The risk landscape is changing fast. Every day we hear and read about future changes and new challenges in business. Changes in business bring new risks and push risk management to transform and run even faster than time.
By 2030, risk functions in financial institutions will be fundamentally different than they are today. Banks and other players of financial industry should start preparation for changes now in order to be ready for upcoming challenges.
Risk management is likely to have broader responsibilities, to be very engaged at a strategic level, and to have strong, collaborative relationship with other parts of the bank. Talent pool in risk industry will experience a massive shift in expertise toward better analytics. IT and data become much more sophisticated, often employing big data and complex algorithms. As a result, the risk function may be able to make better risk decisions at lower operating costs while creating superior customer experiences.
I believe that it is very hard to predict and emphasize the way risk management will be changing in the next ten years. But, at the same time we see how several trends have already started to impact bank’s risk functions.
One of them is a broaden regulation which is becoming stricter against banks. New laws and standards will push banks to search for additional capital injections in order to fulfill regulator’s requirements and avoid capital inadequacy. All banks started to implement IFRS 9 in early months of 2018, but still, its impact unpredictable and banks remain unclear about their adoption readiness.
Regulator also demands strict and detailed compliance against all transactions both domestically and globally. Danske Bank money laundering issue and Well’s Fargo fake-account scandal are most noted cases of past 2 years. We see why regulator’s attitude becoming more rigid and it will continue in future. These regulatory trends expected to have substantial implications for banks’ risk management, including the following: optimization with regulatory framework, principles-based and automated compliance and deep collaboration with businesses.
The customer expectations changing and it is another driver. Over the next decade, shifts in customer expectations and technology are expected to cause a massive alterations in banking and give it an entirely different profile. Widespread technology usage is likely to be the norm for customers. The current tech-savvy younger generation will be the major revenue contributor to banks by 2030.
To my opinion for our market next five years will be crucial from point of technology. Those who won’t adopt new and fast decision making processes will lose its place on game board. Innovations will mostly affect banks’ origination and sales processes. Customer experience will be changing aggressively and demand for high quality and fast service will rise. Azerbaijan’s market still is not fulfilled with fin-tech startup offers as much as in developing and other emerged markets, but it does not mean that innovation race won’t affect us in the close future. Soon or later, fin-techs will arrive and start to offer an ever-wider range of highly competitive, seamless offers. Their new apps and online services will break the heavy gravitational pull banks have always exerted on customers. If banks want to win the fight for their customer relationships, many things need to be changed. In that fight for customer, risk management should focus on automated instant decision and “segment of one”.
Banks have to offer rapid real-time answers to customer requests with highly customized processes. To achieve this, risk functions will likely need to find ways to help banks assess risks and make decisions without human intervention. This often calls for major, zero-based process redesign and the use of more nontraditional data.
As banks become more sophisticated in their customer segmentation and products, they may eventually be able to create the “segment of one” where they can tailor prices and products to each individual. Risk processes should be “baked in” to new products and workflows from their inception, and not appended afterwards, which can create a drag on the speed and integrity of execution, and damages the customer experience.
All mentioned above lead us to main point of all future changes.
It is technology and innovations.
Techs will not only change customer behavior, but also enable new risk-management techniques, often coupled with advanced analytics. New era of geeks and nerds in risk management already began. Main potential impact will come from big data, AI and machine learning. Using Big Data and machine learning will increase predictive power of models and scoring systems by 50% or even more. GINI coefficient of 80% or 90% won’t be our dreams, it will become reality. Use of non-traditional data from social networks and online activity will help to make better credit decisions, detect financial crimes, monitor portfolios and predict operational losses. This is faster and cheaper way to control credit and compliance risks. But technological boom has its own dark side.
Model and Cyber risks are new and unfamiliar types of risks to face and manage.
Bank’s increasing dependence on models requires that risk managers better understand and manage model risk. Increased data availability and advances in computing, modeling, and algorithms have expanded model use. Deep knowledge of statistical analysis, basic programming and advanced data management is must have skill for future risk managers. Errors from suboptimal models can lead to poor decision making and increase banks’ risks. Through incorrect assumptions, data-entry errors, and breakdowns and errors in the models such as Value-at-risk or Monte Carlo simulations may lead to huge losses. Banks should use multiple mitigation strategies, which center on more rigorous, sophisticated model development, better execution (with higher-quality data), thorough validation, and constant monitoring and improvement of the model.
Another threat is cyber risk. Managing cyber risk requires banks to have staff with the right skills, through recruitment or training, and to design effective governance structures. Budgets for IT and especially cyber security will rise from 40% to 50%. Most banks have already made protection against cyberattacks a top strategic priority, as these attacks can have devastating consequences. This is partially due to the banks’ heavy reliance on software, systems, information technology (IT), and data, but also to the fact that that these attacks would risk not only the banks’ operations but also confidential customer data.
New risks are not limited to cyber and model. They can arise out of economic trends, geo-politics, clients and counterparties, markets and competitors, legislation and regulatory activity, internal processes and employees, and outsourcing. Properly assessing them requires a rigorous framework and a management process which ultimately engages the Board.
So, what is our role in this upcoming future?
We have to deliver higher value by lowering risk and operating costs, contributing more to intuitive customer experiences and help bank to comply with regulations. So our focus goes to minimizing manual interventions by modeling, simplification, standardization, and automation of rules and processes. Through that risk function will help to deal with regulation, deliver superior customer experiences, capture the benefits of big data and lower cost. Next step is to collaborate closely with businesses and other functions to play more valuable role in strategic decision.
What need to be done to perform all these new duties?
The operating model is expected to change significantly as analytical services and advisory become more important parts of risk management. Risk function will need to be able to work with strategic units to manage all regulatory constraints proactively. It also will need to build the analytical capabilities to manage all current and new models and analytical approaches, such as machine learning.
Processes should be simplified, standardized, and automated. Risk decisions will be more robust and de-biased by paperless, automated real-time processing. Humans will only review some selected cases in order to review its congruity with internal policies. This is expected to appear mostly for SME and retail banking.
And the last, but not least point is talent pool. New staff, highly talented data scientist who have advanced mathematical and statistical knowledge and are experts in machine learning and other sophisticated data-analysis methods, as well as business translators who can work well with other parts of the bank to convert data insights into business actions. These risk managers will create future and we will forget about case processing and manual risk decision making.
However, it is impossible to define a detailed blueprint for how a risk function will look in 2030. Nor can we predict all the technological advances, macroeconomic shocks, next banking scandals, or the innovations in risk-management practices that will happen over the next decade and will influence the shape of the future risk function. But, with all my confidence I would say that bank risk management will likely look dramatically different in near future, when it becomes a core part of banks’ strategic planning, a close collaborator with business heads, and a center of excellence in analytics and de-biased decision making.
So, it is time to start process of transformation of risk functions, because as we can see the game has changed.