There have been long standing, well intended plans to develop a more proactive approach to the detection, quantification and management of risk - and for Risk and Compliance functions to drive more value into their respective organisations.
In many cases, the execution of this strategy has been hampered by heavily manual processes, an increasingly complex regulatory landscape, and pressures to address emerging and disruptive risks. In some sectors there has also been an unhelpful distraction from fixing issues of the past.
While many business divisions have adopted automation, digitisation and data analytics to support their growth, this has not always been possible for Risk and Compliance functions. Yet, the holistic transformation of the risk function using data and technology capabilities can yield many benefits.
To begin with, let’s consider some of the needs that are driving this transformation:
1. Identify the potential risks in the ‘unknown’
2. Prevent revenue leakage due to system or process issues; and
3. Build a holistic picture of interactions and behaviours, not just identifying the needle in the haystack
Let’s assume that you have a well-defined risk framework, which clearly and simply sets out the various classes of risk and identifies non-negotiable areas of compliance such as regulatory and prudential requirements.
A simple and pragmatic first step is to overlay your risk framework to your customer journey lifecycle and identify points of issue concentration based on past thematic reviews, known risk areas, customer complaints or incidents.
This typically results in a heatmap of areas of concern (Sales Practice, Sales Quality, Product Design, Product Servicing) across the customer journey and their interdependencies, which can be used to prioritise a data-led deep dive into each of the areas of concern to obtain a clear picture of:`
By starting small, and considering the foundations such as data, technology and the range of stakeholder expectations, this can evolve quickly to shift the view on risk from incident-centric to a more holistic picture, and from reactive to proactive capability: