Converting from analog to digital risk
Digital is a culture, a new way of thinking and behaving. Being digital is about transforming one’s business at its core, including risk management processes, people, technology and how the firm operates. Companies have to reinvent their operating model and extended ecosystem; this is not simply investing in new technology.
Inevitably, risk management processes and operations need to be nimble, evolving and able to turn elevated amounts of data into actionable risk intelligence. For many organizations, risk and compliance operations are unable to keep up with the pace of change because of the manual, inefficient and typically siloed operations, and are unable to leverage the data available across the organization, resulting in an inability to fluidly capture and manage risks effectively. Thoughtful streamlining of operations and broad-based use of technology will enable risk management to be more responsive to the ever-evolving business environment.
5 core areas of digital risk management
- Adaptive digital risk governance
Risk management of the future will need to be more adaptive to new and emerging risks, and build adaptiveness into core risk management disciples, such as risk strategy, risk identification and assessments, risk appetite and limits management, and the firm’s overall risk operating model and culture. A strong three-lines-of-defense model will remain a core foundation to strong risk management in a digital world.
- Product and services management
Properly governing, as well as integrating risk management processes and controls into the design and implementation of new products, services and business processes, is an essential part of implementing digital risk management.
- Resiliency and trust
Digital risk management requires firms to infuse resiliency, cybersecurity and privacy into the design of platforms and products, as well as into the extended enterprise through third- and fourth-party vendors. This will call for a transformation of how third-party risk management conducts its full life cycle of activities, from pre-onboarding, due diligence, through to monitoring onboarded vendors, to offboarding.
- Platform, data and infrastructure
Getting technology and data foundations right is key.
Core, central capabilities provided by a platform and connected data sources (e.g., so-called “data lakes”) allow for quicker integration of customer, transaction and risk management data into decision-making processes.
- Agile decisions
Nimble and smart controls within digitized processes and transformation programs have to be responsive to evolving risks and environmental factors, and self-adapt to learn and improve. The firmwide control strategy will have to be fundamentally redesigned across the three lines of defense, particularly as it relates to first-line risk management.