We see four key areas where new tools can help senior managers enhance their firm’s accountability:
1. Build new frameworks for new technologies
As technology changes the nature of risk and accountability, risk frameworks should expand to include the identification, monitoring and management of potential adverse outcomes of machine-generated decisions. Clarifying and documenting accountability around these, as well as approaches to investigating adverse events and communicating the lessons learned from them, are key elements. Technology is moving lightning fast – and errors can occur, and spread, just as quickly. It’s vital that response mechanisms can keep the pace.
2. Embed accountability in risk control improvements in the 3LoD model
Our 2018 EY/IIF global bank risk management survey shows that most banks are undergoing an accelerated transformation driven by a technological revolution and highlights several key areas that also make a crucial contribution to the accountability obligation:
- Embedding balanced risk-taking and risk discipline into businesses
- A digital transformation of risk management; enabling risk management through automation, machine learning and artificial intelligence
- The 3LoD model; developing its operation and roles
3. Document third-party processes
As third parties play a bigger role in the operations of financial institutions, documenting responsibilities and implementing contingency planning will become critical tenets of the new accountability mandate. This is not just good practice but essential – the latest European Banking Authority guidelines recommend these records be available to the regulator.
Documenting core processes from end to end, especially when they cross institutional boundaries, helps contain systemic risk by enabling regulators to define accountability for specific process components and show clearly where and when the handoffs between institutions occur. For institutions, this mapping is undoubtedly an onerous task but one that brings benefits in the long term. Senior leaders are discovering the value of closely monitoring the process risks for which they or their firms are accountable and determining how information needs to be shared with other players in the process chain, as well as with regulators.
Many institutions fail to consider the need for change or exit strategies in relationships with third-party vendors. The importance of these can’t be underestimated when outsourcing models are evolving fast and complexities around the use of technologies, the cloud and data lakes are growing.
4. Apply technology to improve accountability
Advancing technologies including the cloud have huge potential to deliver an even greater level of accountability than has been embedded in systems and processes up until now. For example, a recent market study by the UK’s FCA found many direct-to-consumer (D2C) investment platforms currently lack effective best-execution monitoring and may even be noncompliant with basic investor protections. Integrating and enhancing monitoring capabilities could strengthen the integrity of the platform and help management demonstrate greater oversight of the product and how it reinforces positive outcomes for customers.
Cases like this highlight how individual institutions and the sector as a whole should consider how the tangible cost of technology development may well be outweighed by the less tangible benefit of more demonstrable product accountability together with the avoidance of future fines for rule breaches.
Transformation and governance are interconnected
Technological transformation will impact both a financial institution’s operating model and its governance – the two are interconnected. It makes sense then that however a firm progresses its adoption of digital processes to better manage risk, embedding accountability measures that keep pace with change across the business and third-party providers is critical.