Digitization of risk management


Since the financial crisis, risk management in banks has grown in importance, and therefore so has the need for digitization. Regulations have called for stronger risk management of business processes. The first direct requirements for capital requirements and liquidity management were introduced in Basel III, but this has continued since. The regulator has effectively been enabled to form a better overall image across institutional boundaries.

This is the origin of stress tests and other comparative tests carried out by the regulator. The comparisons also resulted in efforts to harmonize and standardize different risk types. Examples of this type of harmonization are the Minimum Capital Requirements for Market Risk (MCRMR), BCBS352, known a Fundamental Review of the Trading Book, as well as the Standardized Measurement Approach for Operational Risk (SMA). This move towards standardization is also obvious in credit risk.

Standardization as a threat?

These standardizations, however, may pose risks to bankers. The dialogue between regulator and financial institutions may need to be strengthened in this area. In the end, we will only successfully avoid or overcome a new crisis if everyone is doing acceptably well. This may mean diversification and discussion, not standardization.

We will only successfully avoid or overcome a new finacial crisis if everyone is doing acceptably well #RiskManagement #bank Click To Tweet

In addition to concrete adjustments to quantitative surveys of risk, qualitative analysis of risks is also becoming more and more important. This is basically digitization of the process of enumerating risks. For example, BCBS239 is partly aimed at improved transparency and quality of the figures. Both the Federal Reserve (CCAR) and the ECB (SREP) are now adapting their auditing processes to include qualitative features focused on the risk management process itself.

An example is model risk management. In more recent discussions, the processes are to be modernized and models subjected to a regular review process over their entire lifecycle. The Target Review of Internal Models is not only a comparism of quantitative results, it also wants to increase qualitative Governance for all models.

Merging of finance and risk through IFRS9

The ECB's priorities for 2017 also show that it is moving towards modernization, and particularly digitalization in risk management. An initially risk-free topic summarizes these opportunities for risk management: IFRS 9. Originally an accounting issue, IFRS 9 has now moved into risk management because of the calculation of the lifetime credit loss. Because this is calculated at the level of the financial contract, and because of its future orientation, it results in large amounts of data and requirements for simulation-based work. This increases the demands on the IT infrastructure, especially if the requirements are also to lead to risk management in real-time, and an integrated risk platform. You need evidence for that? Banks are given more time for EBA Stress Test in 2018 because the industry has asked for that because of IFRS 9!

Risk–IT fit (alignment)

IT must ensure traceability and repeatability, to ensure adequate transfer and comparison between risk and finances. IFRS 9 and EBA Stress Test can be used to develop a sustainable risk infrastructure fit for the Internet of Things era, including new services such as ePayments or confidentiality checks by business partners in online payment procedures. The time when only manufacturing companies worried about risk management are long gone. Automation and modernization in the field of risk management offer the opportunity for a new infrastructure to be developed for integrated bank management. This includes not only new processes and organizational structures, but also investments in IT infrastructure for the long term goal of a Risk & Finance Consolidation. Looking ahead, the modernization of risk should be encouraged. But care must also be taken because there is risk in the risk model.


About Author

Carsten Krah

Sr Industry Consultant

Ich arbeite seit 2011 als Business Expert Risk, Fraud and Compliance bei SAS. Mein Schwerpunktthema ist Enterprise GRC und ich berate die Finanzhäuser bei der Frage, wie Informationstechnologie bzw. Analytik sie bei den Herausforderungen durch die Aufsicht unterstützen kann, was sie brauchen und worauf sie gerne verzichten können. Ich betreue in dieser Rolle die Regionen Deutschland, Österreich und Schweiz. English Bio: I have been working as a Business Expert in Risk, Fraud and Compliance at SAS since 2011. My main focus is Enterprise GRC and I advise the financial institutions on how information technology and analytics can help them meet the challenges of supervision. I am responsible for the DACH region market made of Germany, Austria and Switzerland.

Leave A Reply

Back to Top