7 minute read 8 Dec 2020
Woman jumping over crevasse.

How to manage risk effectively at a time of accelerated transformation

Authors
Marc Saidenberg

EY Financial Services Global Regulatory Network Co-Lead, Principal US Financial Services Consulting, Ernst & Young LLP

Financial services advisor. Facilitating active dialogue between industry and the public sector. Public speaker and thought leader. Husband and father.

Amy Gennarini

EY Americas FSO Risk Technology Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.

Robert Mara

EY Americas Financial Services Risk Technology Leader

Risk technology leader in financial services. Navigating rapidly changing risk/compliance, tech, and business complexities. Doesn’t always see the box out of which to think.

7 minute read 8 Dec 2020

The COVID-19 pandemic highlights the need for FIs to make risk management more efficient, insightful, flexible and strategic.

 In brief 
  • The space where the pandemic’s effects intersect with transformative technologies is uncharted.
  • In this environment, risk management no longer can operate as a collection of disparate activities that acts primarily as a centralized watchdog.
  • Rather, it should partner with business lines to promote shareholder returns consistent with the FI’s strategy and seek to enable agile product design and delivery.

Fallout from the COVID-19 pandemic has created new ways for risks to emerge and introduced new challenges to how financial institutions (FIs) manage risk. Customers and remote employees alike have rapidly embraced new digital technologies. Rescue programs like the CARES Act have required FIs to deploy new services at an accelerated pace, while new societal pressures mandate that FIs support the recovery and work with financially distressed borrowers in a compassionate manner. At the same time, FIs face new cost and regulatory pressures in a difficult economic environment.

This is a different set of challenges from the financial crisis of 2008, which began, in part, as a breakdown of risk management in the financial sector and splintered into other areas. In response, FIs operating under tough regulatory pressures spared little expense adding layers of controls to address specific perceived risk management failures.

The pandemic has highlighted environmental drivers, such as changes to the workplace and accelerated timelines for new product design, which demand a more multidimensional, integrated and analytics-driven risk management response. While it is easy to attack each of the drivers individually, viewing them in isolation will neither effectively address current challenges nor advance an FI’s long-term strategy.

Risk management today should be as much about leveraging the FI’s strategy and risk appetite to promote shareholder returns as it is about proactively steering clear of trouble. Capitalizing on the acceleration of digital strategies and operating models requires a comprehensive approach — one that embeds risk more deeply into the product development process, seeks to be more proactive in identifying emerging risks and builds stronger linkages between various risk elements across the organization.

Here are five risk management approaches FIs must begin considering now:

1. Invest and integrate for greater efficiency

With financial performance under pressure, FIs must better assess the efficiency and effectiveness of their risk management functions. It’s not uncommon to see redundant controls and testing in the first, second and third lines of defense, for example. Better to decide how, when and how often something should be tested, and then build on previous efforts across and within those lines.

Controlling costs while delivering solutions that can stand up to regulatory scrutiny and provide needed resiliency will require FIs to analyze operating models for risk ownership and coverage, redesign controls with smart analytics and automation and reduce redundancies.

This represents a mindset change: FIs don’t usually think of productivity as a risk management consideration. But risk management is, in some ways, now viewed as just another vital function that must operate efficiently.

2. Adapt controls for the changing workplace

The shift to remote work thus far appears to have gone better than anyone expected, but things have changed so quickly that the long-term risk management effects remain unknown. Today, the ability to have employees work from home has become a linchpin of FI resiliency planning — and in many cases part of longer-term strategies. Yet the changing workplace also creates new ways for risks to emerge that existing models were not designed to manage. 

Going forward, FIs must recognize that many of the controls designed for an office-centric environment are not sustainable when large numbers of team members are working from multiple locations. For example, most FIs have traditionally prohibited printing work documents at home but must make that possible today. New monitoring solutions are available, but rules, controls and limits must be set to match today’s reality.

3. Embed risk management in product design

The economic environment spawned by COVID-19 is accelerating business strategy transformation across most lines of business. As FIs and customers alike embrace digital transactions, speed and responsiveness are expectations. New products that once required years to implement now are rolled out in weeks, or even days, and fraud algorithms previously designed to last for years now must be adjusted multiple times a day.

The only way this new faster-paced product cycle works effectively is by embedding risk management into critical risk interactions end to end, throughout the customer journey. Far from being a roadblock, risk management in this context serves as a revenue enabler — for example, to streamline account openings or bring innovative products to market quickly.

The goal should be to embed controls into the product, process and enabling infrastructure to accommodate the different ways in which each must be tested or monitored. This less centralized, more agile approach requires a shift in culture and thinking but is increasingly a necessity. FIs cannot compete in a digital world with risk management designed for an analog world.

4. Update models for a changing economy

Risk management priorities tied to the pandemic’s economic fallout are an immediate concern. Customers’ credit has deteriorated, often through no fault of their own, yet FIs cannot provide forbearance and support indefinitely. The broader market faces an equally uncertain future.

In the short term, institutions will need to update restructuring playbooks to give customers greater flexibility to work through financial hardships, as opposed to initiating collections procedures or foreclosures.

Making better use of the behavioral and account data FIs already possess to build a multi-product view of individual customer relationships and proactively anticipate problems will become a priority. No software program exists to facilitate such efforts, but analytics, artificial intelligence/ML and workflow tools that help identify the right triggers can provide better insights.

Longer term, stress tests and the underlying models must be redesigned to be more flexible, powered by nimble risk assessment and other tools and platforms that provide real-time scenario analysis. The macro environment will continue to evolve quickly, requiring FIs to be much more agile than in the past.

5. Adjust for societal changes

COVID-19 has heightened existing social pressures that must be accounted for. Minority-owned small businesses appear to be failing at disproportionately high rates, while large corporations have benefited from CARES Act money distributed by banks, fueling a sense of injustice. Regulatory bodies, such as the National Association of Insurance Commissioners, are combing through existing regulations to identify areas of unintended racial bias.

To address such concerns, FIs must assess risks more comprehensively to identify and address the potential for spillover from financial to nonfinancial risks. For example, using technologies already in place to better assess how upstream actions, such as fallout from the rapid distribution of funds from the Paycheck Protection Program, might impact reputational, business and compliance risk will continue to be a critical challenge.

To better incorporate social factors into risk, some FIs have begun to build risk decision matrices to weigh the trade-offs. Embedding processes inside business lines to facilitate multifocal decision-making is another strategy. Risk assessment must seamlessly incorporate financial and nonfinancial risk drivers, including broader social challenges and the institution’s role in moving society forward. 

The path to modernizing risk management

COVID-19 has altered and accelerated the environmental challenges FIs already were confronting in managing risk, highlighting the need for a more holistic, data-driven approach to risk management. Going forward, institutions must improve data governance and invest in new, more efficient technologies to better manage known risks and identify emerging vulnerabilities.

Summary

In a rapidly evolving operating environment colored by social disruption, workplace changes and transformative technologies, FIs must embrace more efficient, flexible, insightful and strategic solutions to prepare for the unexpected. If COVID-19 has taught us anything, it’s that risk management must anticipate and adapt to changes in the world around it.

About this article

Authors
Marc Saidenberg

EY Financial Services Global Regulatory Network Co-Lead, Principal US Financial Services Consulting, Ernst & Young LLP

Financial services advisor. Facilitating active dialogue between industry and the public sector. Public speaker and thought leader. Husband and father.

Amy Gennarini

EY Americas FSO Risk Technology Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.

Robert Mara

EY Americas Financial Services Risk Technology Leader

Risk technology leader in financial services. Navigating rapidly changing risk/compliance, tech, and business complexities. Doesn’t always see the box out of which to think.