6 minute read 1 May 2019
man reaching toward air traffic control screen

Five actions to achieve adaptive risk management

Cindy Doe

EY Americas Consulting Risk Leader

Seasoned financial services professional. Resides in Massachusetts with her husband and three children.

Amy Gennarini

EY Americas FSO Risk Technology Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.

6 minute read 1 May 2019

Show resources

  • Moving from analog to digital - A new paradigm for risk management (pdf)

The forces reshaping the financial services industry demand new thinking and approaches from risk management.

This article is part of a collection of insights about trust by design

Rising customer expectations for speed, transparency and personalization. Digital disruption. Threats from nontraditional competitors. Proliferating cyber threats.

As these forces reshape the financial services industry, they demand new thinking and new approaches from risk management teams. (Download the PDF.) Forward-looking risk executives are leading a pivot toward more strategic and business-enabling perspectives that focus on innovation and consumer trust, without losing sight of the primary objective of protecting the enterprise.

The broader idea behind this evolution is that banks need their risk management teams to identify and embrace upside risk opportunity and help the business take advantage of these opportunities, while still mitigating downside risks and outside risks such as geopolitical instability and climate change. Highly informed risk intelligence must be embedded at the forefront of business strategies that are based on stronger, deeper, trust-based relationships with consumers.

Compared to risk management’s role in the immediate aftermath of the financial crisis, which emphasized regulatory compliance and a more defensive posture, the shift to business enablement and consumer trust represents profound change.  

Financial service firms are seeing disruption, either on the horizon or at the front doorstep, and they are seeing the change cycle growing shorter. The risk function is really evaluating what this means to their firm.
Cindy Doe
EY Americas Consulting Risk Leader

Striking the balance between growth strategies and brand protection requires the embedding of risk management principles and insights into strategic decision-making. It also means risk teams must develop digital capabilities to harness risk intelligence across the enterprise.

Such a vision equates to adaptive digital risk management, an approach well suited to addressing the new risks brought on by digital disruption and the imperative to build trust with consumers. However, to make the vision a reality, banks must ensure they have the right talent, right operating model and processes, and right technology to operationalize adaptive digital risk management.

Why trust matters and how to achieve it through transparency

Trust is the bedrock of the financial services industry. It’s essential to winning and retaining customers and creating value. Many components or elements are necessary to build and sustain trust, including:

  • Strong risk management – both financial and operational
  • Focus on customers’ best interests through suitability of products, privacy and protection of their personal data
  • Security and resiliency to protect consumers’ assets, which will be the focus of cyberattacks

These components are just a baseline, however. Today’s consumers also want personalized offerings based on their immediate or near-term needs — a home equity line of credit for a growing family or a commercial loan for a small business. And they want these products delivered via highly transparent processes.

Banks that can deliver such transparency and personalization will win the trust of consumers, who have learned to trust digital leaders in other industries thanks to high-quality customer experiences. In this sense, trust has become a currency to derive value and loyalty from customers.

Such a strategic view of trust doesn’t necessarily align to traditional risk management frameworks. Consider how many risk practices limited the ability of the business to innovate or launch new products at the pace of the nimblest competitors.

Trust by design is EY’s adaptive risk management approach that is designed to enable such acceleration. It builds risk intelligence into key processes and the supporting technologies so that the business can move both more quickly and more safely.

The key is to embed that intelligence at every touch point and across every phase of the customer journey, as well as for all emerging technologies — the cloud, mobile apps and interfaces with third parties, including collaborations with FinTechs.

Firms that evolve their risk thinking to be more adaptive and trust-oriented will gain a leg up on the competition. An integrated risk operating model, such as Trust by design, with its automated processes, advanced technology and toolsets — including artificial intelligence (AI) and machine learning — is necessary to simultaneously deliver what customers want and remain within the risk appetite.

Charting the right path forward

Tomorrow’s high-performance risk management functions will be notable for skills and capabilities beyond technology. The following five steps should be considered when designing and deploying an adaptive risk management vision for the future.

Financial services firms that follow these key actions will build in trust by design into their processes.

1.      Update the risk governance framework to be more adaptive

Taking on an adaptive risk framework requires changes to traditional risk management models, though not necessarily drastic changes. For instance, front-line business managers will a need comprehensive, end-to-end view of both financial and nonfinancial risks if the company is to control individual customer moments and long-term customer journeys.

Risk and compliance functions should embed with business functions to understand and help design the latest product and service innovations.  Designing risk into the product and services enables for the automation of future monitoring once the change is in production.

They will need such engagement to manage and monitor real-time risk, predictive business models and significant third-party interactions. Another updated role for risk teams is to provide insights and expectations to help the business monitor overall effectiveness.

2.      Make certain that the team has the right skill sets

New skills — both “soft” and “hard” — are necessary for new risk management approaches. For example, firms will need people with the skills and knowledge to cover across risk topics (e.g., compliance, operational risk, resiliency) to manage the customer journey, and for specific types of new risks (e.g., cloud, cyber or blockchain). Having the right skills at the table at the right time for specific changes will help in identifying new and emerging risks.

3.      Deploy product and service management capabilities

Embedding risk controls within real-time product development processes requires that companies have technology to track client actions in real time, with automated triggers for product and service mechanisms that are designed with a set of risk rules to instantaneously adjust product features (e.g., price or terms).

Risk leaders should also collaborate with the business on initial product designs. The goal should be to identify a comprehensive set of client attributes and behaviors that map to key risk considerations.

Such insights are necessary for banks to quickly launch, scale and manage new, risk-informed products and services. 

4.      Strengthen resiliency

Resiliency, cybersecurity and privacy are critical considerations for both satisfying customer expectations about reliability and protecting brand reputations and information assets. Resiliency should be infused throughout the extended enterprise, including in the operations of third- and fourth-party vendors, especially critical vendors.

 Since preparedness is essential to resiliency, firms should conduct simulations under a variety of disruption or crisis scenarios.

5.      Adopt data intelligence and more advanced architectures

There is little doubt that risk functions will seek to use data more effectively and automate more processes in the future. To do so, they will need a robust foundational platform that integrates with a broader governance, risk and compliance ecosystem.

Such platforms can enable more automated risk monitoring and support stronger data models for improved business intelligence and decision-making.

Bottom line: trust-driven growth requires a new model

The need to build trust and engage consumers at critical moments is reshaping the future of risk management across financial services. As business models evolve in response to tech-driven disruption and rising customer expectations, risk management functions must similarly transform their approach and capabilities.

While there are many moving parts — including technology, processes, people, and organizational and cultural factors — for risk management leaders to manage in this evolution, the first-order goal of building trust with more demanding customers should serve as a guide on the journey ahead.  At EY, we believe that journey begins with trust by design.


Adaptive risk management or trust by design, addresses two key challenges in financial services. The first is thinking about digitizing risk management and its processes, and the second is managing risks to the entire firm as it becomes more digital.

About this article

Cindy Doe

EY Americas Consulting Risk Leader

Seasoned financial services professional. Resides in Massachusetts with her husband and three children.

Amy Gennarini

EY Americas FSO Risk Technology Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.