Why risk and sustainability go hand in hand

There aren’t many people who share the job title now listed on my LinkedIn profile. You’ll find plenty of chief risk officers and senior sustainability executives, but combining these focus areas on a global level is a relatively new approach.

When Abhijit Dubey, Global CEO of NTT Ltd., announced my appointment last year, he said that, in addition to leading sustainability globally, the risk part of my new role would include data privacy, insurance, risk management, integrity and risk management operations – an exciting combination but a tall order, for sure!

But my 15 years of serving in various capacities in the group – including as Chief Corporate Governance Officer of Dimension Data Middle East and Africa – and my own passion for sustainability had prepared me for this new challenge.

As a student, I worked for a nongovernmental organization that documented the incidence of lung disease among former mineworkers left with no medical support. Having witnessed first-hand the effects of the unmitigated pursuit of profit, I joined the corporate world reluctantly but resolved to do something positive that would help organizations change their trajectory.

At Dimension Data, my portfolio covered legal services, risk and compliance, regulatory affairs, ethics and governance. In the South African context, it also included compliance with local laws to include those who had been previously excluded by apartheid from meaningful economic activity. We managed enterprise and supplier development programs aimed at bringing black- and women-owned small and medium-sized enterprises into our supply chain.

I took responsibility for these things because I believed that's how I could make the biggest impact. I wanted to contribute to the creation of an organization that would gain and retain the trust of our clients, partners, employees and shareholders, and be admired by our competitors. 

So, when the opportunity came up to take my passion to a global level at NTT, I took it! My job resonates with me, and that's why I'm excited about it. It is an extension of the same ambition.

Risk and sustainability: a circular dynamic

Sustainability is about how we operate as a business to address the urgent challenges of climate change and biodiversity; how we positively engage with society; and how we govern our organization. If we get these things wrong, it increases risk and can damage our reputation. That is why we include sustainability as one of our principal risks in our risk management strategy.

Double materiality refers to how organizations affect the environment, society and those they engage with, and, at the same time, how issues of sustainability affect their ability to run a business that will still be here in the long term. For me, managing enterprise risk and doing good for the environment and society go together. They are two sides of the same coin.

You cannot look at sustainability without seeing it as both a risk and an opportunity, and you cannot define your principal risks without taking sustainability into account.

A corporate priority

Much effort has gone into our thinking in this regard. I’m leading a portfolio identified as one of our corporate priorities, and I have the full support of our CEO, who created the role and supports my team’s efforts to help our company gain better traction in both areas.

We see ourselves as a trusted business partner that acts as both an adviser and a steward for NTT. The latter is important because it refers to protecting the organization, which sometimes means saying no or slowing things down: sometimes you have to go slower, while being simultaneously mindful of the pace of change in the external environment, to eventually go fast. Managing risk is like the introduction of brakes in cars: not only do they protect limb and life, but they also enable cars to go faster. By embedding risk management in our operations and acting responsibly for the planet and people, we enable our business to grow faster and more sustainably in the long term.

Sometimes you have to go slower, while being simultaneously mindful of the pace of change in the external environment, to eventually go fast

It also means we need a collaborative approach. Gone are the days when group functions churned out policies and walked away. We actively partner with the business to manage our risks more proactively and effectively and to move the dial in our sustainability commitments. Then, the implementation happens in each region or service division – which is why it’s important for everyone to understand how what the group risk and sustainability team does will enable the entire organization.

To do that, we’ve also had to clearly define what forms part of the group risk and sustainability portfolio. When you talk about risk, for instance, there are day-to-day operational risks and there are principal risks – those with a potential impact on our ability to execute that strategy.

My portfolio operates largely at the latter level, while also supporting the business in managing operational risks.

Similarly, although our sustainability strategy, policies and programs are developed at the group level, there is ongoing engagement with our colleagues in the rest of the organization to co-create initiatives that enable and support our sustainability strategy. This enables us to identify pockets of excellence for implementation across NTT. It’s a feedback loop that creates overall buy-in and makes our strategy more robust.  

An agile approach to risk management

Data privacy and protection is one of the main risk areas we manage. It is linked to third-party risk management because we want to do business with people and organizations that both share our code of ethics and have sufficient data privacy and protection processes in place.

We also want our code of business conduct and ethics to be accessible to employees, fit for purpose and relevant – a living philosophy. We have rolled out comprehensive compliance training on ethics, data privacy and protection, and information security to all our people.

As an example, a hot topic currently is generative AI, such as ChatGPT, which offers immense opportunities. Naturally, everyone is excited about these tools, even as industry experts voice their concerns about the unchecked use of AI and call for regulation. It is no longer an emerging risk; it is here – and, if badly managed, the use of generative AI within our business could cause significant reputational damage.

It is important that we give appropriate advice to our colleagues: what are our use cases for generative AI, how do ensure its ethical, responsible and transparent use, what policies are required to facilitate this, and what technologies do we adopt for this form of AI that will not pose risks to our organization?

Sustaining communities and the planet

As with our approach to risk management, we have defined our sustainability ambitions as Connected Planet, Connected Economy and Connected Communities. Each ambition has its own commitments, and we co-create implementation plans with each region.

We have also introduced volunteering leave, and employees can use their three days of volunteering leave per year to do their part in supporting our Connected Planet and Connected Communities ambitions. Here, our focus is the environment and enabling access to education and digital skills. The ongoing direct involvement of employees in these initiatives helps us to amplify our sustainability impact as a group, specifically related to the United Nations’ Sustainable Development Goals 4 (quality education), 10 (reduced inequality), 13 (climate action) and 15 (life on land).

Having a diverse and inclusive workforce leads to fresh perspectives and more robust and long-lasting solutions for our clients

This programme encourages our people to support initiatives that resonate with them, in line with our “Here you can” ethos. It recognizes that employees have personal interests outside of work, and we want to align those interests with what we are doing as an organization to improve our society and our planet.

We govern our organization according to our code of business conduct and ethics as well as the laws and regulations that are applicable in the countries where we operate, while doing our part to have a positive impact on host communities – for example, by creating jobs, investing in the education of disadvantaged young people and enabling digital access. We also recently launched a mentorship programme for new entrants into the world of work.

We are committed to diversity, equity and inclusion. Not only is it the right thing to do but it also supports our leading position in the market – from a growth perspective and in the war for talent. Having a diverse and inclusive workforce leads to fresh perspectives and more robust and long-lasting solutions for our clients and, in turn, their users and customers.

Is this approach right for your organization?

If you’re wondering whether our strategy to bring together risk and sustainability is right for your organization, it's ultimately about deciding whether a business case exists for this strategy. I would argue there absolutely is, especially in the context of double materiality.

Bringing these two areas together enables the coordination of efforts and creates leverage, which has a meaningful impact and leads to a sustainable business in the long term. This is particularly important if we are to mitigate the risks of, for example, climate change and technologies such as AI while also taking advantage of the opportunities.

However, to do this, we need to understand our own business and the world around us, which is only possible if we remain curious and collaborate with our colleagues. After all, risk and sustainability exist to enable business. They are not separate from it.