Banks must embrace fundamental shift in operational risk models to tackle £multi-billion digital transformation safely, says ORX report
Risk leaders of global financial institutions must start managing risk in a far more active way to tackle their £multi-billion commitments to digital transformation warns Simon Wills, author of ‘Right time, right place’ a new in-depth report from ORX, the world’s largest operational risk association.
The report, which was created with senior risk leaders of ORX member global banks and insurers, urges operational and non-financial risk management (ONFR) functions to step up like never before and support their businesses as they go through digital transformation, in order to keep up with the pace of change.
‘Right time, right place’ demonstrates that risks are now faster, more complex and more ambiguous than we’ve seen in the past. Events are more interconnected than ever, and impacts are multifarious and interlocked. As a result, risk management needs to be automated, real-time and pre-emptive, and reputation and service resilience must be addressed side by side with financial resilience.
The report also gives a view on what an organisation’s critical assets are and how they are now shifting. No longer is financial loss or capital optimisation the only concern – reputational risk, data loss, customer harm, support for vulnerable customers, and institutional resilience are all becoming more important as services are available to customers 24/7. Cyber risk and a febrile social media environment can also both amplify the slightest misstep.
Digitalisation has been accelerated by the Covid-19 pandemic, but emergent, fast moving technologies such as Cloud Computing, Artificial Intelligence and Machine Learning and widespread adoption and availability of APIs have been driving the transformation for some time.
Simon Wills, executive director at ORX commentsed: “We know that the Covid-19 pandemic has been a wake-up call for risk leaders within global financial services and the challenge now is to recognise and embrace the acceleration of digitalisation and develop new risk management practices to keep up. Many legacy frameworks and out-of-date approaches to risk will leave banks and insurers behind, and that will happen very quickly as digitalisation changes core business practice forever.”
The report urges risk managers to consider the following:
- Optimise, active, or both?
ONFR leaders must consider their ambition. Do they only want to “Optimise” (i.e. work more efficiently, reduce the administrative burden risk management places on others, simplify frameworks, deploy innovative tools and practices)? According to the report, this will only allow them to keep pace with the risk profile. To get ahead of the rapidly changing risk profile, ONFR leaders need to consider being more active – which means being on the front foot at all times, pre-empting the risks associated with change initiatives by working with the business to mitigate them in the design and development phase. It means translating the risks into actionable processes for senior management, offering active crisis management, ensuring a sharp focus on the most material risks, and scanning the horizon for the risks that lie ahead. To be active, the risk function needs to be fast, dynamic and innovative – both in the digital tools it deploys but also in how it positions itself in the organisation.
- Strategic capabilities
Banks and insurers need to embed a set of strategic capabilities – technological, cultural, and organisational. The technological enablers revolve around using analytics on data that already exists to see the risks that lie ahead, to get in front of them and to introduce the appropriate control. The cultural enablers involve establishing senior-level relationships and being able to persuade and influence actions before risk events occur. Organisational enablers revolve around skills, for example specialist data science skills, skills in cyber security, and strong scenario development skills.
- Capitalising on new technology
ONFR leaders should consider using the following available technologies to enhance their risk management practices:
- Cloud Computing provides a platform to bring together disparate datasets and information to create the portfolio view of risk that is central to ONFR
- APIs break down the boundaries between functions and institutions, allowing risk to take advantage of an ecosystem of innovative providers and scale efficiently
- AI and machine learning underpin some of the most significant innovations in risk management. Activities that were once slow or even impossible, can now be done in real time
- Being the umbrella function
ONFR needs to provide an overarching framework, bringing consistency across specialist 2nd line control functions and working with compliance teams for an integrated approach to non-financial risk management.
Simon Wills added: “Operational and non-financial risk management functions have had to optimise quickly and it is fair to say that it is now impossible to be successful at change as a business without active risk management. Getting the right skills on the team, embracing innovative technologies and inspiring a culture of change will help risk managers to see the shift they need to be more active and move the risk agenda forward for a digitalised future.”