As forensic consultants, we keep hearing about financial institutions in Asia Pacific having four crisis meetings a week for every practice. In many cases, these meetings have been going on for more than two years. And it makes us wonder. If 'business as usual' is now 'crisis as usual', how does anyone plan for the long-term?

By definition, companies in crisis mode are operating minute-to-minute, making rapid decisions to solve short-term problems. In this environment, strategic long-term planning goes out the window. But when does long-term planning return? At what point - and how - do we move beyond crisis and start operating and planning in a relentlessly volatile world?

In our view, the point is now. Crisis response is now a well-formed habit in your institution. This means companies' crisis responses are now habitual. They no longer represent a crisis.

Accept that volatility is here to stay

It's time to figure out how to operate in a permanently volatile world. In 2020, when 'unprecedented' became Dictionary.com's People's Choice Word of the Year, it was clear we were moving into unchartered territory. Two years later, we've progressed so far into the unknown that the 'old normal' has become quaint, ancient history.

Business leaders should instead expect increasing numbers of "grey rhino" (obvious, yet ignored) events as well as "black swan" (unforeseen and improbable) events, both of which bring challenges to long-term planning.

For grey rhino events, climate scientists have been predicting crises like extreme weather events, water, and food shortages for a long time. Equally, the pandemic (if not its timing) was also expected. Now the COVID-19 genie is out of the bottle and mutating rapidly - and it's only a matter of time before the next major pandemic hits, bringing with it another series of pandemic-related supply chain disruptions.

Leaders need to accept that these large-scale changes are coming and prepare for such events - even if the timing is difficult to pinpoint. For example, building more climate-durable and diverse supply chains is one important way to mitigate the risks of grey rhino events.

On the other hand, Russia's invasion of Ukraine was an unexpected (black swan) event for most companies. The ongoing and increasingly dangerous war has resulted in multiple crises, including energy price spiking, a global food emergency, and a deluge of refugees across Europe. Black swan events are, by definition, impossible to predict. So leaders must instead build crisis response systems that allow them to address the unique challenges that black swan events bring without allowing them to overwhelm long-term thinking.

U.S.-China relations are another area for a potential crisis, especially after the further strain created by the war in Ukraine. According to the Center for Strategic and International Studies, companies should be planning for the 'unthinkable' and are not ready for whatever is coming next. As the Center puts it: "U.S.-China ties have deteriorated to depths not seen since the late 1960s, when the two had no diplomatic ties and were actually shooting at each other in Vietnam." Companies operating in China and the U.S. should be ready for more shocks to supply chains, data security issues, and other market disruptions.

Reconfigure your risk controls and change your reward culture

Organizations must accept they are operating in a world that will face regular grey rhino and black swan events - sometimes simultaneously. And not all of them will come from global events: some are also lurking in your organization.

Before the pandemic, most companies were looking at risk universes where the ratio of controlled to uncontrolled risks was around 90:10. Today, the scales have tipped. Some of our clients estimate the pace and scale of change mean the ratio is now closer to 50:50. These institutions are now working with us to repopulate risk registers and implement new controls to address the vast slew of previously uncontrolled risks.

While many of these risks revolve around climate and geopolitics, which are largely out of companies' control, others are internal and can be managed. For example, hybrid work has created new fraud risks, including inadequate controls and employee disengagement. Some of these issues are only just coming to light, leading to investment in new controls, better training, more active investigations around wrongdoing, and employee engagement.

As well as using 'stick' tactics to manage these new fraud risks, institutions should also look at 'carrots'. If a job is worth more than the bribe offered, people are more likely to do the right thing. In this sense, employee engagement and satisfaction become critical. As fears of rising unemployment grow, institutions must make sure key personnel have a clear view of what the organization will look like in the next two years - and be confident of their place in it.

Companies need to be aware of survivorship bias. Case in point, members of the IT team that stops the hacker become employees of the month, but IT folks who work diligently to prevent hundreds of potential attacks are often dismissed as "just doing their jobs" and overlooked. These are the real heroes and the behavior institutions need to reward. People who have quietly incorporated 'crisis as usual' into their everyday tasks. For whom, protecting the organization from crisis is part of their job description.

In this operating environment, we need to stop treating those who deal with crisis as something special. Because crises used to be unusual and frightening, businesses got into the habit of rewarding those who fix them.

Rethink and outsource crisis management

If leaders are to get back to strategic planning, they need others to help their organization prepare for, respond to and emerge stronger from ongoing crises. Executives cannot ground future planning in the crisis that blew up this morning - or act based on the last thing they heard. They need a safe pair of hands to deal with today's crisis so they can focus on planning and investing in tomorrow.

Former regulators, intelligence officials, and security professionals from government and industry are well placed to identify, analyze and manage risk - both ahead of time and at critical moments. They also bring external intelligence that can feed into long-term planning, ensuring strategy takes into account the improbable and unexpected.

When leaders are supported in managing risk and confronting uncertainty, they regain the head space to think long-term and develop strategies that will survive exposure to hugely volatile business conditions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.