Healthcare, life sciences, gaming, crypto and FinTech are siphoning talent at an alarming clip.
By Paul DeCoster
In the last five years, a wave of non-traditional, heavily regulated institutions, like FinTech, crypto, gaming, healthcare and life sciences have been building out and empowering stand-alone, independent second-line oversight functions.
Why is this happening?
Major global banking groups, once the proving ground for top talent due to stringent global regulations, are now facing headwinds. Economic pressures have led to headcount reductions and automation initiatives, squeezing out experienced professionals. Simultaneously, the burgeoning regulatory landscape in adjacent industries like FinTech and healthcare creates a strong demand for these seasoned specialists. These professionals, who have been through the ‘hard knocks’ of the global financial services regulatory bodies, welcome new challenges and career opportunities in these rapidly growing sectors.
Many organizations have started following the financial services ‘three lines of defense model”, where independent oversight and audit functions collaborate with business units to manage risk. As a result, many of these organizations have begun building empowered risk management and compliance functions to get a holistic view on the risks facing these organizations. For many, this is the first time they are deploying some sort of Enterprise Risk Management framework.
Two further factors drive this talent migration. First, board members accustomed to the three lines model are demanding greater rigor from leadership in independently and thoroughly understanding enterprise risks, which this model facilitates. Second, the rising threat of cyberattacks and data breaches in these data-rich, digital businesses fuels the need for robust risk management frameworks.
The ever-evolving threat of attack
According to a recent survey by Black Hat USA, 77% of C-level executives believe that a security breach is inevitable at their organization, highlighting the need for proactive risk mitigation. However, managing this risk is difficult as bad actors are indiscriminate and will go after any weak link in a business that they can identify. So, while CFOs and General Counsels may be experts in the risks that sit specifically within their lines of business, they lack the holistic view needed to protect the organization as a whole.
Given this pervasive risk, it makes sense for there to be some sort of oversight functionality within businesses, especially those which are regulated due to the sensitivity of the data they hold and the business models in which they operate.
Compliance, regulation and beyond
One of the biggest risks facing businesses working in regulated industries is the danger of being non-compliant. Some of these are sector specific, such as in healthcare, where everything is regulated by the FDA. However, some compliance is sector agnostic, such as the GDPR in the European Union. Non-compliance with GDPR can incur substantial financial penalties and irreparable reputational damage, making it a significant risk factor for businesses of all types. This has fueled the rise of roles like Chief Data Officer and Chief Privacy Officer, tasked with navigating the complexities of this critical regulatory landscape. Non-compliance with the European Union’s GDPR comes with a hefty price tag: fines of up to 4% of global turnover or €20 million. This sobering reality has organizations laser-focused on compliance.
What does the future of risk management look like?
Taking into account the continued threat of cyberattacks and an increased focus on compliance and regulation, the role of risk management will continue to escalate – most likely all the way to the top. To that end, we’ll start to see more and more Chief Risk Officers take strategic roles on company boards and more net-new Chief Risk and Chief Compliance Officer roles being created and elevated within the FinTech, crypto, healthcare, life sciences, gaming and technology organizations. As we continue to see capital deployed into these high-growth new areas of regulated industries alongside stagnation at attrition within the traditional global financial services we will continue to see this rapid talent realignment.