In many ways financial services is about risk management. Regulatory pressures such as BCBS 239, stress-testing, IFRS9, Solvency II and the Fundamental Review of Trading Book have hugely strengthened that focus.
But there are other concerns too. Cost pressures are increasingly important, as is the rise of challengers to the status quo, including online-only providers and new entrants to the market, often more specialist and more targeted than the incumbents. Digital transformation and the drive towards online services, and the rise of the internet of things (IoT) are other challenges.
But perhaps the most difficult area for financial services is the connection between digital transformation and regulation. The challenge is to maintain current risk processes and systems, but integrate them with new platforms such as Apple Pay, in a way that is compliant with regulations. Are risk managers looking at these issues? Our discussions with a cross section of risk managers suggest that the answer is a resounding no.
Insurance may be leading the way
Insurers have always been focused on risk. Traditional risk management models in insurance break down potential customers by segment to assess their relative risk, and then quote the ‘correct’ premium for that risk.
IoT and big data analytics offer the potential to break customers down into individual segments (or "segments of one"), a process known as hyper-personalisation. For example, the use of a black box to record a customer’s driving means that there is no need to consider age, gender or location to assess risk. The quote can be personalised by known driving style. Equally, use of wearable technology to assess well-being and health makes quoting for private medical insurance instantly less of a risk, and more personalised.
In other words, the use of analytics and the IoT is likely to bring improved customer information flow, more accurate pricing models and faster disbursements to the insurance industry. This will happen through real-time monitoring, collection and analysis of behavioral data. This is both an opportunity and a threat to incumbents: sometimes it is easier for an outsider to come in, building new systems for analytics, than for incumbents to adapt existing systems.
This improved ability to assess risk also has huge ethical implications. Insurance has always been about risk-pooling. Is it, therefore, ethical to raise the premium for an individual’s health insurance because they have been less active for a few months? And what if customers refuse to wear a recording device?
At the very least, insurers will have to consider how they address these new implications to risk management, or they are likely to find themselves challenged in the courts, including under human rights legislation.
Where insurance has led, banks will not be far behind
We might have predicted the impact of analytics and the IoT on insurance: insurers have always depended heavily on data and analytics for pricing models. But analysis by Deloitte suggests that technology, and particularly the IoT, has potential in both retail banking and capital markets. Use cases may seem rather less obvious, but banks ultimately rely on access to data for risk management and credit analysis.
The rise of sensors and machine-to-machine (M2M) communication will inevitably provide a new range of possible data sources, including real-time data that will help banks to better identify and quantify risk. For example, it may become much easier to identify customers likely to default on loans with better analytics and more data sources, or even to predict default earlier and help the customer to take steps to mitigate the problem.
But at the same time, the rise of technology also adds to the risk of any financial transaction.
The traditional way of mitigating risk in financial transactions has been to have a trusted third party, such as a bank, keep track of all transactions. But this means being able to identify all the parties involved in any transaction, and link them to a legal entity.
So far, banks and alternative financial providers such as Paypal and Apple Pay have managed to keep abreast of the changes, by assigning identity to things. For example, smartphones can be linked to a particular person through contracts and SIMs. But for how long is this going to be possible? And what will the regulatory framework look like when the IoT is pervasive?
Bringing together risk and technology
There are no easy answers to any of these questions. All that can be said is that it will be crucial for risk managers in financial institutions of all kinds to be aware of the potential of new technologies to both help and harm their efforts, and to consider the likely impact of new regulations on their adoption.