Atul Vashistha:
So James let’s turn attention to the environment today and in the field we are in, we’re constantly trying to help customers understand their risk exposure. Talk to us about how challenges with travel and other restrictions, one of the ways customers understood risk is through assessments. So how are you helping customers think about understanding their risk, particularly assessments differently because you can’t really do the way you were doing it pre-COVID.
James Gellert:
Well, so much of what we do for helping our clients is really done remotely anyway. I think where COVID has affected us is in our ability to work hand in hand, particularly at the outset of a relationship with a new client, the onboarding, the training, the identification of scope, things like that. So that’s been harder and we’ve really had to get nimble around all of that. But the execution of the ratings that we do has been pretty consistent. A lot of that is because we help our clients to reach out or we reach out on their behalf to the private companies that we obtain financial statements from. But we’ve been doing that for private companies across a hundred countries. So all of that has been digitized. We’ve created technology around it to automate it as much as possible for a long time. So I think that’s actually served us and our clients really well during this time. That being said during COVID people are managing risk in some cases differently and in some cases they’re doing it more broadly, so we’ve had to adapt to help them through that time.
It’s a critical point that risk needs to be managed dynamically and that means it needs to be managed on an ongoing basis. That doesn’t mean every risk needs to be managed every day and the more tooling and predictive analytics that people can put in place that allows them to look forward using the data that can be assessed today has to be a critical part of that in order to get scale
Atul Vashistha:
Right. So on that note, James, one of the things that became very clear, if you look at the last couple of years is with the severity of disruptions, the frequency of disruptions that often customers may have an understanding of the risk exposure of their third parties but it happens to be at a given point in time, right? Talk to us a little bit about how you think about continuous monitoring and are you enabling that for your customers?
James:
So I think it’s a critical point that risk needs to be managed dynamically and that means it needs to be managed on an ongoing basis. That doesn’t mean every risk needs to be managed every day and the more tooling and predictive analytics that people can put in place that allows them to look forward using the data that can be assessed today has to be a critical part of that in order to get scale and leverage across a system but the need to look at a plethora of risk areas and to do that on a regular basis in a systematic way. That’s something that we’ve seen evolving now for quite some time, as I know you have as well. And you’re doing a fantastic job of helping to facilitate people doing that because without the right tools, without the right platform, without the right philosophy, it can’t be done.
James:
The area that I think companies like ours have a real need in the marketplace is to help companies understand that they need mandates internally. And mandates internally mean not just the budget and the resourcing but need the internal messaging. So everybody involved in risk management, in a risk role or in the roles that communicate out and connect to those that is being monitored, that everyone understand the reason for doing risk assessments, how they’re done and can speak with a common language back to those suppliers because the first time a supplier calls somebody who’s just a great relationship in a company and that person says, oh, don’t worry about it. We’ll take care of it, you don’t have to follow up. It all breaks down. So there has to be an internal mandate and that mandate has to include the messaging and the communication of the importance of a project and I think those are the programs that have really done particularly well.
Atul Vashistha:
James, that’s really helpful. Let me pull two strings from that response of yours. First is you talked about the different entities in an organization, you talked about a mandate. So I think both you and I have seen this where often when we first thought about risk management and providing this intelligence, it was focused around procurement, third party risk management and now we’ve seen a very big expansion into supply chain and risk management. Talk to us a little bit about these different use cases and how a service like yours, a solution like yours is actually meeting those needs.
James:
So, I hear two things in your question. One is about the life cycle management of a supplier or third party. So the identifying them, the dilligencing them, the onboarding them and then the management of them as a current supplier over time. So basically procurement to supply chain and certainly more and more companies are connecting procurement and supply chain in a way where the life cycle management becomes quite natural as opposed to being two different departments that may sit on the same floor but don’t actually interact. So we’re seeing a lot more of that.
James:
That’s certainly helpful but the other piece, which is probably even more so is the communication across those people or groups that manage different risks and doing that in a way that allows them to benefit from what each other is doing. Part of that is an understanding and an acceptance that risk areas in fact are connected. They aren’t siloed therefore they shouldn’t be managed in a siloed fashion. Ours, our domain with financial risk assessment is probably the archetype for that because financial is so foundational to all of these other risk areas.
Atul Vashistha:
Yeah.
James:
And oftentimes we’ll be in a conversation with someone who says, well, I’m managing financial risk right now because I’m focused on cyber risk and say, well, how are they funding that great cyber risk program you want them to have? And are they going to be able to continue to invest in that at a pace that meets your demands on that supplier for compliance? Then things start, the light bulbs start going off and there tends to be a, oh yeah, right. We may need to connect these things but these dots are all connected and foundational. So we believe the programs that are understanding that and are weaving these pieces together are the ones that are getting the most value for the effort.
Atul Vashistha:
The second string, you pulled on your own on that one, which was, I was going to ask you to maybe comment a little bit more on how, we saw risk cascading. So if you only focused on a single view or a single domain of risk, you often missed out an early warning somewhere. So, right, often a financial risk can be an early warning for a cyber susceptibility because they’re not investing enough in certain areas. In COVID we saw location risk, employee health, operations risk being early indicators of financial issues and cyber susceptibility. Is there anything else you want to add in terms of how and why customers ought to be thinking more full spectrum risk rather than just thinking of these siloed risk domains that they often think in the past?
James:
Yeah, sure. It’s valuable for people to think about the challenges that any company, but let’s talk about private companies because they’re the ones that are most difficult to see into, so private companies, when they’re struggling and they may be struggling because of their own problems because of an exogenous factor like the pandemic or because of lack of access to funding, whatever it may be.
Atul Vashistha:
Yeah.
James:
When a private company is struggling, they have to make choices and they have to prioritize where they spent and particularly with the focus over the last handful of years on cyber security and more so recently on ESG, when companies rightly are pushing those responsibilities down to their suppliers, they’re locking in the need for those suppliers to spend budget dollars in those risk control areas. So in a difficult time, those suppliers may well have to cut even more in the other areas. So in other words, the support costs for a cyber security program have gone from being variable to being fixed, which reduces the other variables that a supplier may have to play with. So, that may mean that they delay investment in plant expansion. They may delay or they may kick out product development cycles out in other couple of quarters or invest less in research and development.
James:
And all of those things go to stuff like innovation. Are they going to be able to continue to bring you new ideas that help you propel your own products? Then we certainly see areas where companies that have to cut corners, start to deliver faulty product or start to deliver product late. We’ve seen a connection between companies we rate high risk and a two times greater likelihood of their delivering faulty product. Well, that means people have to hold higher inventory levels and have worse working capital efficiency because of it. So again, all of these things are intertwined and I believe over the next 24 months we will see much more pressure on companies from a funding perspective. They’re going to have to make more of these tricky decisions than they’ve that to make over the last few years where funding has been really easy to access.
Atul Vashistha:
Absolutely. James, you were talking about innovation and one of the benefits I know your company and mine have been able to leverage is machine learning, AI and others because there’s massive amounts of information. Talk about how you, in your company, Rapid Ratings, is leveraging AI automation to provide a better solution to your customers.
I think getting organized from a data perspective is so fundamental and incredibly, it sounds incredibly basic, even when I say it, but it needs to be reemphasized. The number of very sophisticated companies that for instance can’t produce a list of all of their critical suppliers plus contact information is… It’s very frustrating and it’s a bit disheartening that in the digitization journey that many of these companies have adopted, they still haven’t done that.
James:
So we think about how we can automate more of the practical elements of the business in a way that makes us more efficient because the more efficient we are, the more we can pass cost benefits along, the more we can be faster in scaling a program for a client, things like that, that are very under the surface. But also we think a lot about how we can create product that is intuitive, that matches workflows and creates efficiency for our clients so they can interact with predictive analytics in more ways than they might otherwise.
James:
So we’ve created report styles, for instance, that give qualitative assessment of the company that we’ve rated but it’s done all through machine learning and so it’s all natural language reports that are generated but it’s generated in an automated way, even reports that lay out the questions that one should ask the company that’s been rated, which is a real advancement on anything in the industry. What we’re doing more of going forward is applying AI to look deeply into our data, to be able to understand things like, companies in certain industries that historically have had downgrades of a certain kind over X period of time, what is the probability of the next rating being positive or negative? And what could that mean for a customer partner of that company? So, that’s really about applying the AI lens into more insights that we are mining from the data itself.
Atul Vashistha:
Really exciting to see all the possibilities. Maybe one more question before, I’m going to ask you about your career and advice to others but you talked about internal mandates of leveraging their risk intelligence are very helpful. Is there other advice you would give to the client side in terms of how can you better use a solution like yours? What other practices should they have in place to make sure they maximize their return?
James:
Well, I think getting organized from a data perspective is so fundamental and incredibly, it sounds incredibly basic, even when I say it, but it needs to be reemphasized. The number of very sophisticated companies that for instance can’t produce a list of all of their critical suppliers plus contact information is… It’s very frustrating and it’s a bit disheartening that in the digitization journey that many of these companies have adopted, they still haven’t done that. But you raise the degree of difficulty on that comment and say, well, define criticality.
James:
Is criticality that the suppliers you spend the most money with or have the most revenue impact or reputational impact or sole source, all of these different lenses and ways to look at companies, those things have to be organized and the faster and the more systematically companies can get all of that data in order, the better they can use your services, our services, other services, the more leverage they can get to their programs because faulty data or messy data makes a messier output. So, if there’s any one strategy every company can adopt and before they spend money on lots and lots of other things would just be to get their internal data houses in order.
Atul Vashistha:
Yeah. Help us help you.
James:
Yes, that’s exactly right. I feel like I say that way too much.
