The changing business environment for the financial institutions is forcing the role of Chief Risk Officer to change from risk controller to business partner. To support this change, change in the business and IT architecture under the CRO umbrella is also needed. In the following article we will provide our views on key drivers of CRO IT architecture change, key functional areas requiring IT system change, key principles of modernizing CRO IT architecture and technology considerations for the risk architecture transformation.
The role of Chief Risk Officer has evolved from the guardian of risk to the partner of growth in digital universe and predicting future outcomes of business decisions based on macroeconomic assumptions. In today's VUCA world, there is an increasing trend of senior risk officers partnering in new businesses and helping traditional banks reshape business model in order to compete with emerging threats like fintech and big tech banks. On top of that, today’s CROs face the blow of triple challenge – increased regulatory expectations, increased pressure on Balance Sheet due to credit quality deterioration in stagflation economy and pressure to reduce operational cost. To fight against these challenges, the IT architecture under the chief risk office should take a multidisciplinary approach, not only to face the current challenges, but also to make it flexible enough to evolve quickly and economically to meet any future challenge.
We believe the following key drivers are reshaping the business and IT architecture under the CRO umbrella.
Macro-economy and business model: High inflation, high interest rate and supply chain disruptions due to geopolitical tensions are bringing business model change for banks.
Supervisors and regulators: New regulatory requirements (e.g. SRB related reporting, ESG reporting and integration in business decisions, CSRB and digital operations act like DORA) and pressure on BAU processes to generate ad-hoc reports are driving IT changes. We also see heightened scrutiny in some of the existing areas like overall data management, loan monitoring etc. questioning the efficiency of the current processes.
New competitions: The emergence of fintech and big tech banks in the last few years has changed the competitive landscape of banking and financial institutions. The traditional banks need a complete overhaul of business models supported by IT systems in order to withstand this competitive threat.
Customer expectations: The expectation of Gen Z in this digital world with the emergence of wearable technologies are forcing banks to rethink how they deliver services to the customers.
Persisting fragmented and non-harmonised IT landscapes, with negative consequences for data aggregation and reporting, compounded by slow progress with the remediation programmes drawn up over recent years. This is continuing to hamper the ability of banks to swiftly produce accurate non-standardised reports
For the purpose of this discussion we have classified major risk types managed by CROs as traditional financial risk functions, traditional non-financial risk functions, and emerging risk areas. The following table shows probability of change per risk functions due to external factors.
The changing business needs is forcing banks to adopt a technology architecture which can meet current business needs and is flexible enough to adapt to future needs quickly and economically. we consider the following principles are important for modernizing IT architecture under the CRO umbrella of a bank:
Based on the above principles, we believe the following technology themes will lead the risk architecture transformation in the coming days.
Early Warning system for Loan Monitoring
Early warning system (EWS) for loan monitoring remained as a compliance report for many banks for the last few years without creating any real business value. But modernizing EWS is gaining popularity due to current macro-economic scenario. Key questions often discussed:
Recovery and Resolution Planning reports
Banks are now preparing for the new datasets (bail in data, valuation data set) required by SRB, Key considerations:
Reporting infrastructure Modernisation
Generating regulatory reports covering risk and finance without data quality issue is a major concern for many banks. Key discussion points in this aea are:
Choosing the right systems for modernization under the umbrella of chief risk officer will depend on the maturity of the system and its business priority. For example, data management systems are not mature enough for most of the banks and are still drawing regulatory attention. Systems for fraud detection are being used for quite some time but cannot be considered high maturity as it needs to be constantly adapted in order to cope with the newer tricks used by perpetrators. The importance and urgency of a system transformation depend on regulatory deadlines like the case of SRB and ESG reports. Business implications can make a use case rise on the priority list for modernization. E.g., early warning system for loan monitoring is gaining importance because of the current macroeconomic scenario. An agile business process and modern system architecture will help the CRO to protect the bank from known risks, face emerging threats and adapt quickly when faced by unknown challenges.
Abbreviations:
AI/ML – Artificial Intelligence and Machine Learning
BAU – Business as usual
CRO – Chief Risk Officer
DORA – Digital Operational Resilience Act
DQ – Data Quality
ECB – European Central Bank
ESG – Environment Social and Governance
EWS – Early Warning Signal
SRB – Single Resolution Board
VUCA – Volatile, uncertain, complex, and ambiguous*This webpage is not optimized for mobile view.