A Digital Map of Risk

Few stakeholders are content with traditional "Risk Management" in multi-jurisdiction, multi-product, multiply-regulated financial institutions.

• Nassim Nicholas Taleb rails at the fragility of institutions running faulty risk models.
• Shareholders who bought banks as safe investments are aghast at the volatility from suddenly revealed risks and the costs of compliance/non-compliance.
• Regulators are determined to eliminate the socialisation of future losses, and avoid the finger of blame for future crises.  
• Employees are engaged in a series of fire-drills that crowd out normal commercial activity and innovation.  

Nobody is particularly happy, and nobody can see a way off of a treadmill that consumes ever greater quantities of organisational resources.  Like healthcare, the demand for "risk management" is infinite.

Risk management is an information processing problem, and just as diplomacy is the only answer in conflict resolution, so technology is the only solution to information processing problems.  The digital mapping that Google has done for physical geography must be done for the topography of risk.

There are many boats on the ocean of risk, each plying their own trade.  For each vessel, all that matters most are the conditions in the waters that they navigate. The boats often develop their own navigation aids and strong views about the seas, extrapolated from their own narrow experience.  

In the future, all should navigate with reference to a single, digitised map of risk.

The digital map of risk can be a collaboration across industries, and between regulators and regulated firms. Like Google maps, it can be a utility on top of which firms can build their own applications, but with a common reference point.

There are a multitude of enabling technologies that could be brought to bear upon the task.  To pick just one small example, www.schema.org is a way to mark up web pages to make them easier for search engines to understand. Laws, regulations, policies, procedures could be similarly marked up to make them machine readable.  A collaborative effort between motivated lawyers, regulators and risk professionals would be sufficient to construct this schema.  In the future, new laws and regulations could be published with these tags embedded, enabling organisations to instantly identify which policies, standards, operating procedures, controls are impacted across the enterprise.

The general idea is that while there are many boats on the risk ocean, there is only one ocean, and we don't know enough about it.  We need to start digital mapping.  We laugh at the idea of sailing ship Captains pulling out reams of paper charts, and yet all of our laws, regulations, policies, procedures and controls are in Word, Excel and Powerpoint, which are equally dismal.

Even with an accurate digital map of the ocean of risk, there will always be unexplored regions.  There will be scary known-unknowns, frightening unknown-unknowns, and hideous unknowables that will catch us unawares and unprepared.  No map truly represents the territory, and even with a good map, the weather will remain unpredictable.

Organisations are making great strides to digitise the customer journey through CRM.  It is high time we began to digitise our journeys across the ocean of risk.