ey colleagues brainstorming in tech start up office

How UK financial services risk teams can transform to thrive

Authors

  • Nitin Srivastava

    EY UK Risk and Regulatory Transformation Leader

  • Prateek Bhola

    Director, Financial Services Risk Consulting, Ernst & Young LLP

  • Shankar Mukherjee

    EY UK Prudential and Financial Risk Leader; Partner, Financial Services Consulting, Ernst & Young LLP

  • David Williams

    EY UK Banking & Capital Markets Technology Consulting Leader

  • Rachel Collins

    EY UK Financial Services Organization and Workforce Transformation Leader; Director, People Consulting, Ernst & Young LLP

8 minute read 06 Sep 2023
Related topics
Financial services
Banking and capital markets

Financial services risk teams must embrace risk transformation, using a human-centred approach with the right capabilities in place.

In brief

  • Risk teams are facing constant disruption, at the same time as they are expected to be more strategic to help meet firmwide growth objectives.
  • Risk transformation begins by taking a strategic and holistic overview of risks, and how they interact, whilst delivering transformation that is people-led.
  • UK CROs must focus on having the right talent and technology in place, giving them the tools to transform and add strategic value to the business.

The need to transform risk management operations within UK financial services (FS) was already pressing pre-pandemic. Institutions were grappling with numerous emerging types of risk, such as the increasing threat of cyber risk and technology resilience, the implications of Brexit, decarbonisation and crypto, alongside more traditional challenges around market, credit, conduct rules, regulatory changes and heightened regulatory scrutiny. 

In the last few years, UK risk teams have had to deal with an incredibly complex and fast-changing environment. The pandemic and subsequent change to working arrangements, high inflation and the volatile geo-political environment post-Brexit are all areas where financial institutions (FIs) are looking to chief risk officers (CROs) to come to the fore. CEOs need their risk function to be a strategic enabler, giving insight and perspective to help meet firm’s strategic objectives whilst managing an acceptable risk profile, and designing and implementing a strong control framework.

The shift to a strategic enabler of business

The traditional view of the risk management process was focussed on historical rather than future challenges and took a siloed approach to risk. Today’s risk functions are increasingly being seen as key strategic enablers to sustainably grow the business, providing insight on how organisational objectives can be met rather than just opining on what can and cannot be done. This evolution makes the role of a risk manager increasingly demanding and complex, not least as the risk landscape grows ever more complex with overlapping and correlated risks. 

The recent EY and the Institute of International Finance (IIF) survey¹ of banking CROs found they face an extraordinary volume and variety of risks – traditional and emerging, external and internal – nearly all of which seem to be increasing in urgency. To be prepared for risk transformation, we see three key areas that are fundamental to success:

  • A strategic transformation mindset.

  • Leadership that puts humans at the centre of transformation.

  • Having the right tools for a high-performance risk function – talent, technology and resilience by design.

Risk management teams will need to help build the capability to think and work across traditional risk silos. This needs a change in culture as much as a need for new skills along with the capabilities, tooling to support risk managers in decision-making. 

A risk function with a strategic transformation approach

Demonstrating how risk adds strategic value requires a shift in approach around the role and scope of risk, which is often viewed only from a control and efficiency prism. Risk leaders need to have a strategic transformation mindset and value-driven approach to realise tangible benefits for the business. This involves looking at all transformation and change initiatives in the pipeline in their entirety rather than in isolation. It also means evaluating their alignment to the firm’s strategic objectives to determine their strategic value. This holistic approach has some key advantages:

  • Set up for success: By using a portfolio view of current and upcoming transformation, institutions can help ensure they have built sufficient capacity and capability for success. A firm’s resource capacity and technical infrastructure planning done at this strategic level will be notably more impactful. For example, it can free up experienced risk managers to own/lead key transformation initiatives that are interconnected in outcomes.

  • Timing it right: Mobilising using a portfolio view with clear outcomes and prerequisites should help firms get the timing right when looking to manage a high number of transformation projects. Mobilising too early may result in transformation stalling, whereas moving too late is likely to lead to excessive pressure to meet deadlines, resulting in lower value “tactical” fixes. We have seen this impact across FIs over the last few years, as they juggled several simultaneous risk priorities (i.e., Brexit, regulatory remediations, operational resilience, conduct and culture).

  • Communicate - take the firm on the journey: A strategic detailed view allows senior leadership to regularly communicate the purpose, value, progress, and successes of transformation initiatives, keeping employees motivated and engaged. 

That shift in approach must be backed up by effective performance in transformations. EY teams conducted cross-sector research with Oxford University to understand the human-centric drivers of success in transformation. They found 67%² of senior leaders have experienced at least one underperforming transformation in the past five years. The research also found organisations that put humans at the centre of their transformation journeys are 2.6 times more likely to be successful than those that do not (73% change of success versus only 28%).  

A risk function with the tools and skills to transform.

The third element to success is a risk function that is equipped for success:

  • Talent: Risk teams need expertise across an ever-increasing scope – including sustainability, technology (including cloud, machine learning and artificial intelligence (AI)), hybrid working, culture and new regulatory expectations such as the Financial Conduct Authority’s (FCA) Consumer Duty. Data analytics, data science and climate change skills are particularly in-demand. In the UK, the demand for technical skills is around 20% short of supply³. In fact, around one in eight UK FS roles is a tech role – double the proportion compared to the rest of the UK economy.

Banks have adopted a range of approaches to manage their talent and skills gaps, from reviewing reward and compensation, to offering flexible work arrangements. Equity, transparency, and inclusion are critical to retention programmes and intervention frameworks that help retain key risk talent. Leaders need to be creative about engaging with risk employees at all levels and listening to which approaches will be most impactful to their experience. This remains a key challenge, illustrated by a respondent to the 12th annual EY/IIF global bank risk management survey, who said: “Our function has often valued narrow, professional, and deep technical skills. The kinds of people who can balance broad complexity are few and far between”.

Our function has often valued narrow, professional, and deep technical skills. The kinds of people who can balance broad complexity are few and far between.

12th annual EY/IIF global bank risk management survey respondent

Related content

Four steps to embed operational resilience in financial services

UK financial services firms are focused on making their operational resilience plans a reality ahead of the March 2025 deadline. Read now.

Will Packard

    • Digitisation and adoption of new technology/data and analytics: As institutions look to digital for future growth, increased operational efficiency and stronger controls, CROs will have a major part to play. For example, there are significant risk around moving into the cloud, with HM Treasury proposing new safeguards4 that could impact FS firms. Risk teams’ insights will also be needed as firms automate more and further use data to generate insights. 

    The risk function itself will not only need to mitigate the risks technology brings, but also embrace the increasingly digitised landscape to be more impactful. For example, using AI to capture internal and external structured and unstructured data and being able to drive meaningful insights for decision-making purposes. This can then be combined with advanced analytics, to identify risks, even determining patterns and correlations between interdependent risks.

    • Implement resilience by design: Organisations realise even the best controls cannot prevent failure and that having a “Plan B” is paramount to a successful recovery.  The FCA has introduced new rules around operational resilience5, asking FIs to assume failure will occur, and take an external view on the impact of a disruption to the end user. Key to this is resilience by design6. By designing services, processes or systems to be resilient in case of failure, risk teams can ensure the delivery of outcomes even through disruption. This will lead to better customer outcomes and satisfy regulators requirements also. 

    Soofia Noor, Senior Manager, UKI Risk and Compliance Technology Solutions, Ernst & Young LLP and Kirsty Smith, Manager, Tax, People Advisory Services, Ernst & Young LLP were part of the team who contributed to develop this article.


    How EY can help

    Related content

    8 areas of change for financial services regulatory policy in 2023

    The EY 2023 Global financial services regulatory outlook highlights eight areas where policies are changing within the context of increased regulation. Read more.

    Christopher Woolard CBE + 2

    How do you harness the power of people to double transformation success?

    Read about how EY and the University of Oxford explored the emotional cost of failed transformations and what it takes to get them right.

    Errol Gardner + 2

    How bank CROs are responding to volatility and shifting risk profiles

    The EY/IIF global bank risk management survey shows that banks must manage multiple interconnected risks and the impacts of external events.

    Jan Bellens + 2

      Summary

      The scope of risk transformation is vast and evolving at a rapid pace. Whilst challenging, it presents chief risk officers with an opportunity to go beyond their traditional remit. They can support product and service innovation by collaborating in the design of new digital offerings and sharing their expertise on upside risk, rather than only “policing” such activity. This new role needs to be supported by leadership, to ensure successful transformations and to create a risk function that has the right talent, optimised processes, data insights and leading-edge technology to succeed.

      EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.