Risk management in a digital world
At the heart of the new paradigm is adaptive digital risk management incorporating management of risks associated with digital transformation from the front to back office (digital risk management), as well as fully testing and deploying digital strategies to better manage risk (digitizing risk management).
We see the following five core elements of digital risk management:
1. Adaptive digital risk governance: Risk management of the future will need to be more adaptive to new and emerging risks and build adaptiveness into core risk management disciplines, such as risk strategy, risk identification and assessments, risk appetites and limits management, and the firm’s overall risk operating model and culture. A strong three-lines-of-defense model will remain a core foundation of strong risk management in a digital world. Accountability must be palpable, from the board level through to management and down to every employee.
2. Products and services management: Properly governing and integrating risk management processes and controls into the design and implementation of new products, services and business processes are essential parts of implementing digital risk management. This enables faster innovation and mitigation of risks through the establishment, or use, of new platforms, that is, new data capabilities and different technical environments (such as the cloud or distributed ledger) and the use of artificial intelligence in decision-making, surveillance and processing.
3. Resiliency and trust: None of the core elements above mean anything if firms aren’t dependable — customers want reliability, access and protection. Digital risk management requires firms to infuse resiliency, cybersecurity and privacy in the design of platforms and products, as well as in the extended enterprise through third- and fourth-party vendors. This will call for a transformation in the way third-party risk management conducts its full life cycle of activities, from pre-onboarding due diligence and through to monitoring onboarded vendors and to offboarding. The management of critical vendors — those supporting crucial business processes or whose disruption would have system-wide impacts — will need to change the most.
4. Platform, data and infrastructure: Core, central capabilities provided by a platform and connected data sources (so-called “data lakes”) allow for quicker integration of customer, transaction and risk management data into decision-making processes. Together, this will uncover new opportunities to meet evolving customer expectations and drive value, as well as enable better risk management through improved data-driven insights.
5. Agile decisions: Embedding risk management activities into the design and execution of the customer journey and related business processes will allow risk management professionals to validate that the right controls and risks are being considered, as well as help them identify how the digital engagement of customers could enable faster and more effective risk decision-making. Nimble and smart controls within digitized processes and transformation programs have to be responsive to evolving risks and environmental factors, and self-adapt to learn and improve.
Accelerating digital transformation: four imperatives for risk
Our ninth annual bank risk management survey focuses on four imperatives that boards, senior management, CROs and other key executives will have to address to gain a competitive advantage, maintain trust and successfully achieve their digital transformation ambitions according to data insights from 74 banks across 29 countries.
For survey insights, download the complete report.