The tremors from the global financial meltdown in 2008-09 were so intense and widespread that they are still being felt across the world. When major Wall Street institutions went under, wiping out billions of dollars of personal wealth at the hands of what were mere mid-level traders, it triggered a whole new wave of compliance and risk management processes. Such deep, broad and stringent legislative changes and systemic risk regulations have never been unleashed in the financial sector since the Great Depression of 1930s. As per global studies, financial institutions would have invested close to US$30 billion on risk-IT in 2014. This would have gone up by around 13% by end of 2015. Risk governance and integration are at the top of the spend list of financial institutions. Once implemented, these systems should help financial institutions lower their vulnerability to fraud, money laundering, spend and pricing discrepancies while ensuring capital adequacy.
However, the fact is that there is little that financial institutions can do to avoid the rising tide of ever increasing risk management legislations. The list is long and continues to grow: the Dodd-Frank Act, Basel III, Enhanced Prudential Standards in the US, Solvency II and the European Market Infrastructure Regulation (EMIR) are just some of them. It is therefore important to understand the key trends that will direct and dictate future investments in Enterprise Risk Management (ERM) frameworks, policies and programs.
Key Trends Draining IT Budgets
Operational Fraud: Organizations typically tend to have a knee jerk response to major incidents of operational frauds. Typical, it takes approximately 18 months to detect a fraud, if at all it is detected. The cost of these frauds can be between 2-5% of revenues, which is considerably on the higher side. This damage can almost be halved by proactive detection using data and analytics. Current ERM systems may not be the best fit, as they use a sampling approach owing to the massive volumes of data (and the fact that data is locked up in siloes). These systems will need to turn to data integration, predictive modelling, artificial intelligence and real time data and analytics, ensuring that every data point is examined and a lineage is established. With robust implementation of these relevant systems, the cost of operational frauds, duplicate payments, fraudulent claims, etc. be effectively controlled.
Stress Tests: Regulators, amidst increasing public and media scrutiny are insisting financial institutions to stress test their systems for capital adequacy, forward looking risk assessments and institutional risk appetite. Having garnered positive results in the industry, especially in the US, the tests have emerged as a key step in building confidence in the financial institutions. Europe is also headed in the same direction.
Regulatory Compliance: Risk management is aimed at maintaining capital ratios, capital management/allocation, consumer protection and common reporting standards around trading and transactions (i.e. front-to-back). The investments that need to be made to comply with regulatory requirements are around data models, real-time analytics and capital calculation engines, etc. These models and systems must be flexible, adaptable and customizable in order to seamlessly integrate with future systems and keep pace with a rapidly evolving regulatory environment.
Anti-money Laundering (AML): With growing cross-border terrorism (which needs funding) AML regulations have become more stringent. While traditional AML solutions can manage structured records to unravel monetary trail, the industry is now faced with massive volumes of unstructured data as well. New solutions must have sophisticated data and industry-specific analytical systems to establish and unravel monetary trails, flag suspicious activity and predict incidents. The key challenge here is to ensure that automated IT systems do not make errors when dealing with unstructured data that appears to be similar. For instance, tax registration numbers can be confused for social identity numbers by automated systems.
Technology to the Rescue
Financial institutions have no room for errors. Inaccuracies and blunders can lead to alarming social, financial and reputational damage. This is one reason why we find sophisticated tools such as Robotic Process Automation (RPA) and Artificial Intelligence (AI) engines being brought to the risk IT management discussion.
RPA implementations are able to manage large scale data volumes without incremental costs, reduced processing time and increased accuracy. RPA is proving to be an attractive option for risk IT management practitioners because it can be integrated into existing systems/ architectures without disruption. The outcome is exactly what financial institutions need: real-time risk reduction, improvement in process velocity, increased compliance and enhanced monetary savings.
Increasing Priority for Reducing Vulnerability
Regulations are going to impact both the top-line and bottom-line. As mobile and digital technologies grow, as cloud adoption becomes more widespread, and social media becomes part of business processes, organizations will be vulnerable to new and imminent threats. This is when regulators will have to step in with even wider requirements.
Each of these will come with its own cost of compliance. As capital requirements grow and revenue generating opportunities plateau, the only smart way to improve margins will be through astute cost management. This is why risk management must be brought to the top of the operational agenda.