lead to little details amounting to a giant problem in the future – making the work of consultancies like RGP vital, says RGP’s Igor Buszta.

Major organisational change is a tricky business for any company; its rewards are well documented, but it is far from risk-free. This is especially the case in the financial services sector – where lapses in concentration on any front could end up costing players huge amounts of resources in the short-term, while the long-term reputational damage may cost them even more in the future.

Consulting firm RGP was founded in 1996 to help executives with consulting and resourcing needs on financial and operational topics. With more than 4,000 professionals in over 70 practice offices, the firm has served 86 of the Fortune 100, and now engages with more than 2,400 clients around the world. The group partners with these clients to deliver organisational change which equips them for the a rapidly changing future of work – including in the quickly evolving terrain of risk and compliance.

Igor Buszta joined RGP in late 2017, following 18 years with professional services giant PwC. Having held the position of Senior Manager at the Big Four firm since 2009, Buszta decided the time was right to broaden his horizons with a new challenge. Frustrated by the one-size-fits-all model of consulting deployed by the biggest firms of the sector, he soon found what he was looking for at RGP.

Igor Buszta, Head of Risk & Compliance in Europe, RGP

Buszta took on the role of Head of the RGP’s Risk and Compliance practice in Europe, at a time when he noted “a lot of changes” were happening, both in the firm and in the wider financial world. Fortunately, his earlier career prepared him thoroughly for this. Following the financial crisis in 2008, risk management evolved rapidly as banks and other financial institutions looked to avoid another economic crash.

Working as an auditor in this era, Buszta saw how the financial services sector came to “lead the world” in risk management. Now, many organisations are looking to benefit from the best practices of financial services, but need support to do so.

One of practices of the financial world that is steadily being adopted elsewhere is the ‘three lines of defence’ model. Buszta explained RGP is helping a number of clients to deploy this model, which sees management control as the first line of defence in risk management, followed by various risk control and compliance over-sight functions established by management, and finally backed up by independent assurance. He admitted that this is “something which is quite well-known” within the financial services sector, but in broader industries it can be a major game-changer “to set up governance structures in a proper way.”

That is not to say that RGP has nothing to teach the financial sector in terms of risk management, though. Often, financial groups can be so absorbed in combating individual points that they fail to plan for the bigger picture. In such a hugely lucrative industry, this can quickly see the finer details add up to create a big headache for leading banks. Buszta pointed to the recent cases of Dutch bank ABN AMRO and ING to illustrate this, which both failed to comply with anti-money laundering and financial crime regulation.

He expanded, “If you don’t step back from fire-fighting to solve a problem’s root-cause, it can lead to a massive problem. Look at ABN, all their 5 million client files must now be reviewed; it’s going to take a major effort! As well as doing that, however, they need to look at how it came this far. It means something embedded in the system of risk management is misaligned, between requirements and practice. Fixing that gap in similar situations is where we play and important role.”

Managing the little things

One way firms can more effectively manage the ‘finer details’, including the repetitive strain of admin, is through cutting-edge technological solutions. Digitalisation has a huge potential to help firms better manage their risk – and at present this is providing RGP with another boost in demand, as firms wary of the challenges presented by implementing new technology and IT systems turn to the consulting industry for support.

Buszta argued; “New technologies provide the risk manager or auditor with new possibilities. Continuous monitoring from an audit perspective is something that technology can absolutely do – so in my point of view, risk managers and auditors must think more about what technology can do for them – as well as their usual focus on how technology will impact their way of working… There are examples we have seen where risk management has been improved by deploying artificial intelligence, predictive analytics or robotics process automation.”

“We can serve clients across the integrated risk management spectrum, from building plans through to implementation.”

The problem is that many companies are still engaging with the trend toward digitalisation out of a fear of missing out, or from the perspective of individual departments, rather than as a whole business with a clear plan. Previous research has found that as many as 80% of companies are falling behind on digitalisation because they are only ‘responding’ to digital developments – and this reactive approach to technology could nullify its potential benefits.

“It depends how big the change budgets at companies are, but broadly everyone wants to do something with technology. Most do not do it holistically. People look at robotics for example, from a view of what it can do for them as business unit owners, rather than what it can do for the whole business,” Buszta warned.

Indeed, he asserted that without holistic approaches which consultants can help clients develop, even the massive potential of technology can fail to improve an organisation’s risk management. He stated that rather than a reluctance to change, then, many clients need to overcome their habit of acting as siloes – something else the overview of a consultant can assist with.

Summarising how RGP can help clients in this regard, Buszta concluded; “It depends on the level of maturity on integrated risk management within the client – but we can serve them on the whole spectrum. We can supply deep content to help build risk strategies, while we can directly intervene to help risk managers understand how to implement plans. We have both deep-skilled programme managers and content experts – combining them leaves us in a strong position to help our clients implement integrated risk management.”