GRC Knowledge Center

From VUCA to BANI. A Unified Approach to Meet Future Challenges.

In today’s economic ecosystem, we are witnessing a fundamental shift from the VUCA (Volatile, Uncertain, Complex, Ambiguous) paradigm to a BANI (Brittle, Anxious, Nonlinear, Incomprehensible) world. This evolution has profound implications for Governance, Risk, and Compliance (GRC), transforming this field into an essential strategic lever. Beyond its traditional role as a safeguard, GRC emerges as a catalyst for innovation and a driver of sustainable value creation. This article explores the foundations of robust corporate governance focused on GRC and examines how an integrated approach can not only enhance organizational resilience but also drive long-term growth in the context of digital transformation and increased social responsibility.

The VUCA model, initially developed by the US Army War College, has long served as a framework for understanding the post-Cold War business environment. It described a world characterized by:

• V = Volatility – rapid and unpredictable changes
• U = Uncertainty – a lack of predictability and clear perspectives
• C = Complexity – multiple interconnected forces that are difficult to untangle
• A = Ambiguity – a lack of clarity about the meaning of events

In this context, GRC focused on creating robust and flexible systems capable of quickly adapting to changes and managing uncertainty.

However, recent events, such as the COVID-19 pandemic, climate crises, and geopolitical upheavals, have revealed the limitations of the VUCA model. Jamais Cascio proposed the BANI concept as a more fitting description of our current reality:

• B = Brittle – seemingly solid systems can suddenly collapse
• A = Anxious – a constant state of worry and stress about the future
• N = Nonlinear – disproportionate effects compared to causes
• I = Incomprehensible – complexity that exceeds our capacity for understanding

By combining the ideas of VUCA and BANI, we can develop a more holistic approach to GRC that addresses both the known challenges of volatility, uncertainty, complexity, and ambiguity, as well as the emerging realities of brittleness, anxiety, nonlinearity, and incomprehensibility. This unified approach allows us to:

• Build resilient systems that can withstand sudden shocks and collapses.

• Promote a culture of awareness to manage anxiety and stress within organizations.

• Develop adaptive strategies to respond to disproportionate and nonlinear impacts.

• Enhance our ability to navigate complexity with advanced analytical tools and frameworks.

Beyond Corporate Governance.

Ethical and visionary leadership is the cornerstone of effective corporate governance. According to a recent Deloitte study, 87% of leading companies attribute their success to strong GRC leadership. These leaders embody what is called the “tone at the top,” setting high standards of integrity and accountability that cascade throughout the organization.

In a BANI environment, leadership must evolve towards what is called “conscious adaptive leadership.” This leadership style recognizes the limits of forecasting and long-term planning and focuses on creating an organizational culture that can quickly adapt and thrive amid uncertainty.

Corporate culture is the fertile ground in which GRC practices take root. The concept of “positive risk culture,” developed by psychologist James Reason, encourages a proactive approach to risk management. For example, Google implemented its “Googler-to-Googler” program, where employees train their peers on various aspects of ethics and compliance, thereby creating a culture of shared responsibility.

Promote Communication and Transparency.

Effective internal communication acts as the “nervous system” of the organization, rapidly transmitting crucial information to all parts of the organizational body. The concept of “narrative communication” developed by David Boje highlights the importance of creating coherent stories around GRC initiatives to foster employee engagement.

In a BANI world, communication must be continuous, transparent, and multichannel. The concept of “empathetic communication” becomes crucial to managing anxiety and maintaining trust.

It is essential to communicate clearly and concisely with internal and external stakeholders regarding GRC-related activities and initiatives. For example, BMW regularly organizes information sessions for its employees to raise awareness about GRC issues and gather their feedback.

Publishing transparent reports demonstrates commitment to transparency and accountability. In this regard, TotalEnergies annually publishes a detailed report on its risk management policy and internal control system, audited by an external firm.

Engaging stakeholders strengthens the effectiveness and legitimacy of governance processes. SNCF has set up an « ethics and CSR committee » composed of representatives from customers, suppliers, and NGOs to identify non-financial issues and co-design its action plans.

It is also important to ensure transparency with shareholders, as L’Oréal does by presenting annually to the board of directors a comprehensive report on the assessment and treatment of key emerging risks.

Constructive exchanges with regulators, like those organized by Crédit Agricole, help proactively evolve the internal control system. Finally, Michelin surveys NGOs, directors, and analysts about their perception of its CSR risk management.

Support Strategic Decision Making.

Anticipate issues can be compared to a “strategic radar,” allowing the detection of opportunities and threats on the horizon. The concept of “weak signals” developed by Igor Ansoff emphasizes the importance of detecting early signs of change. Companies like Amazon, with its “Day 1” approach maintaining constant vigilance against potential disruptions, illustrate this anticipatory mindset.

Align GRC with strategic objectives creates an “organizational symphony,” where every part of the company works in harmony towards a common goal. The Balanced Scorecard, developed by Robert Kaplan and David Norton, provides a framework for this alignment. Siemens, for example, has integrated GRC performance indicators into its strategic dashboard, ensuring that compliance and risk management are treated on par with financial and operational goals.

Enhance Operational Performance.

Cost reduction through GRC can be viewed as “organizational precision surgery,” eliminating inefficiencies without compromising vital functions. The concept of “lean compliance,” inspired by lean management, aims to simplify compliance processes while maintaining their effectiveness. Companies like Toyota have applied these principles to their GRC, achieving substantial savings while improving compliance quality.

Resource optimization through GRC acts as an “efficiency catalyst,” maximizing the return on investment for every dollar spent. Eliyahu Goldratt’s Theory of Constraints offers a framework for identifying and removing bottlenecks in GRC processes. For example, Johnson & Johnson uses predictive analytics to optimize compliance resource allocation, focusing efforts where they will have the greatest impact.

Strengthen Organizational Resilience.

Crisis preparedness can be likened to an “organizational immune system,” bolstering the company’s defenses against external shocks. The concept of “antifragility” developed by Nassim Nicholas Taleb suggests that some systems can not only withstand shocks but also become stronger from them. Zoom’s response to the pandemic, where the company rapidly strengthened its security protocols in the face of explosive demand, illustrates this ability to adapt under pressure.

Adaptability and innovation in GRC function as an “evolutionary engine” for the organization, enabling it to adapt and thrive in a constantly changing environment. Clayton Christensen’s concept of “disruptive innovation” can be applied to GRC, encouraging radically new approaches to risk management and compliance. Tesla, for example, has integrated risk management into its innovation process, allowing it to quickly develop new technologies while navigating a complex regulatory landscape.

Go Beyond GRC.

At the dawn of the Fourth Industrial Revolution and in an increasingly BANI world, GRC is poised to play an even more crucial role in corporate strategy. Here are some emerging trends and recommendations for companies looking to strengthen their GRC approach: