At 21st century, as digital supply chains expand across the globe, the weakest link, the riskiest link, is the one that flies under the radar.
John Gerberexecutive vice president of cybersecurity and security products at Mastercard, and Jennifer BisceglieCEO of Interos, told Karen Webster that the “mole swipe” approach to risk control no longer applies.
And risk control, they said, is not just about fighting cybercriminals, fighting hacks and ransomware. Risk comes in many forms and can be linked to a number of external and internal factors that a business faces.
These factors can involve environmental, social and governance (ESG) developments, regulations and, as the war in Europe has shown, geopolitical developments as well.
As it is now, “hazard control is everyone’s job – and no one’s job.”
Departments within companies have different goals and visibility into what is going on. The perspective of the CFO may be different from that of the procurement officer.
Sellers may not know much about suppliers, and companies operating across borders may not know as much as they would like about what is happening on the ground in a distant market.
(In one example, Bisceglie said many companies with long supply chains may not know they’re ultimately doing business with Russia and may be breaching sanctions.)
Weak links therefore form through relationships that have other relationships that somehow become material when exogenous shocks occur – and the shockwaves shake unsuspecting businesses in their wake.
The fragmented approach
Currently, there is no easy way to control the risks lurking there. Beyond cybersecurity — which has dozens of executives around the world, as Gerber noted — there are no uniform approaches to collecting the data needed to quantify risk, let alone provide insights. actionable information to leaders.
Leaders themselves know that there is a disconnect between what needs to be done and what is done. At least two-thirds of companies know they should track and manage risk more adroitly, but only 11% monitor third-party risk on an ongoing basis.
Risk control itself has also changed, Bisceglie said. It’s not just about the transaction anymore. it is not disaster recovery. Now more than ever, it’s part of the cost of doing good business.
Automation is key, as is cross-departmental collaboration, to deal with the complexities of 21st century supply chains that span digital and physical channels.
Says Gerber: “The reliance on multiple layers of vendors in the digital ecosystem has exploded.” And during the great digital shift, he said, businesses haven’t had the time (nor the technology) to master the interdependencies fostered by an interconnected world.
In a hypothesis proposed by Bisceglie, a supplier of a large company, hacked by hackers and whose operations are compromised, may not be able to supply products to a large customer. Consequently, the supplier is unable to maintain the payroll and hits the rocky shores of financial instability. In the larger context, a cyber breach could potentially affect gas and transportation infrastructure, meaning logistics are hampered…and goods can’t reach store shelves.
To that end, the companies said in a statement earlier this month that they would work together to extend the payment network’s security strategy by adding Interos’ multi-level risk monitoring capabilities for financial institutions. The Systemic Risk Assessment is a fully automated platform, using artificial intelligence (AI) and examining the mapping, tracking and modeling of business relationships that are an integral part of every business ecosystem.
Read also: Mastercard partners with Interos to detect and eliminate risk for financial institutions
Fortunately, risk can be measured, digested, and used to create action plans. And the critical push comes with data collection – and a unified approach.
As Bisceglie said, “When you think of going from 0 to 60 [with these supply chains] the only way to do this is to realize that we need to embrace technology and treat risk as an interconnected Big Data problem in order to gain the transparency and trust we need.
Supply chain overview
These technologies can provide insight into whether companies are dealing with “good” suppliers and whether their supply chains are truly resilient – and possibly, with a bit of education in the mix, develop a multi-vector approach to analysis.
It is no longer enough to look at direct B2B relationships. Gerber noted that regulatory scrutiny extends to all business relationships, beyond merchants, acquirers and banks… all the way to the fifth and sixth “levels” of business relationships.
“The weak link is this transparency in sub-level relationships,” said Bisceglie, whose company has invested in artificial intelligence to map around 350 million global business entities, through public data, documents government, news alerts and other sources.
Big data and advanced technologies, Bisceglie said, enable continuous monitoring and “low impact” visual cues that present information quickly and intuitively enough to help leaders understand where to deploy risk control resources quickly. Thousands of data points, which flow through the analytics platform, can be boiled down to the 10 or 20 key pieces of information (represented as risk scores) needed to help companies achieve their business goals.
Along the way, the platform approach brings together different stakeholders in an organization.
And on the other side industries too.
As Gerber told Webster, the ultimate intention of Mastercard and Interos is to help set standards through a framework approach. In this event, and through the platform, companies examine their interconnected relationships in exactly the same way.
In terms of positive ripple effects, Gerber said, companies can use data to improve their own supplier agreements, establishing incentives and key performance indicators (KPIs) that are more effective than simply tracking. security level agreements that can run into dozens of pages.
“It allows us to benchmark, track and improve risk control,” he said. The framework approach provides an elegant, simple, repeatable, and scalable way to communicate between businesses and peers, getting everyone on the same page about what needs to be done, where, and why.
As Bisceglie told Webster: “The companies that will win are those that leverage the technology available today to solve that weakest link – with the benefits of trust and transparency in their extended relationships. “