This challenging environment – coupled with changes in banking regulations, the need to create more and better digital products, and the rise of non-bank (fintech) competitors – is creating a need for banks to redefine their core operating models away from legacy practices and towards new-age requirements. Banks need to build a new culture around risk management and governance if they want to thrive in the near-term and position themselves for the long-term.
Boards of directors and C-suite executives will be crucial in defining risk tolerance and fostering a culture that puts risk management and governance at the center of strategy and operations. Better risk management and governance demand the creation of detailed risk models, improved management information systems, risk/return-based management, early warning systems, and stress tests. Banks must leverage a risk-based prioritization framework while incorporating automation and standardization in internal controls to test their governance and cultural design and to increase operational resilience.
Imperative 2: Break down silos to improve collaboration
In the current environment, a key to growth and the development of new products, capabilities, and experience is breaking down silos within the bank. Traditionally, business units operate within their lines and don’t take a holistic view. Not only does this hamper growth but a siloed approach also generates risks that might be unobserved by executive management.
The treasury function is an example that faces the impact of inter-departmental conflict in the data flow, resulting in higher costs and lower revenues. According to a report from BCG, “It’s Time for Banks to Self-Disrupt,” 70% of banks’ treasury functions lack the data, modeling, and analytical tools to address balance sheet and risk management in a meaningful way. The survey also observed that better collaboration between internal teams can help provide relevant information at the right time, which could help improve treasury operating costs and net interest income.
The need for collaboration becomes even more essential today, as banks continue to develop and add new system architectures on top of their existing IT frameworks. New additions can result in breaches and failures can emerge in unanticipated areas mainly because of the lack of attention given to legacy systems. Today, banks must be vigilant about collaboration and consolidation to reduce risks, ensure efficiency, and increase productivity.
Imperative 3: Embrace new technologies
Controlling identified risks requires a fundamental change in banks’ outlook as they formulate and execute their risk strategy. The commonly adopted technology-based use cases – automation of the risk function, migration to the cloud, and strengthening financial crime capabilities – have led to increased flexibility and reduced costs.
Banks maintain large amounts of data, and most have data in multiple, unconsolidated systems – a situation with enormous risk management consequences as hackers look for vulnerabilities. Many banks already apply advanced technologies to operational processes to identify risks, but they should also explore investments in advanced analytical management information systems to anticipate risks.
The BCG report says that North American banks paid $228 billion in penalties for non-compliance between 2009–2019. Data breaches and fraud are the primary reasons for increased regulatory scrutiny of the banking industry (particularly large institutions).
There are several advanced technologies available for risk management, and banks need to have a clear strategic roadmap to pick the most relevant technology innovations. They also need to evaluate these technologies from the perspective of interconnectedness to derive maximum efficiency and effectiveness.
Imperative 4: Strengthen operational and procedural resilience
Today, operational resilience is as important to banks as financial resilience. Banks are adding new functionalities to their businesses by revamping legacy systems, embracing digitalization in operations, and collaborating with fintechs. All of these initiatives can help banks anticipate and identify problems much more quickly. Reports on disaster response, data security, third-party vendor management, and business continuity plans have become government-mandated requirements.
As banks embrace digitalization, strong board and management involvement in defining governance, operating models, and cultural change is critical. While uncertain circumstances are inevitable, the focus should be on defining the tolerance level of the bank including recovery time and the financial impact of unrest. A well-thought-out response strategy and disaster management execution plan should be part of all operational initiatives undertaken by banks.
Data is another area that should be prime risk management and governance focus for banks. One instance of a data breach could cost a bank significantly, both in terms of reputational damage and money. Ensuring data quality and data governance should be critical aspects in developing operational and procedural resilience.
Three Tactical Ways to Improve Risk & Control Frameworks
The changing risk management challenges require banks to focus on staying up to date with new methods to deal with risk and control frameworks. Here are three tactics for banks to strengthen their risk management and control frameworks in this rapidly changing operating environment.
- Innovate with contemporary technologies
For many banks, the critical way to improve risk management is to move away from legacy architectures and invest in updated technology that provides real-time information. Large banks already spend substantially to ensure regulatory compliance and risk management systems, but focusing on investment in contemporary technologies can help with the ongoing challenge of risk management.
Blockchain and artificial intelligence, for example, are starting to demonstrate real potential in the risk and compliance space, according to BCG. Banks should also consider partnerships with the emerging “regtechs” (regulatory technology) companies that understand the challenges of global banking and apply information technology to address them. Regtechs can provide a risk management roadmap to simplify organization structure and streamline security and compliances processes to avoid failures and data breaches.
- Automate, Automate, Automate
Automation has helped banks become the highly efficient enterprises they are today, but automation’s potential to improve efficiency and minimize risks remains enormous. There are multiple success stories of automation techniques helping companies predict customer defaults faster, resulting in more effective risk prevention. Traditional banks should consider rebuilding the value chain for every function and analyze what automation technologies each value chain demands. This must be done with an emphasis on consolidation to support seamless information flow across all systems while also ensuring compliance and security.
- Think broadly about the future
Risk management and control demand a forward-looking perspective to enable banks to anticipate issues before they become costly or dangerous problems. Planning for the unexpected is not just a technology challenge; it must also reflect the experience and judgments of people. No system, for example, could have predicted the kind of chaos that resulted for banks during the pandemic. But banks that had considered contingencies like disaster planning and working from home were better equipped during the pandemic than banks that hadn’t. Now is the time to think about issues that are gaining importance, like climate change and cybersecurity. Prioritizing risks also helps make better decisions about addressing them.