Understanding Risk Transformation through 4 Easy Questions

Q1 .What’s driving the demand for risk transformation?

• Globalization : There has been substantial increase in complexity in running business as companies expand into new territories with different tax and transfer pricing and political and environmental considerations .Bankers are increasingly asking, “Are we getting a decent return on equity from each and every business ?The options are to reduce or exit a business that is capital intensive; raise equity if management believes the business is viable; or internally build more capital from retained earnings .Most global systemically important banks have chosen the ?rst option
• Regulatory requirement : Financial and non financial regulation continues to broaden and deepen
• Public sentiment driving need for resilience: Public sentiment has become ever less tolerant of any appearance of preventable errors and inappropriate practices, or of bank failures .Banks need to increase their total loss-absorbing capital  which has put demands to include more core capital(consists largely of shareholders’ equity) in order to ensure a “bail-in” for a troubled bank
• Change in business model: Banks are looking to shed any cyclical or volatile business unless it is heavily overcapitalized to cover the downside risks and prove its viability. g. UBS has substantially reduced its ?xed-income business. Morgan Stanley has focused its wealth management business primarily on the US, while still serving high-net-worth clients in Latin America and the Caribbean .HSBC has exited various countries.
• Customers’ expectations: Rising in line with changing technology. The risk function will need to find ways to assess risks automatically, without human intervention
• Integration of technology infrastructure : Compliance and risk management units were earlier created in a piecemeal fashion and isn’t serving the needs for data quality, access, and analysis, needing to heavy infrastructure costs
• Risk of cyber attacks : Increasing to contagion in global markets and losses made due to the increasing use of models to make decisions

Q2. What is the Vision?

In one line the vision of risk management is to build a seamless system that monitors risk throughout the organization and makes de-biased risk decisions, that has stronger, more collaborative relationships with other parts of the bank, and that is more engaged at a strategic level than it is today so that you look to increase shareholder value by deploying capital more effectively by paying attention to external market demands, competition, regulations, and the like, while shoring up internal business management and risk management

Q3. How is the alignment achieved?

• Align Strategy – Strategy puts the organizational vision and mission into action. The executive committee should consider business and risk strategy together. Enterprise risk management and governance infrastructures should integrate the assumptions used in strategic planning, capital planning, and risk management
• Align Business operating model – The business model defines economic relationships between the organization and its customers, suppliers, investors, and other stakeholders. Banks should scrutinize critical economic functions (CEF) and core business lines (CBL) that must be safeguarded in the event of a bank failure. A detailed dependency analysis should be done to identify all the operational, ?nancial and legal activities required to keep these functions running, any impediments to that goal and measures to remove the impediments.
• Governance and Culture – Governance is intended to ensure that strategies are executed properly and in alignment with risk and business strategy. Bank should look to strengthen the bank’s three lines of defense framework by better defining roles and responsibilities of each, including escalation procedures, to provide appropriate checks and balances that are well understood and implemented across the organization
• Data, Analytics, and Technology -Align and leverage investments in risk management, internal control, and data management and analysis across the organization. Build capabilities to practically implement and operate recovery and resolution plans across business areas. An enterprise risk data and architecture strategy can deliver the right risk-related data to the right points and enable the organization to respond to new business opportunities and to risk and regulatory demands consistently and efficiently rather than through ad hoc or bolted-on solutions.

Q4.  What is the way to build High Performance Risk Function

1. Digitization

• Transforms credit application and underwriting by approaching business lines
• Reduces non financial risk and lower operating cost through Modeling, simplification, standardization, and automation
• Increases efficiency, lower costs, and offer a superior customer experience leading to improved sales

2. Advanced analytics and machine learning

• Enhances accuracy of predictive models by leveraging natural overlap between analytics and financial reporting
• Banks are experimenting with self-learning algorithms in credit underwriting, monitoring and credit-card fraud detection, with encouraging results
• Increase the integrity and timeliness of data by using analytics driven approach for regulatory demands such as stress testing, systemic risk — Dodd Frank, living wills etc

3.Risk modelling

• Another tool in the analytical arsena when you need to make more informed decisions on forward-looking issues of strategic importance, but don’t have traditional data sources to draw from
• Essential for large complex systems which requires assembling and using that data from different lines of business and legacy disjoint systems
• Advances in behavioral economics will also help risk managers make better choices as they learn to recognize and eliminate common biases from their decisions

4.Enhance risk reporting

•  Focus on not only quality of data but also report’s format so that report can be reused for making decisions
• Replace paper-based reports with an interactive solution that offers information in real time and enables users to do root-cause faster, and identify potential risks more quickly too.
• Implementing data analytics system, risk managers will be in a better position to articulate to the board ,the company’s loss experience, providing details of the frequency and severity of losses as  well as the total cost of risk.

 5.Balance Sheet Optimization

• Leverage risk function to optimize the balance sheet by working with finance and strategy functions to consider various economic scenarios, strategic choices and likely regulation.
• Given the many different and new regulatory ratios (such as capital, funding, leverage, total loss-absorbing capacity etc) using analytical optimization tools can help improve return on equity by anywhere between 50 and 400 basis points

6.Business relevant talent and skills

• Risk managers will become trusted counselors to business areas
• Data scientists with advanced mathematical and statistical knowledge will be needed to be able to work as “business translators,” collaborating across the bank to convert data insights into business actions.
• The need is to attract the next generation, young people from a diverse range of backgrounds, with the talent and skills to develop a robust, technologically savvy and business-relevant risk culture for the future.

7.Data Management

• Banks need to fully integrate their KYC or AML processes into a broader set of customer data collection processes or into a comprehensive customer data infrastructure that can support Compliance, Marketing, Risk, and the lines of business
• Big Data is utilized by insurers, brokers and risk managers alike, opening doors to more accurate risk maps and estimates of potential losses. This could be used to help businesses save tens of thousands if not more
• Instead of operating discrete processes that only capture one component of the bigger picture, banks can design efficient processes to enhance customer data up front to meet all these needs.

8.Clean Sheet Approach

• Also called zero-basing this approach looks to identify the activities that truly need to occur, who should do them, how they should be executed to enhance decision making, and then pinpoints those tasks that could be eliminated altogether to reduce complexity and lower the risk of system failure.
• Many banks’ manual controls have to be tested multiple times to comply with multiple regulatory frameworks, such as Basel, Sarbanes-Oxley, Comprehensive Capital Analysis and Review. In addition, operational risk assessments, compliance risk assessments, internal testing and internal audits all review the same controls repeatedly.
• Multiple reviews that never become fully integrated invite the spread of inconsistent conclusions and plans. A clean-sheet approach can build the right solution the first time, eliminating redundancy and cost and lowering risk.

9. Cyber security

•  Organised criminals,hacktivists,nation states ,third parties and individual hackers are trying for financial theft,business disruption, destruction of critical infrastructure leading to damage to reputation,threat to safety and regulatory challenges
• A typical cyber risk heat map for banking sector consists of diverse array of cyber actors and impacts and the list is proliferating
• Cyber risk strategy needs to be driven by executives with clear accountability , a dedicated cyber threat management team needs to be established and focused effort to place automation and analytics to create internal and external transparency
• Cyber security collaboration will need to be extended across industry to fight common enemies

References:

• The future of bank Risk management – McKinsey
• Risk management is changing now Act now. – EY
• Aligning risk and pursuit of shareholder value – Deloitte
• What’s your risk advantage – PWC
• Global risk management survey- Operating in new normal – Deloitte
• Transforming cybersecurity-New approaches for evolving threat landscape
• Navigating risk and regulatory complexity - PWC