The Tribune

By DEREK SMITH

HUMAN capital risk is not a compliance or human resources issue. This is a blind spot in governance, and its costs to companies are greater than they realise. Boards and executives often get early alerts about market risk, cyber threats or regulatory breaches. Conversely, many companies lag when it comes to internal people dynamics, such as misconduct, poor leadership behaviour, burnout and quiet attrition. It is not because they do not care. Unfortunately, they do not hear about it in time, or they do not hear it framed as a risk.

According to Susanna Lee, a Massey Business School PhD candidate: “Ninety-five percent of chief executives believe improving culture will boost firm performance through productivity, growth or profitability.” However, through my risk consultancy, I regularly observe this disconnect between executive expectations and operational reality. Leadership believes it controls culture. Human resources assumes that specific patterns are known. Compliance might see signals, but does not own an escalation. This multiplies the gap.

Why it matters now

As a result of post-COVID fatigue, increased mobility, multi-generational tension and hybrid expectations, the workplace has changed. Adding to that are emerging regulations on conduct, ESG (environmental, social and governance) reporting, and data privacy. Talent issues are no longer soft concerns. They are risk indicators.

Let me put it plainly:

* Inappropriate workplace relationships that remain unreported are reputational risks.

* The attrition of high performers is not just a pipeline issue. It is a productivity and continuity risk.

* Unethical leadership behaviour that does not trigger internal action becomes a cultural liability, and a signal to regulators that your internal controls are weak.

But many companies still treat these as human resources issues to “manage” rather than risk events to escalate.

Why is it not being addressed?

Here are three consistent reasons why these concerns are not framed as risks.

1. Human resources is not trained in risk framing. They speak the language of engagement, policy and values. Executives speak in outcomes, losses and exposures. Without translation, it is noise.

2. There is no agreed pathway for people-risk escalation. Unlike anti-money laundering incidents or data breaches, people risk has no universal trigger for compliance or audit review.

3. It is uncomfortable. Raising the alarm about poor behaviour, especially at senior levels, still carries a career risk. Silence feels safe until it is not.

A better approach

At THRIVE 2025, one session will dig into this exact friction point. This writer will explore how human resources leaders can work with risk and compliance to formalise escalation pathways, translate culture issues into business risk, and frame people risks in ways that demand Board-level attention. But this is not about selling frameworks. It is about shifting mindsets.

This writer postulates that leaders should look at:

* How to link conduct trends to operational impact.

* How to build short, data-informed proposals for executive discussion.

* Where accountability lines should fall between human resources, risk and compliance.

* What regulators expect from internal misconduct governance.

Executive participation is key

Let me be clear. This is not a human resource-only discussion. Senior leaders need to understand the signals their people or teams are seeing and what is lost in translation. Risk officers need to recognise the growing importance of conduct and culture. Compliance professionals are required to help build guardrails that protect more than just the company’s licence.

In short, if your people are your biggest asset, they are also one of your biggest risks. Treating people’s risks as noise is no longer viable. It is a governance issue. And your Board will be accountable, whether or not they saw it coming.

• NB: About Derek Smith Jr

Derek Smith Jr has been a governance, risk and compliance professional for more than 20 years with a leadership, innovation and mentorship record. He is the author of ‘The Compliance Blueprint’. Mr Smith is a certified anti-money laundering specialist (CAMS) and holds multiple governance credentials. He can be contacted at hello@pineapplebusinessconsultancy.com