In aid of Fintech Week 2019, we are releasing a series of perspectives exploring some of the issues facing fintech organisations and the broader impact of fintech on financial services and customers. A new perspective will be published each day, covering topics such as regtech, data and innovation in payments. We hope you enjoy the series and please remember to join the conversation by sharing via LinkedIn and social media.
New Horizons for Risk
To deliver effective Risk Management, financial institutions need robust processes that are enabled by technology to help them better manage the growing risk landscape of new threats from digital, cyber, and fraud. Organisations are currently investing to address the latest industry regulations & standards to better prepare and respond – including ISO 31000; NIST Cybersecurity Framework; and BCBS-239.
Many of these standards require an enterprise-wide approach (both in process & technology) to fully realise their benefits. They need to be integrated not only across internal divisions and risk functions, but also across the supply chain and with customers.
In our view, for Risk Management to truly add value organisations need an approach that places data at the heart of everything they do. This expands the role of Risk Management from compliance to providing insights, providing the opportunity and challenge for organisations seeking to move beyond compliance to insight.
For larger institutions – and for the FinTechs disrupting and servicing them, what are the critical factors required to ensure success on this journey?
Data at the Heart
To bring this to life, let’s zoom in on the standard from the Basel Committee on Banking Supervision (BCBS) 239 ‘Principles for the effective aggregation of risk data and risk reporting’. Born out of the financial crisis, the standard lays out principles for banks mandating investment into risk data and risk reporting so that banks may gain better insight into their risk landscape and support their decision-making processes. In doing so, it seeks to address one of the key failings from the crisis: the inability to aggregate risk exposures and concentrations throughout the financial system.
The implementation of the regulation is still a work in progress for many firms. As highlighted by the 2018 European Central Bank (ECB) review, not a single bank was in full compliance with the principles, with the failings in particular around risk data governance and risk reporting. One of the core reasons is that many organisations suffer from a lack of clarity regarding responsibility and accountability for data quality.
The data challenge often stems from an absent or immature data management strategy. One approach to address this is to appoint a dedicated Chief Data Officer and define a data vision underpinned by the foundations of a data management strategy, policies and governance. Complying with data quality and standards can then be used to surface value through machine learning and advanced analytics.
Building the Platform
Achieving robust Risk Management and addressing data management requires a risk framework that surfaces information from across an organisation both internally and externally. This can be complex and can lead to a deluge of data if not managed and controlled.
Many organisations turn to technology solutions for help – products such as MetricStream; RSA Archer; and ServiceNow. These products are now entering their next phase of maturity, incorporating elements of RegTech that help firms address regulatory requirements and improve their insight, underpinned by innovations in automation, advanced analytics, machine learning and cloud-based technology. However, technology alone cannot fully address the potential complexities and pitfalls.
Successful operations place risk culture at the front of embedding any change which derives from the behaviour and practices of a group. A key challenge is that often people embody the behaviours of their cohort, which means an ineffective risk culture can be sustained if the environment is not addressed. The Institute of Risk Management calls out Leadership, Governance, Competency and Informed Decisions as being key to evolving the approach to risk.
Making the Leap
Through robust risk management, data aggregation, and culture a financial institution can surface better insight and make more informed decisions on how they manage risks. The benefits can include enhanced operational resilience, informed new policy, product innovation and better use of existing resources.
Given the challenges above, what should organisations keep in mind as the critical success factors for taking the leap beyond traditional compliance and towards insight from risk data?
Our experience suggests three key areas of focus:
1. Defining the Risk Framework – Have you designed, defined and tested your risk framework and aligned it to industry best practice? Getting the framework, processes, and operating model right first is key to delivering an effective risk tooling solution. For delivering the core functionality a waterfall approach is suggested, look to agile delivery once in production for introducing more advanced features.
2. Understanding the Data Landscape – Do you understand your data landscape from the business outcomes you seek, to your data governance and handling processes and how this is underpinned by systems, data architecture and capabilities? A data strategy can help you achieve a holistic view of the systems and data in your organisation and enable insightful risk management.
3. Driving Successful Change – Introducing a new tooling technology will require significant change to ways of working, particularly if the user base is coming from a more traditional (spreadsheet) based solution. A new solution can be used to cement new ways of working and support a new risk culture embedding in your teams. All the while elicit feedback from your users to enhance future versions of the solution.
Lookout for more from us during Fintech Week 2019. In the meantime, if you would like to talk to us about the changes required to your risk management functions or tooling solutions and the challenges in delivering against these changes, please don’t hesitate to contact us.
For more information please email firstname.lastname@example.org