We like to think about risk management as a specialist domain. Indeed, at SAS, we have a dedicated team that works with risk officers to exploit analytics for risk mitigation. But from my vantage across analytics platforms, analytics to support risk management has seen fascinating changes. The way that we think about—and deal with—risk is changing. Even senior business managers who would previously never have thought about risk are being finding themselves involved.
Evolving expectations and stakeholders
Existential threats and survival have entered the agenda. Take banks as an example. Regulatory compliance is important. But one of the biggest risks to the continued survival of traditional banks and insurers is the rise of the fintechs. The need to be able to manage this risk, and continue to operate, is driving changes in how the banks compete, and their agility. This, in turn, means new risk models that are faster and more efficient.
The changing expectations of customers are also forcing change. Customers are turning to fintechs because they deliver what customers want: a smooth online experience. They are able to achieve this through data integration. This is partly because of the arrival of Generation Y in the workplace and as major customers of financial organisations. This generation—the first truly digital generation—has high expectations, and demands an integrated experience.
Changes in risk require a different view of stakeholders. Past definitions of stakeholders have generally been quite narrow, which is partly why disruptive evolution has been possible in financial services. Arguably customers are the biggest stakeholder in preventing cybercrime, but security issues are much wider than traditional risk models would ever have predicted.
The ‘whole’, not piecemeal, is the way to go. Risk management has always required a holistic, ‘big picture’ view. But this is, if anything, becoming even more important now. The vast amount of data available encourages micro-management and small-scale viewing, and a key skill is to be able to put it all together to create a ‘meta-view’ to enable analysis of the ‘whole story’, and not just one thread.
Results depend on data quality
High quality, up-to-date data is key to integrated stress-testing. The results of any assessment are only going to be as good as the data that you put in at the beginning of the process. Getting stress-testing right—which is key to risk management—means that you need good data. And that, in turn, means high quality, and recent data, as up-to-date as possible. A model is only as good as the source data are recent.
Some of this relates to the ability to pull data across multiple sources. Barriers to integration may be human or technical. Having the right tools is important. Indeed, without them, it may be asking too much of individuals, who will need to have both data science skills and business knowledge to succeed. But as with any change, a desire to embrace it is also crucial. While individual technical ability and aptitude may not be a problem, inertia may easily create a barrier to change, and hold back financial organisations. Particularly in traditional organisations, rather than new fintechs, this attitude can be a big issue.
Model management context can vary. Treating stress-testing as compliance is not unusual. Smaller banks and financial organisations do not have enough resources to differentiate between stress-testing and compliance. They do, however, need to be cautious about this approach, as models can be slow to adapt, and speed is everything when competing with the agile fintechs.
Governance, skills and collaboration
Organizational structure and good governance are vital. Having staff with the right skills is an important first step. But firms also need the right organizational structure, and good governance if they are to survive. Risk management requires structure and care, and good governance of data is perhaps one of the most important aspects. On the plus side, better data governance, forced upon organisations by regulatory requirements, is also likely to drive improvements in analytics, because of better knowledge of what data is available, and how it can be used.
Firms need staff with the right skills if their risk management is to evolve successfully. Effective risk management requires a range of skills. Staff need good financial understanding and awareness, together with knowledge of regulatory requirements. But they also need skills in handling and interrogating data—data science skills—plus the tools to use these effectively, and an ability to communicate their findings to business colleagues.
Collaboration is also key. Changes to risk management mean closer working between risk managers, actuaries in insurance firms, and finance teams. But this collaboration in itself has potential to change how those involved think about risk, and therefore drive further change and evolution, in a virtuous cycle.
The risk and compliance agenda is more crowded than ever. Financial institutions continue to feel pressure from regulators, auditors, boards and investors to manage risk more proactively and comprehensively. Model risk governance is becoming more and more critical. As a result, financial institutions must operate their risk and finance functions in a more unified, cost-conscious and transparent manner that requires tighter organizational integration and more informed reporting.