Posted: 24 Jan. 2023 5 min. read

The business case for Risk Transformation – ”Are you leaving value on the table?”

Leaving value on the table

Whilst there is emerging positive news on the current macro-economic climate, there remains uncertainty about the future in terms of growth and profitability. The pandemic changed many of the assumptions in the way financial services institutions (FSIs) operate and adaptability to retain stability of operations has gained prominence. Some of this has been inevitable, such as proliferation of remote working and hybrid working models, and others such as rethinking the operating models to be dynamic and resilient and to capture value have become differentiators.

Risk leaders have always grappled with how to delicately balance executing core risk activities, assessing emerging and future risks, and bridging the gap between the business and risk functions. Demonstrating the risk value-add is often not straightforward as the measurement is not defined by top-line or bottom-line metrics. Whilst all FSIs understand the need for a strong and robust organisation, risk can still be seen as a ‘cost’ rather than a ‘driver of value’. Of course, the risk culture embedded within the organisation and the maturity of its processes are factors. Increased regulatory focus on culture on the back of several high-profile incidents in recent years show the importance of risk culture as a ‘risk’ that needs to be effectively managed. Firms that understand this well and have risk management ingrained in their front-to-back processes generally tend to do better in the long run.

Risk organisations saddled with outdated operating models, inefficient processes and systems, and lack of digitalisation can cause the function to operate sluggishly. The lingering question remains around how to build an efficient, digitally savvy future risk organisation that can not only robustly manage risk but also be nimble and dynamic to be able to respond to an ever-changing operating environment. Whilst there is no silver bullet, risk executives can think about building their organisation in terms of the value proposition of each of the activity that they engage in.

Historically, the question, and subsequent focus as it relates to any transformative journey is on ‘what is the value-add of any change?’ But, perhaps, the right question to ask is ‘what is the unrealised value by not transforming today to meet the challenges of tomorrow?

Transformation underpinned by accessing unrealised value

Several structural trends such as compressed margins, need for real-time and trusted source of information, and emergence of new risk domains are providing the impetus for transformation across the financial services sector. Adapting to changing regulatory landscape in the face of the Edinburgh Reforms ,which are aimed at driving growth and competitiveness in the UK financial services sector continue to pose challenges for developing efficient compliance processes. At the same time, changing customer expectations of services coupled with the advancements in banking technology have disrupted traditional service delivery models. Consequently, risk functions need to manage a whole new set of risk types which require an updated toolkit and skillset. Whilst several new tools are available that allow a risk manager the ability to deal with these new risk paradigms, cost pressures remain the limiting factor. As a result, cost optimisation initiatives drive the Transformation agenda generally.

Perhaps, counter intuitively, the smarter approach to transformation would be to release unrealised value through operating model re-design, deployment of new technologies, automation, and superior data management capabilities. In structuring the transformation agenda to smartly redeploy resources within the organisation to achieve effective risk management and efficiency of operations, value can be captured and can permeate to other parts of the organisation.

So, what can risk functions do?

The leading firms are deploying a capability-led approach to prioritising the risk investment areas to drive differentiation and competitive advantage. An optimised risk organisation of the future is one that has a clearly defined services catalogue in accordance with the core mandate and regulatory expectations, an optimized resourcing structure and/or operating model for delivering services with right level of skills, experience, and accountability and one that is supported by an ecosystem of digital tools and services that can operate seamlessly across the organisation.

Such a risk function will be able to adapt to changing market conditions easily, deliver valuable risk insights that translate into better risk management, and operate as a trusted partner in achieving business goals and strategies.

Risk ‘Beneficiation’*

Risk transformation is a core competency that bolsters the function’s ability to deal with market volatility and continuously evolve and accelerate in an ever-changing operating environment. The transformation should expand the traditional view of risk and habituate people across the organization to identify and understand threats and opportunities. What this means in simple terms is to capture the value generated along the risk services chain such that human resources are utilized to interpret data and develop commercial insights (top of the value chain) and technology is deployed for sourcing, reconciliation, and reporting (bottom of the value chain). As a result, there is a process of beneficiation of the risk processes which enriches the risk information at each stage through both use of specialised risk professionals and advancement in technology. The right mix of both will ensure value is added in each step of the risk process. As an example, a UK High Street Bank realised significant benefits by introducing a cloud-based data lake to consolidate all 1st and 2nd line risk data into a single source, reducing manual processing within operations and freeing resources to perform more value-add work devoting more time on risk identification and analysis.

Ultimately, beneficiation of risk will identify opportunities to integrate fragmented processes, automate manual work, eliminate redundancies, and introduce operational synergies.

Looking to the future - Risk as a Service (RaaS)

In recent years, the concept of the risk function providing services in a manner similar to that of software services has started to take shape. Rethinking risk as a ‘service’ is not merely about automating a suite of risk capabilities such as risk identification, controls assessments, regulatory compliance, and reporting but re-imagining the way in which risk management activities are undertaken to deliver greater collaboration with the 1st line functions, discovering synergies pan organisation, and enabling the function to be able to adapt and respond effectively to changing environments. Surely, these changes will be underpinned by a cost optimisation consideration given the downward trajectory of margins, tightening regulations, and emerging competition from fintech companies. However, looking at this service model only from a cost lens will risk long term sustainability of the Transformation initiatives.

What is needed is a holistic review of risk activities and services to identify an operating model that can manage all constraints proactively, working with the business to assess strategy using analytical capabilities, and solving the challenges of legacy technology, poor data quality, and lack of integrated processes across 1st and 2nd lines effectively. Services or activities that can be streamlined and integrated should be identified and ‘packaged’ as a service provider and core risk function should be seen to work in tandem with the business in executing the overall strategy.

Risk Transformation Blog Series 

In our previous blog posts, we discussed the market drivers witnessing the rising Transformation trend. In keeping up with that theme, over the course of this blog series, we will explore in more detail each of the facet of Risk Transformation: make up of next-gen risk organisation including skillset and traits, identification and management of emerging risks, data, technology, and operating model re-design while highlighting concepts and practical applications at clients as well as challenges in implementation.

*Beneficiation: Borrowing from the mining industry, beneficiation is the process of additive value in each step of the mineral refinement, extracting the unique mineralogy of iron ore deposits; similarly risk beneficiation as a concept is to extract unrealised value in each facet of risk processes, delivering an end-to-end transformative value proposition.

Author
 

Sharath Ragunathan

Director in Risk Advisory

Key Contacts

Stephen Lucas

Stephen Lucas

Partner

Stephen is a Partner in the Risk Advisory Group in the UK focusing on non-financial risk. He has over 20 years’ experience in the financial services sector, qualifying as a chartered accountant in 1998 and since then focusing on risk consulting assignments, particularly operational, enterprise risk, risk operating models and risk culture. Stephen leads our non-financial risk including risk culture proposition having worked with a wide range of organisations across these areas.

Andrew Berry

Andrew Berry

Director

Andrew helps organisations transform their risk and compliance processes through innovation, disruptive technology and better understanding of their future target operating model. His current areas of focus include: AI and machine learning and development of our Document Intelligence solution Running major advanced analytics programmes and labs for clients Co-lead of our Future of Risk & Compliance initiative and driving the development of the optimal future target op model Data strategy definition and execution Retail, Corporate, Commercial & Business Banking, Investments and Insurance Big Data Analytics and the value innovation can deliver via high performance analytics and opensource cloud-based capabilities Experience across Customer Experience, Risk, Lending, Marketing He has extensive experience in both the industry and advisory, with a background in IT, but more recently in risk. He has worked in a number of industries, but for the last 15 years has been focussed on Financial Services, working with clients in the UK and globally.