IN BRIEF:
• Organizations must shift from reactive risk management to proactive, forward-looking strategies.
• Embedding compliance and integrity into core business decisions drives resilience and long-term value.
• Strengthening cybersecurity, third-party governance, and speak-up culture enhances risk visibility and mitigation.
In today’s non-linear, accelerated, volatile and interconnected business landscape, risk is no longer just a threat — it can also serve as a driver for growth. Leading organizations are capable of actively identifying risk through in-depth risk assessment frameworks, implementing effective countermeasures, and making risks more manageable when they occur.
However, this is only one side of the coin. There are also unseen risks that organizations are unable to anticipate and prepare for, such as the recent US-Iran conflict, which resulted in disruptions of global supply chains, economic instability, and oil shortages.
Another example of an unexpected risk is the COVID-19 pandemic, which reshaped working conditions and forced organizations to rapidly adapt.
These risks were discussed in the recent SGV thought leadership forum, “Transforming Risk into Strategic Advantage,” held on May 6, where industry leaders discussed how businesses can convert emerging risks into drivers of long-term value.
THE MODERN PHILIPPINE RISK LANDSCAPE
In June 2025, Ernst & Young (EY) conducted a survey of 300 executives (mostly with Compliance and Risk Management roles) across various industries and identified 10 key areas that pose a major risk to the current business landscape. It identified data privacy and cybersecurity breaches (41%), sanction risk (38%) and AI governance (34%) as the top three threats to organizational compliance and integrity.
Over 70% of respondents identified data privacy and cybersecurity as critical risks due to the increasing data privacy concerns brought by technological disruption and the growing sophistication of cyberattacks. This is followed by risks posed by regulatory non-compliance (50%), stemming from the increasing complexity of regulatory requirements and potential penalties. Lastly, emerging regulatory requirements related to sustainable operations and environmental, social, and governance (ESG) factors (35%) are affecting operating models and organizational reputation. Surprisingly, corruption risk was ranked 10th in the survey at (15%), the lowest among the 10 key risk areas.
COMPLIANCE AS A BUSINESS ENABLER
To keep up with the current changes in the regulatory landscape, some organizations have chosen to take a transformative approach. Transformative organizations link compliance efforts with core business functions to drive growth from identified risks. This enables better aligned business outcomes, where risk insights guide decision-making, improving responsiveness to emerging threats and the ability to turn compliance from a cost center to a value-generating function.
Modernization is a key factor in keeping up with the regulatory landscape, with organizations actively investing in artificial intelligence (AI) to aid compliance functions. This enables the automation of routine compliance tasks, risk detection through complex pattern recognition, and the automation of due diligence and background checks. Organizations can also leverage AI for more complex functionalities, such as the generation of cross service insights that can be used to make informed strategic decisions and promote growth.
Organizations can assess the potential impact of risk and implement controls and response actions to mitigate negative effects through effective risk management strategies. However, they must shift from a reactive to a proactive approach by establishing controls that detect risks early and enable timely intervention.
CYBERSECURITY: DETECTION OF LURKING SECURITY THREATS
A critical example of this necessary shift to a proactive approach is the risk area of cybersecurity. A threat actor only needs to find a weakness in any system to breach an organization’s defense, such as an unpatched vulnerability or a payload disguised as a friendly e-mail. In addition, modern and more sophisticated cyber threats often infiltrate systems quietly and remain undetected for months. These attackers study an organization’s security before launching a more devastating attack, making it critical to invest in detection and response as much as deterrence.
Cyber compromise detection is one such proactive approach for the organization to identify threats. Investigators using specialized tools collect telemetry data from the organizations system to identify indicators of compromise that may signify the presence or a lurking threat. Through this continuous monitoring, organizations can detect, contain and respond to threats early, minimizing damage and in turn strengthen cyber resilience.
MANAGING THIRD-PARTY RISK: A CRITICAL BLIND SPOT
Third-party entities play a major role in day-to-day business operations. They allow organizations to allocate more resources to develop core competencies by outsourcing expertise, staff training, specialized assets, and even allowing risk transference. Engaging with third parties can increase quality of service while reducing costs.
These advantages, however, come with additional risks. Corporate integrity may be compromised when engaging third parties with poor conduct. Organizations may suffer reputational damage, while a compromised third party may exploit policy loopholes, engage in acts of bribery and give kickbacks to gain better deals. This can lead to loss of consumer trust, financial loss, regulatory penalties, and diminished investor confidence.
Organizations must therefore conduct due diligence on third-party vendors to mitigate both short- and long-term risks. This includes rigorously investigating adverse media reports, litigation records, financial stability, sanctions exposure, and compliance history. Extensive due diligence can also uncover potential areas of concern, such as undisclosed shareholders, falsified information, accounting irregularities, and process irregularities.
A layered approach combining public data, stakeholder feedback, and on-site reviews helps ensure that partners align with organizational values and compliance expectations.
BUILDING A SPEAK-UP CULTURE
A strong speak-up culture detects risk early while strengthening trust and accountability. Whistleblowing platforms are a major contributor to uncovering misconduct and unethical behavior by allowing employees to report them when observed. According to the latest survey by the Association of Certified Fraud Examiners, 43% of fraud cases are detected through whistleblowing.
However, the ineffective implementation of whistleblowing frameworks can expose the whistleblower to retaliation from peers and senior management. A failure to quickly respond to whistleblower reports can make employees feel unheard and neglected, while an indifference to upholding integrity by upper management may increase hesitation to speak up. This can lead to employees losing faith in the system and make the unfortunate decision of turning a blind eye to unethical behavior.
Employee trust cannot effectively be built when there is a clear gap between what the leaders say and do. General counsel officers (GCOs), Chief Compliance Officers (CCOs), and other members of senior management must set the tone for promoting and demonstrating integrity with ethical leadership. This fosters a culture of trust, transparent communication, and psychological safety for employees.
Organizations should also raise awareness and clearly communicate the importance of integrity and compliance. Though conventional training methods may not be enough, role-specific training can better cover how policies directly apply to certain job roles. In addition, AI has proven to be a useful tool that helps employees navigate an overwhelming volume of policies. These technological innovations improve the overall awareness and understanding of employees and support ethical decision-making.
THE PATH FORWARD: FROM RISK TO VALUE
Leaders today face a fundamental shift: the question is no longer whether risks exist, but whether they are ready for those they cannot yet see and anticipate. In an environment defined by rapid change and uncertainty, organizations must take a more integrated and forward-looking approach to risk management.
This means embedding compliance into the heart of strategic decision-making, enabling faster and more effective responses to emerging threats. It also requires investing beyond traditional cybersecurity defenses — building robust detection and response capabilities that allow for proactive mitigation of incidents. At the same time, stronger oversight of third parties through rigorous monitoring, screening, and governance has become essential. Above all, organizations must cultivate a culture of integrity, where leaders set the tone from the top and consistently align words with actions, closing the gap between what is said and what is done.
This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the authors and do not necessarily represent the views of SGV & Co.
Roderick M. Vega is the forensic and integrity services leader, and RHANIEL Robert T. Sy is a forensics manager, both of SGV & Co.
from BusinessWorld Online https://ift.tt/36fH1RG
