5 minute read 1 Oct 2018
woman taking pictures sitting blue door

How risk management can move from analog to digital

Authors

Cindy Doe

EY Americas Financial Services Digital Risk Leader

Seasoned financial services professional. Resides in Massachusetts with her husband and three children.

Amy Gennarini

EY Americas Financial Services Deputy Digital Risk Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.

5 minute read 1 Oct 2018

Financial services is evolving quickly, and the way firms manage risk has to keep up.

Massive global trends are forcing fundamental change in what and how services and products are delivered to financial services customers and clients, and which firms provide those services.

To keep up, risk management will have to move from analog to digital – if it hasn’t already. At the heart of the new paradigm is adaptive digital risk management — incorporating management of risks associated with the digital transformation from the front- to back-office (digital risk management), as well as fully testing and deploying digital strategies to better manage risk (digitizing risk management).

Boards, senior management, the chief risk officer and other key executives will have to address four key risk imperatives.

You can download the full report here.

  1. Leveraging risk management to enable business transformation and sustained growth

    Risk management professionals have to work with the business in managing through a digital transformation to properly address new risks and identify and grasp growth opportunities presented by industry change. This will require the risk group and its processes to change so, collectively, risk management accelerates risk decisions.

    A strong, two-way collaboration is required.

  2. Adapting to a risk environment and risk profile that is rapidly evolving

    Risk management has to stay in the moment, keeping a keen eye for immediate changes in market or firm conditions, and focus to the future to spot emerging or long-term risks and opportunities. It has to stay sensitive to financial and nonfinancial risks that are here today and that might emerge tomorrow.

  3. Delivering risk management effectively and efficiently

    It’s a balancing act between effectiveness and efficiency. Emphasizing one over the other carries its own risks. Newly digitized processes such as automated underwriting and credit approvals may speed and improve decision-making, but regulatory and supervisory requirements and ever-changing and challenging customer expectations for transparency and fairness still need to be met.

  4. Managing through and recovering from disruptions

    Risk management can help accelerate efforts to simulate crises to build muscle memory across the organization, especially at senior management and board levels. Testing contingency and crisis-management processes is important, but even more so is getting senior leaders used to making decisions in crisis situations, no matter what type of event. To learn more about emerging continuity factors, refer to “Managing through crises: preparation is key (PDF).”

Converting from analog to digital risk

Digital is a culture, a new way of thinking and behaving. Being digital is about transforming one’s business at its core, including risk management processes, people, technology and how the firm operates. Companies have to reinvent their operating model and extended ecosystem; this is not simply investing in new technology.

Inevitably, risk management processes and operations need to be nimble, evolving and able to turn elevated amounts of data into actionable risk intelligence. For many organizations, risk and compliance operations are unable to keep up with the pace of change because of the manual, inefficient and typically siloed operations, and are unable to leverage the data available across the organization, resulting in an inability to fluidly capture and manage risks effectively. Thoughtful streamlining of operations and broad-based use of technology will enable risk management to be more responsive to the ever-evolving business environment.

5 core areas of digital risk management

  1. Adaptive digital risk governance

    Risk management of the future will need to be more adaptive to new and emerging risks, and build adaptiveness into core risk management disciples, such as risk strategy, risk identification and assessments, risk appetite and limits management, and the firm’s overall risk operating model and culture. A strong three-lines-of-defense model will remain a core foundation to strong risk management in a digital world.

  2. Product and services management

    Properly governing, as well as integrating risk management processes and controls into the design and implementation of new products, services and business processes, is an essential part of implementing digital risk management.

  3. Resiliency and trust

    Digital risk management requires firms to infuse resiliency, cybersecurity and privacy into the design of platforms and products, as well as into the extended enterprise through third- and fourth-party vendors. This will call for a transformation of how third-party risk management conducts its full life cycle of activities, from pre-onboarding, due diligence, through to monitoring onboarded vendors, to offboarding.

  4. Platform, data and infrastructure

    Getting technology and data foundations right is key.

    Core, central capabilities provided by a platform and connected data sources (e.g., so-called “data lakes”) allow for quicker integration of customer, transaction and risk management data into decision-making processes.

  5. Agile decisions

    Nimble and smart controls within digitized processes and transformation programs have to be responsive to evolving risks and environmental factors, and self-adapt to learn and improve. The firmwide control strategy will have to be fundamentally redesigned across the three lines of defense, particularly as it relates to first-line risk management.

Summary

The financial services industry is undergoing a massive transformation, and risk management runs the risk of falling behind and staying focused only on downside risk.

Risk management must have a seat at the table, and to be credible it needs to be very much part of the overall digital transformation discussion, from strategy to implementation. Being an interested spectator is not an option.

 

About this article

Authors

Cindy Doe

EY Americas Financial Services Digital Risk Leader

Seasoned financial services professional. Resides in Massachusetts with her husband and three children.

Amy Gennarini

EY Americas Financial Services Deputy Digital Risk Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.