A spotlight on risk in the telecommunications sector

COVID 19 demonstrated that a robust, scalable and secure telecommunications network is critical to the economic wellbeing of our nation and the personal wellbeing of its citizens. Being able to anticipate, identify and mitigate risks is more important than ever.

A reliable, stable and secure telco network is key not only to the economic health of a nation, but to the wellbeing of millions of people – something that’s that has only been further reinforced during the past 18 months.

Populations around the world relied on the availability of network services to communicate with colleagues, peers and loved ones remotely as we retreated to our homes during the height of the COVID-19 restrictions.

Telcos have historically been proficient at managing operational risks around network availability and have long been regarded as developing leading practices in this key area. However, as the nature of the business has changed, the landscape of risks has expanded significantly and made risk management increasingly challenging and resource intensive.

The inherent complexity of the business

The modern telco has evolved to become a technology company that that delivers applications and services via their fixed line, mobile, data and cloud infrastructure to a full suite of customers from private individuals through to large corporates. The underlying technology platforms that exist to deliver services and manage customers is extremely complex and capital intensive.

Supply chain

The supply chain of the modern Telco is typically highly complex. Telcos need access to the very latest technologies to remain competitive, however this is dependent on global supply chains and major partnership/outsourcing arrangements, each with its own risk profile. It is essential that third party risk and broader supply chain risks are understood and managed.

Investment risk

Telcos are juggling the requirements of running and maintaining infrastructure which is capital intensive against rising customer expectations which naturally puts pressure on margins. Network upgrade programmes typically cost hundreds of millions and often include leading edge technology – the inherent risks around technology selection, award of contracts and “on time, on budget” completion are high and must be considered in the overall risk management framework.

Talent risk

Telcos need to operate at the cutting-edge of technology and the ability to find the appropriate talent to work with this technology, particularly with international borders closed, is challenging. To build secure, resilient and reliable telco networks requires specific technical expertise – there’s a finite number of people who can perform that role. The nature of the technology often challenges experienced risk professionals too as they do not always feel comfortable navigating the complexities of modern communications technology.

Regulation

As one of the most highly regulated industries in the developed world, an Australian Telco typically has around a dozen compliance programs running concurrently. Not only do these businesses need to comply with telco sector specific obligations, but, for example, they also need to manage regulations related to conduct and selling, privacy and safety. The compliance risks are diverse, complex and time consuming.

Later in 2021, the Australian Government will introduce changes to the Security of Critical Infrastructure Act – as one of the affected sectors, Telco compliance requirements may increase further. It is often overlooked that as critical suppliers to other highly regulated sectors (e.g. financial services) and government, contractual agreements commonly include numerous other client specific obligations which must be considered in an overall compliance programme.

Cyber risk

Telcos are considered a top prize when it comes to cyber-attacks and have been aggressively targeted a number of times (often attributed to state sponsored activity). As well as causing significant disruption to government and the economy, a successful cyber-attack on a telco could also yield intelligence in the form of phone records/network traffic  valuable to adversaries. Telcos hold a great deal of personally identifiable information about their customers which needs to be protected in accordance with privacy legislation. The modern telco also runs infrastructure delivering cloud and data services to major corporate clients raising the possibility that a cyber attack on a telco could be used to access the systems of other major corporates. Identifying and managing emerging cyber risks is a critical capability which can't be done effectively if information sources are fragmented and don't feed into broader risk management programmes.

It’s important that these risks are managed in a comprehensive manner with the same level of rigor and consistency in process applied throughout to give executives a true aggregated view of risk.

Having real time, accurate risk data allows executives to use risk to inform decision making, something that’s even more important in today’s fast moving, volatile environment. Risk systems have to be flexible, agile and allow executives to take proactive decision making, not just retrospective and reactive.

Given the multiple overlaps and crossover points between the different risks and compliance requirements, the holistic view is necessary to ensure that the cost of compliance can be reduced and to ensure that an approach can be taken where risk management and control activities can be assessed once but reported into the many different programmes that rely upon them.

A holistic risk framework brings all functions onto the same page, helps to improve processes and efficiency, and is supported by the right risk technology.

KPMG’s Powered Risk is designed to achieve this, as it brings together the right tools, processes, automated risk controls, and data and analytics insights to help achieve a better standard of risk management at an accelerated rate.

KPMG's team brings to the process a deep understanding of the telco sector, its unique risk landscape, and technology implementation, which all works to make transformation as seamless as possible.

KPMG Powered Risk  >

KPMG’s Powered Risk is a technology enabled platform to help manage and mitigate risk in an efficient and controlled manner. It’s pre-configured and aligned to KPMG best practice risk management. It integrates our forward-looking point of view and deep industry knowledge with leading cloud technology and global delivery capabilities. It’s designed to help organisations identify, assess, mitigate, monitor and report on risk and compliance exposure to enhance stakeholder trust.

Risk must be prioritised to manage the increasing speed of change, and change requirements, to ensure that telecommunication organisations stay competitive and serve their customers best interests. For boards, CEOs or CROs in the telco industry considering how to best harness the opportunities that risk management can offer, ask yourself the following questions.

• Has our organisation set clear and reasonable expectations around risk appetite?
• Is our organisation clear on risk ownership?
• Could we be overly focussed on managing ‘known’ risks as opposed to anticipating future risks?
• Does our risk management program consider the interconnectedness of risks and their possible impacts?
• How do we know that critical controls are in place and operating effectively?
• Is the risk data that we see accurate and timely?

KPMG Powered Risk  >