5 minute read 1 Oct 2019
Family playing dominoes

How risk management-by-design can generate value in financial services

Authors
Amy Gennarini

EY Americas FSO Risk Technology Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.

Jonathan Zatz

EY Americas Consulting Financial Services Senior Manager

Data geek. Technology enthusiast. Foodie.

5 minute read 1 Oct 2019
Related topics Financial Services Trust Risk Innovation in financial services
Upvote

Show resources

With risk management by design (RMBD), organizations can use a customer-centric and relationship-driven approach to building trust.

Within financial services, risk management is rarely thought of in terms of its impact on business transformation programs or on customer experience and engagement. But in highly dynamic and competitive markets, every part of the business — including risk management — must be viewed in terms of its ability to drive change, generate value and satisfy rising customer expectations.

That’s why forward-looking financial services firms have turned to “risk management by design” — a fresh and customer-centric approach that embeds risk intelligence deeply into a range of critical customer-facing interactions across the customer journey, rather than orienting around traditional risk management processes. The idea is that advanced risk intelligence actually streamlines and enhances key touchpoints, such as opening accounts or applying for mortgage loans. It’s the difference between being an enabler and being a roadblock.

Show resources

Risk management by design

1. Framework

Risk management by design (RMBD) involves embedding risk management into the product development life cycle, resulting in accelerated risk identification, improved control definition and products that are designed to be monitored over the long term.

Product teams should collaborate with risk partners during initial product design to:

  •   Identify a broader set of attributes and aspects of client behaviors that impact key risk considerations
  •   Design and implement mechanisms that establish “guardrails” or controls to mitigate risk
  •   Implement data-driven activities to observe client behaviors and process execution in real time to monitor risks and identify new risks or necessary enhancements

 

Infographic about risk integrated digital product development

2. Deploying risk management by design

Specifically, risk teams should be involved in the following steps:

Decompose customer journeys

The goal here is to understand all of the relevant capabilities, user stories, processes and services so that key attributes can be linked to a supporting data platform, such as governance, risk and compliance (GRC) and release management tools.

Identify existing risk events

Risk teams can leverage decomposed customer journeys and risk attributes to extract existing risks from the risk library, as well as create new risk events.

Identify new and emerging risks

GRC and release management tools enable the identification of new and emerging risks, as do continuous reviews of user stories, key capabilities, processes and relevant services. Ultimately, these can be integrated into an enhanced data model, with the goal that both the business and risk management functions use the same data.

Assess risk reduction and acceptance

The next step is to assess projected risk exposures in light of the firm’s established risk tolerances and thresholds. Product teams can then assess the appropriate treatment — such as designing and implementing controls and product mechanisms, or “guardrails,” to mitigate the risks or redesigning the process to avoid specific risks.

Capture risk profile

Lastly, risk teams can collate risk profiles for review, based on the decomposed journeys, the identified risk events and the related risk attributes.

How EY can help

Digital Strategy and Transformation

We help companies thrive in the transformative age by refreshing themselves constantly, experimenting with new ideas and scaling successes.

Read more

3. In digital product development

Monitoring new processes once they become “business as usual” informs future design and change initiatives by identifying new risks and adjusting controls as necessary. Similarly, real-time observation and monitoring of customer behaviors and process performance can help identify new risks or necessary enhancements. A smart controls framework integrates active monitoring and automated controls for new digital products and real-time experiences, with linkages back to the services library. These controls can use live reference data to evaluate and control emerging risks.

As data linkages are refreshed over time, the risk-enabled product development process gets more efficient and intelligent. The controls library will become more consistent with greater opportunity for reuse. Over time, harnessing better data and applying advanced analytics will enable better monitoring of customer profiles, improved responsiveness to current needs and clearer visibility into future needs.

Infographic about product development cycle

The path to greater risk intelligence in customer journeys is best taken via a phased approach that progresses along a series of maturity milestones — from proof of viability to advanced self-service models.

Conclusion

Whichever specific path that firms choose for the evolution into maturity, we believe financial services firms must embrace four key imperatives to effectively and efficiently manage the risk of change initiatives and product development. These steps, which are necessary to instill risk management by design capabilities, are

  • Enable the culture and operating model to embed risk management through every stage of the product development life cycle, from initial vision to ongoing monitoring.
  • Train risk professionals on product development and agile concepts, while training product teams on  risk and controls concepts.
  • Design repeatable processes to identify risks and evaluate controls, with an eye to defining a long-term strategy for risk management’s role and ability to focus on risk monitoring,   especially   relative to emerging risks.
  • Develop or leverage integrated and dynamic risk solutions (refer to the prior section for a full list) that increase transparency of risks and controls for products and enable self-service   decision-making.

This report was co-authored by Jay K. Shirazi, Managing Director, Financial Services Organization Ernst & Young LLP.

Summary

As financial services firms think differently about their customer relationships and digital offerings, they must also think differently about risk management’s role in designing, building and monitoring them. The business and customers alike stand to benefit when greater risk intelligence is built directly into products and across every step of the customer journey.

About this article

Authors
Amy Gennarini

EY Americas FSO Risk Technology Leader

Leader in innovative approaches for financial services. Resides in New Jersey with her husband and two children.

Jonathan Zatz

EY Americas Consulting Financial Services Senior Manager

Data geek. Technology enthusiast. Foodie.

Related topics Financial Services Trust Risk Innovation in financial services
Upvote