8 Mar 2019
lawyer holding book leaning shelf library

Five objectives for the future of risk management

Authors

Cindy Doe

EY Americas Advisory Risk Leader

Seasoned financial services professional. Resides in Massachusetts with her husband and three children.

Amy Gennarini

EY Americas Financial Services Deputy Digital Risk Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.

8 Mar 2019

Financial services firms need their risk management teams to identify and embrace upside risk opportunity even as they mitigate downside risks.

Consumers want personalized offerings based on their immediate or near-term needs — a home equity line of credit for a growing family or a commercial loan for a small business. And they want these products delivered via highly transparent processes. Consumers largely trust digital leaders in other industries because of their transparency and the high-quality customer experiences those companies provide. Trust has become a new currency to derive value and loyalty.

Traditional risk management frameworks do not enable the business to innovate and pursue opportunities at the pace of the nimblest competitors. An adaptive approach builds risk intelligence into key processes and the supporting technologies so that the business can move quickly and safely, at every touch point and across every phase of the customer journey. Risk management strategies must also be established for all emerging technologies — the cloud, mobile apps and interfaces with third parties, including fintech collaborations.

Charting the right path forward

Technology isn’t the only element of effective risk management. Tomorrow’s risk management functions will also be notable for other skills and capabilities. The following five objectives should be considered when designing a vision for the future of risk management:

  1. Establish an adaptive risk governance framework

    An adaptive risk framework requires changes to traditional risk management models, though not necessarily drastic changes. For example, the need to control individual customer moments and long-term customer journeys requires a comprehensive, end-to-end view of both financial and nonfinancial risks on the part of the frontline business managers.

    Risk and compliance functions will also need to be embedded with business functions to keep up with product and service innovations, while at the same time managing and monitoring real-time risk, predictive business models and significant third-party interactions. Risk teams should provide insights and expectations that will help the business monitor overall effectiveness.
  2. Make sure you have the right skill sets on the team

    New skills — both “soft” and “hard” — will also be necessary. For example, firms will need people who can be dynamic and cover multiple risk topics (e.g., compliance, operational risk, resiliency), as well as individuals with expertise for specific types of risks (e.g., cloud, cyber or blockchain). Having the right skills at the table at the right time for the specific change will help in identifying new and emerging risks.
  3. Implement product and service management

    Achieving the vision of real-time product development with embedded risk controls requires that companies have technology that observes client actions in real time and triggers product and service mechanisms designed with a set of risk rules to instantaneously adjust product features (e.g., price or terms). Risk should collaborate with the business on the initial product design with the goal of identifying a comprehensive set of client attributes and behaviors related to key risk considerations. This step is necessary if banks are to quickly launch, scale and manage new, risk-informed products and services.
  4. Strengthen resiliency

    Resiliency, cybersecurity and privacy are critical considerations for both satisfying customer expectations about reliability and protecting brand reputations and information assets. Resiliency should be infused throughout the extended enterprise, including in the operations of third- and fourth-party vendors, especially critical vendors. Since preparedness is essential to resiliency, firms should conduct simulations under a variety of disruption or crisis scenarios.
  5. Harness data intelligence and architecture

    Risk functions need a robust foundational platform that integrates with a broader governance, risk and compliance ecosystem. The goals are to use data more effectively and streamline risk management processes. For example, such platforms can support automated risk monitoring and data models for improved business intelligence and decision-making.

Summary

The need to engage customers at key moments and the imperative to build trust are reshaping the conjoined futures of banking and risk management across financial services. As organizations transform their business models in response to tech-driven disruption and changing customer expectations, risk management functions must also reconfigure their approach and capabilities. While many moving parts exist — technology, processes, people and organizational/cultural factors among them — risk management leaders must manage this evolution proactively. 

About this article

Authors

Cindy Doe

EY Americas Advisory Risk Leader

Seasoned financial services professional. Resides in Massachusetts with her husband and three children.

Amy Gennarini

EY Americas Financial Services Deputy Digital Risk Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.