How risk management can move from analog to digital

Financial services is evolving quickly, and the way firms manage risk has to keep up.

Massive global trends are forcing fundamental change in what and how services and products are delivered to financial services customers and clients, and which firms provide those services.

To keep up, risk management will have to move from analog to digital – if it hasn’t already. At the heart of the new paradigm is adaptive digital risk management — incorporating management of risks associated with the digital transformation from the front- to back-office (digital risk management), as well as fully testing and deploying digital strategies to better manage risk (digitizing risk management).

Boards, senior management, the chief risk officer and other key executives will have to address four key risk imperatives.

You can download the full report here (pdf).

1. Leveraging risk management to enable business transformation and sustained growth
   
   Risk management professionals have to work with the business in managing through a digital transformation to properly address new risks and identify and grasp growth opportunities presented by industry change. This will require the risk group and its processes to change so, collectively, risk management accelerates risk decisions.
   
   A strong, two-way collaboration is required.
   
   
2. Adapting to a risk environment and risk profile that is rapidly evolving
   
   Risk management has to stay in the moment, keeping a keen eye for immediate changes in market or firm conditions, and focus to the future to spot emerging or long-term risks and opportunities. It has to stay sensitive to financial and nonfinancial risks that are here today and that might emerge tomorrow.
   
   
3. Delivering risk management effectively and efficiently
   
   It’s a balancing act between effectiveness and efficiency. Emphasizing one over the other carries its own risks. Newly digitized processes such as automated underwriting and credit approvals may speed and improve decision-making, but regulatory and supervisory requirements and ever-changing and challenging customer expectations for transparency and fairness still need to be met.
   
   
4. Managing through and recovering from disruptions
   
   Risk management can help accelerate efforts to simulate crises to build muscle memory across the organization, especially at senior management and board levels. Testing contingency and crisis-management processes is important, but even more so is getting senior leaders used to making decisions in crisis situations, no matter what type of event. To learn more about emerging continuity factors, refer to “Managing through crises: preparation is key.”

Converting from analog to digital risk

Digital is a culture, a new way of thinking and behaving. Being digital is about transforming one’s business at its core, including risk management processes, people, technology and how the firm operates. Companies have to reinvent their operating model and extended ecosystem; this is not simply investing in new technology.

Inevitably, risk management processes and operations need to be nimble, evolving and able to turn elevated amounts of data into actionable risk intelligence. For many organizations, risk and compliance operations are unable to keep up with the pace of change because of the manual, inefficient and typically siloed operations, and are unable to leverage the data available across the organization, resulting in an inability to fluidly capture and manage risks effectively. Thoughtful streamlining of operations and broad-based use of technology will enable risk management to be more responsive to the ever-evolving business environment.

5 core areas of digital risk management

1. Adaptive digital risk governance
   
   Risk management of the future will need to be more adaptive to new and emerging risks, and build adaptiveness into core risk management disciples, such as risk strategy, risk identification and assessments, risk appetite and limits management, and the firm’s overall risk operating model and culture. A strong three-lines-of-defense model will remain a core foundation to strong risk management in a digital world.
   
   
2. Product and services management
   
   Properly governing, as well as integrating risk management processes and controls into the design and implementation of new products, services and business processes, is an essential part of implementing digital risk management.
   
   
3. Resiliency and trust
   
   Digital risk management requires firms to infuse resiliency, cybersecurity and privacy into the design of platforms and products, as well as into the extended enterprise through third- and fourth-party vendors. This will call for a transformation of how third-party risk management conducts its full life cycle of activities, from pre-onboarding, due diligence, through to monitoring onboarded vendors, to offboarding.
   
   
4. Platform, data and infrastructure
   
   Getting technology and data foundations right is key.
   
   Core, central capabilities provided by a platform and connected data sources (e.g., so-called “data lakes”) allow for quicker integration of customer, transaction and risk management data into decision-making processes.
   
   
5. Agile decisions
   
   Nimble and smart controls within digitized processes and transformation programs have to be responsive to evolving risks and environmental factors, and self-adapt to learn and improve. The firmwide control strategy will have to be fundamentally redesigned across the three lines of defense, particularly as it relates to first-line risk management.