Over the course of a nearly three-decade career in risk management, Richard Fenning has more than a fair share of wisdom to impart on international compliance professionals.

The CEO of consultancy Control Risks for 14 years, Fenning has traveled across the globe with a duty to spot emerging areas of geopolitical crisis. His journey has taken him from the battlefields of the Middle East to the backstreets of Rio and Delhi, along the way amassing unforgettable experiences often in exchange for unappealing accommodations.

What on Earth Can Go Wrong

Fenning’s book, “What on Earth Can Go Wrong: Tales from the Risk Business,” offers a glimpse at his fascinating life. The work was named among the Financial Times’ summer books of 2021 and stood out to me personally among my recent reads.

I spoke with Fenning about the book, his thoughts on modern risk management, and more.

Q. What inspired you to write about your journey “into the deep recesses of the risk and security business”? Why not just take a well-earned victory lap and move on?

A. Narcissism, basically. The ignoble conceit of wanting to see my name in print is almost certainly the main reason. Perhaps somewhere lurking in the shadows was a sense I may have a few things to say about the dysfunctionality that humans perpetrate around the world. But, in essence, it was just an unhealthy desire for self-aggrandizement.

Q. You share how not every risk “can be reduced to a formula that can be unraveled using algebraic logic.” Yet, it seems in our current compliance discourse there’s a lot of focus on data and analytics. From your experience, how and where does data fit in with respect to understanding and mitigating risk?

A. I am a big believer in using technology and science to help us calculate and identify risk. In many cases—extreme weather forecasting, for instance—we would be lost without it. Combing through years of financial data by hand is time-wasting, inefficient, and risky when a machine can be programmed to do it better. But there are some aspects of how human beings behave that so far defy even the most advanced forms of predictive artificial intelligence. There is still a place for the intuitive hunch.

Q. You recently engaged in a Q&A with Christian Hunt in his “Human Risk” podcast where you shared one of the major themes in your book: That when it comes to risk management, it’s “very difficult to get people to focus accurately on a sober appreciation of potentially what could go wrong.” From a compliance perspective, that seems to be a tremendous blind spot. Given your experience, how can we better help compliance leaders with their ethical radar as to what risk could be the horizon?

Richard Fenning

Richard Fenning

A. In the same way we take comfort from believing often inaccurate historical narratives about the past, we have a deep-seated desire to think we know what the future holds. Astrology may have no scientific validity, but it exists for a reason. We are susceptible to believing the future will unfold how we want it to; that China will become a liberal democracy, for example, has bedeviled corporate planners and geopolitical strategists since the late 1980s.

By contrast, we also have a taste for the dramatic over the mundane. Opioid addiction kills more people than terrorism, but we largely neglect combating the scourge of wrongly prescribed prescription medicines. That is not to underplay the evil of terrorism, but it is an imbalance in our risk appreciation that is replicated in corporate risk strategies the world over. Part of the solution is to take deliberate steps to avoid the confirmation bias and groupthink that too often predominates in risk committees and any form of collective business endeavor. Seek out the awkward, spiky, contrarian iconoclasts and give them a voice.

Q. In your book, you address the challenge of “maintaining the right equilibrium between adventure and prudence.” Yet, we know with commercial opportunity and innovation comes risk. Is this tension between the pressure to succeed and the pressure to comply just an inherent (and inevitable) part of business, or is there a way to address it more proactively to reach that “equilibrium”?

A. Equilibrium is exactly what we should be avoiding. Yes, we should make sure our compliance teams are aligned with the commercial imperatives of the business and, equally, we should double down on incentivizing our business managers to act with integrity against a grounded set of true-to-life business principles. But we should always want there to be creative tension between the two, not harmony. Fundamentally, they are different species of human being. It is the job of the CEO to make sure this sometimes-vexed interaction delivers the right outcomes for the business.

Q. You address the “slippery slope” of corrupt conduct, where gradually it becomes the norm and employees might embrace that “common practice means acceptable practice.” How can compliance leaders better sensitize and make people aware corruption is not at all acceptable?

A. If it is falling to compliance leaders to make the moral case against corruption, then the battle is half lost. This must be an explicit and public commitment by the board and the CEO. And they must do so fully cognizant of the specifics of how and where the business operates and the pressures junior managers often find themselves under. Too often, fine words at Davos contradict the operational reality of the business.

I have also changed my view over time. I used to think we should lead with why corrupt business is bad business. And while that remains clearly true, I think we should be much bolder in calling out the moral and ethical imperative to not pay bribes. When you see at close quarters the tragic consequences of failing states that I describe in the book and the role corruption plays in accelerating this failure, then it is vividly apparent this is not a victimless crime.

Q. You shared in the podcast your fascination with the “collective psychology” of why well-educated and experienced groups of people “make nutty decision(s).” Why the fascination? And should this be of concern to control groups, compliance teams included?

A. Decision-making is a complex business. We entrust all kinds of decisions to teams that are prone to chronic dysfunctionality. In business, we create teams at the drop of a hat, often with limited regard to their composition, their mandate, their expected behaviors, and with little effort to questioning or critiquing the conclusions they reach and the outputs they make.

Football managers do the opposite and get fired regularly and in perfunctory fashion if they get it wrong. Somewhere between the casualness of the business world and the cutthroat short termism of the sports field might be a better way forward.

Thank you, Richard, for sharing your experience and perspective with Compliance Week.