Business Model Risk - The Forgotten Risk Type:
Sustainable business models that demonstrate adequate profitability over long horizons are key to a healthy market economy. This applies to firms and organizations of any size and in any sector. But how do we determine what is sustainable and how can we tell a risky business structure from a stable one?
On the small-scale end of the size spectrum we have the domain of startups and SME’s. Here, the ability to bring new ideas to the market is vital for renewing economic activity and creating jobs, especially in times of technological change. Yet we know that small firms have very high failure rate. Many of their business ideas and models will never graduate into an actual, long-lived, business. The need to understand the factors behind successful small enterprises has definitely seen its share of research over the years. One of the recent trends is to focus on business model systematics, a good example being a recent European Commission policy brief.
On the large-scale end of the size spectrum, business models have received recently (negative) attention in the banking sector. The financial crisis and its aftermath has raised questions on the ability of financial services firms to effectively manage the business model risks associated with their sprawling business lines. In fact the banking supervision arm of the European Central Bank has raised banking business model risks (and the associated profitability outlook) as a high priority issue for review in the course of 2016.
These two worlds come together in the debate around fintech. We have argued here, that risk managers have their work cut out irrespective of the financial services platform they chose to back in the future. Whether working as “disruptors” or incumbents, risk managers need to get serious about developing capability around business (model) risk. Alas, a quick review suggests that the business model risk subject is still in an embryonic stage and only very few guiding references exist. We can therefore with some fairness denote business model risk as the forgotten risk type.
The greenfield nature of this risk topic makes work in this area both challenging and exciting. Assuming we have now compelling motivation to look into this issue deeper, we need to decide how to go about a suitable risk framework:
How does one go about assessing the risks associated with a given business model in a systematic way?
Using the standard risk jargon, how do we go about identifying, measuring and managing business model risk?
The Business Model Canvas
Impatient risk managers should resist the temptation to dive straight into the task and try to statistically regress a collection of profit metrics against macro variables. Such an approach is a dead-end as a long term risk framework. We can always perform this quantitative exercise, and, assuming the data set is of high quality, we will get some insights. Yet this will not illuminate us very much about what is going on (in the inner workings) between the firm and its clients. In fact, we are likely to end up with an operational risk model style disillusionment, where the industry has an apparently sophisticated measuring framework in place, yet we know very little about the fundamental drivers of risk (what is happening on the ground). The outcome is that such premature quantitative machinery is not really fit-for-purpose for answering real life what-if questions.
Instead, lets us try the following:
The core idea for a business model risk framework is to establish an information schema for business models and then work on identifying the weaknesses of the different elements and the linkages comprising the model
Luckily we do not need to start from scratch regarding the first part (a business model description schema). Over the decades lots of people have toiled over how to create business model schemas. Currently there is some excitement in startup / digital transformation circles about a simplified version of a business model, the so-called Business Model Canvas (BMC).
The BMC schema is built around 9 categories (components) which need to be specified in order for the business model to become concrete. For example, Customer Segments capture the segmentation of the potential client base using demographic, geographic, economic etc attributes.
Revenue Streams and Cost Structure are two important elements as expected. When thinking about the risks or threats to these profitability components, we now posses a set of interlocked elements that can help us trace potential weak links. For example, the Value Proposition is a core element: The firm product or service must create a distinct value proposition for its customers. Such value is somewhat difficult to quantify, yet it is clear that e.g., business volume critically hinges on this measure.
Before getting on with the risk assessment job, we need to introduce an element missing in the original proposal, namely Competitors. It may be also psychologically useful to rearrange the components to emphasize that we are only handling customer centric models!
In our summary graphical depiction of the business model, the firm (or business line) is indicated as a set of elements centered on the customer. Activities and Resources, are followed up by Distribution Channels and Client Relationships. These four elements help realize the Customer Value Proposition. In turn this entices Customers to generate the Revenue Stream, which then gets distributed through the Cost Structure (arrows) to support the firm operations. Key external parties are the Partners and Competitors of the firm.
We are now ready to start developing the second part: a business model risk identification framework.
Identification of Business Model Risk
- Read more in our Open Risk White Paper: Identification Framework
Business Continuity versus Business Model Risk
Business Continuity and Business Model Risk are both concepts related to Disruption Risk. The former indicates the disruption of business operations, typically as a result of various forms of Operational Risk, the later suggesting a more permanent disruption, e.g. by market developments, new inventions etc. This Open Risk Manual entry explores similarities and differences between the two concepts. It is interesting to compare and contrast the two notions, keeping in mind that business continuity is a narrower and much more developed domain.