Implementing risk transformation in financial services
Data, analytics, and technology
Risk transformation can enable a financial institution to elevate risk management from a functional capability to an enterprise responsibility that permeates the entire organization. When that happens, every business, function, and individual becomes responsible for, accountable for, and capable of recognizing and addressing risks within their purview. Data, analytics, and technology are foundational elements in risk transformation.
Data, analytics, and technology as a cornerstone
As financial institutions cope with new regulatory and competitive challenges, some are finding their past approaches to be suboptimal, particularly in the area of data, analytics, and technology.
Key among those regulatory and competitive challenges are the following:
- Many regulations directly affect data, analytics, and technology
- Institutions need to optimize risk, not simply lower risk
- Costs are rising and profits are threatened
- Information technology (IT) has become a valuable enabler
Historically, many financial institutions have responded to new regulations with ad hoc, bolted-on, or piecemeal solutions. Such fragmented approaches have created gaps, overlaps, redundancies, and manual tasks which have in turn led to inefficiencies, increased costs, and even increased risks in control, reporting, and IT systems. Given today’s volume of regulatory demands, reactive efforts either won’t work or may likely be unsustainable.
The above trends signal the need for a far more integrated and strategic approach to data, analytics, and technology—in general—and in responding to regulatory change.
Fortunately, the need for aggregated views of risk is driving the breakdown of silos. Silos formed by organizational and technological barriers between and within finance, risk management, and the front office impede optimal compliance, risk management, and capital allocation. Barriers exist between finance and the treasury function (generally part of finance) and within risk management, for example between people monitoring credit, liquidity, market, currency, counterparty, and other risks.
While the fundamental rationale for change is regulatory compliance, forward-thinking leadership teams are taking regulatory demands as an opportunity to control compliance costs, lower the total cost of ownership (TCO) of technology, and realize operational efficiencies—while improving risk management and capital allocation. In addition, enhanced competitiveness and shareholder value can be expected over time.
This requires a transformative approach, with senior management, particularly the chief information officer (CIO) and chief risk officer (CRO), leading the way. Regulatory, strategic, operating, governance, risk management, and business needs have converged to make an unprecedented case for transformation in financial institutions. The regulatory demands are far-reaching, the need for risk-based decision-making pervasive, and the threat to competitiveness serious that institutions must take a transformative approach to risk.
Risk transformation is strategic rather than tactical, integrated rather than fragmented, and systematic rather than bolted-on. Anything less will likely waste resources as well as opportunities to position the institution for future growth and competitiveness.
The business case for transformation
It may be best for an organization to recognize the business case for transformation as distinct from the regulatory imperative. The two are intertwined in that compliance is not optional for the institution, which must meet the regulatory requirements and adjust business practices accordingly. Yet the case for business transformation of the data, analytical, and technology cornerstone goes beyond the regulatory imperative.
The business case rests on using regulatory demands as an opportunity to transform risk-related capabilities—not overnight, but over time as regulatory, operational, and risk-related needs, and the technologies, evolve. Thus the initiative may originate with the need to upgrade capabilities so as to meet regulatory requirements, but management should consider these needs in the context of the institution’s goals, business, and competitive position. That is, organizations should consider whether their risk transformation should aim not only to address regulatory issues, but to enhance insight, decision making, and competitiveness.
As noted, fragmented approaches to regulatory compliance often waste money and other resources, increase costs, and create gaps, redundancies, manual labor, and new risks. In contrast, an integrated, transformative approach may reduce the TCO of technology and optimize the cost of compliance. It can also lead to more streamlined and efficient business, data governance, and risk management processes.
The point of a transformative approach is to have, in addition to the regulatory imperative, a well-developed business case that permeates the organization’s approach to data, analytics, and technology. This enables the organization to go beyond compliance to break down silos and align business, risk management, and internal and regulatory reporting processes and to strengthen the three lines of defense (see sidebar). Sought-for results could include wider access to data and analytics at lower levels of the organization, views of aggregated risk positions at higher levels, and greater flexibility in terms of responses to marketplace and regulatory needs going forward.