Risk leaders are realizing they can do more and do better if they use data and technology and embrace innovation in how they operate.
Control through automation
Using automation to better understand, measure and manage what is happening in near or real time and in the future is another common theme of digital transformation efforts. The use of AI and machine learning (ML) to carry out audits, monitor financial crime or aid compliance activities, for example, is growing.
Digital resilience can be improved by building in the right automated controls from the outset. Continuous monitoring capabilities, for example, can be embedded during the process design phase. This can aid processes such as risk and control testing by allowing banks to test more, instead of sampling sporadically, and to increase consistency through the reduction of manual approaches.
But banks should spend time on developing a coherent control strategy to enable digital transformation and modernization. They should carefully select the right controls and not fall into the trap of simply adding more controls; after all, controls can be time-consuming and costly to implement. Similarly, just because you can automate a control doesn’t mean that you should. Banks should start by defining the necessary process – and simplifying the process where they can – before embedding the most appropriate control. CROs can add value here, but only if they are part of the conversation from the get-go.
While senior executives in marketing, product development or technology may feel under pressure to launch a new digital process, tool or product quickly and at scale, it is not in the interest of the business to do so without involving risk teams as early as possible. This requires something of a cultural shift, but if risk teams get brought in after a new tool or product has been offered to employees and customers, it may be too late.
Risk managers need to raise their game
Digital resilience is predicated on risk management functions evolving too. And that is both skill and mindset. With the scale and pace of change happening across organizations, they must get to a point where they are able to move fast enough to keep up with other departments.
Upskilling is one clear priority. Today’s CRO needs to master the risks associated with cloud computing and predictive analytics, and to understand how emerging technologies, such as ML, will benefit and threaten the business. They also need to get more comfortable with new processes and development approaches, such as agile methodology.
Some risk professionals need to change their mindset. Bank CROs and their teams need to buy into the very necessary digital transformation programs that their organizations are undertaking. Risk should not be viewed as the department that always says “no”: it needs to say “yes” more often, but accompany that with an analysis of the associated risks and what can be done to mitigate them.
Today’s CRO needs to master the risks associated with cloud computing and predictive analytics, and to understand how emerging technologies, such as machine learning, will benefit and threaten the business.
Although cyber attacks are on the rise, outages linked to third-party providers are making headlines and regulators are increasingly levying fines for customer data breaches, the drumbeat of digital transformation is set to continue. As such, CROs and their teams have a crucial role to play in helping their organization to modernize in a thoughtful, resilient manner. Combining automation and data with core risk disciplines will be key to the success of transformation strategies.
Related articles
Summary
COVID-19’s rapid acceleration of digital modernization and transformation has seen immense progress in a short space of time. Now the challenge is to improve resilience and agility to mitigate risk while maximizing the opportunities this rapid progress has unlocked.