The business case for Risk Transformation – ”Are you leaving value on the table?”

Leaving value on the table

Whilst there is emerging positive news on the current macro-economic climate, there remains uncertainty about the future in terms of growth and profitability. The pandemic changed many of the assumptions in the way financial services institutions (FSIs) operate and adaptability to retain stability of operations has gained prominence. Some of this has been inevitable, such as proliferation of remote working and hybrid working models, and others such as rethinking the operating models to be dynamic and resilient and to capture value have become differentiators.

Risk leaders have always grappled with how to delicately balance executing core risk activities, assessing emerging and future risks, and bridging the gap between the business and risk functions. Demonstrating the risk value-add is often not straightforward as the measurement is not defined by top-line or bottom-line metrics. Whilst all FSIs understand the need for a strong and robust organisation, risk can still be seen as a ‘cost’ rather than a ‘driver of value’. Of course, the risk culture embedded within the organisation and the maturity of its processes are factors. Increased regulatory focus on culture on the back of several high-profile incidents in recent years show the importance of risk culture as a ‘risk’ that needs to be effectively managed. Firms that understand this well and have risk management ingrained in their front-to-back processes generally tend to do better in the long run.

Risk organisations saddled with outdated operating models, inefficient processes and systems, and lack of digitalisation can cause the function to operate sluggishly. The lingering question remains around how to build an efficient, digitally savvy future risk organisation that can not only robustly manage risk but also be nimble and dynamic to be able to respond to an ever-changing operating environment. Whilst there is no silver bullet, risk executives can think about building their organisation in terms of the value proposition of each of the activity that they engage in.

Historically, the question, and subsequent focus as it relates to any transformative journey is on ‘what is the value-add of any change?’ But, perhaps, the right question to ask is ‘what is the unrealised value by not transforming today to meet the challenges of tomorrow?’

Transformation underpinned by accessing unrealised value

Several structural trends such as compressed margins, need for real-time and trusted source of information, and emergence of new risk domains are providing the impetus for transformation across the financial services sector. Adapting to changing regulatory landscape in the face of the Edinburgh Reforms ,which are aimed at driving growth and competitiveness in the UK financial services sector continue to pose challenges for developing efficient compliance processes. At the same time, changing customer expectations of services coupled with the advancements in banking technology have disrupted traditional service delivery models. Consequently, risk functions need to manage a whole new set of risk types which require an updated toolkit and skillset. Whilst several new tools are available that allow a risk manager the ability to deal with these new risk paradigms, cost pressures remain the limiting factor. As a result, cost optimisation initiatives drive the Transformation agenda generally.

Perhaps, counter intuitively, the smarter approach to transformation would be to release unrealised value through operating model re-design, deployment of new technologies, automation, and superior data management capabilities. In structuring the transformation agenda to smartly redeploy resources within the organisation to achieve effective risk management and efficiency of operations, value can be captured and can permeate to other parts of the organisation.

So, what can risk functions do?

The leading firms are deploying a capability-led approach to prioritising the risk investment areas to drive differentiation and competitive advantage. An optimised risk organisation of the future is one that has a clearly defined services catalogue in accordance with the core mandate and regulatory expectations, an optimized resourcing structure and/or operating model for delivering services with right level of skills, experience, and accountability and one that is supported by an ecosystem of digital tools and services that can operate seamlessly across the organisation.

Such a risk function will be able to adapt to changing market conditions easily, deliver valuable risk insights that translate into better risk management, and operate as a trusted partner in achieving business goals and strategies.

Risk ‘Beneficiation’*

Risk transformation is a core competency that bolsters the function’s ability to deal with market volatility and continuously evolve and accelerate in an ever-changing operating environment. The transformation should expand the traditional view of risk and habituate people across the organization to identify and understand threats and opportunities. What this means in simple terms is to capture the value generated along the risk services chain such that human resources are utilized to interpret data and develop commercial insights (top of the value chain) and technology is deployed for sourcing, reconciliation, and reporting (bottom of the value chain). As a result, there is a process of beneficiation of the risk processes which enriches the risk information at each stage through both use of specialised risk professionals and advancement in technology. The right mix of both will ensure value is added in each step of the risk process. As an example, a UK High Street Bank realised significant benefits by introducing a cloud-based data lake to consolidate all 1st and 2nd line risk data into a single source, reducing manual processing within operations and freeing resources to perform more value-add work devoting more time on risk identification and analysis.

Ultimately, beneficiation of risk will identify opportunities to integrate fragmented processes, automate manual work, eliminate redundancies, and introduce operational synergies.

Looking to the future - Risk as a Service (RaaS)

In recent years, the concept of the risk function providing services in a manner similar to that of software services has started to take shape. Rethinking risk as a ‘service’ is not merely about automating a suite of risk capabilities such as risk identification, controls assessments, regulatory compliance, and reporting but re-imagining the way in which risk management activities are undertaken to deliver greater collaboration with the 1st line functions, discovering synergies pan organisation, and enabling the function to be able to adapt and respond effectively to changing environments. Surely, these changes will be underpinned by a cost optimisation consideration given the downward trajectory of margins, tightening regulations, and emerging competition from fintech companies. However, looking at this service model only from a cost lens will risk long term sustainability of the Transformation initiatives.

What is needed is a holistic review of risk activities and services to identify an operating model that can manage all constraints proactively, working with the business to assess strategy using analytical capabilities, and solving the challenges of legacy technology, poor data quality, and lack of integrated processes across 1st and 2nd lines effectively. Services or activities that can be streamlined and integrated should be identified and ‘packaged’ as a service provider and core risk function should be seen to work in tandem with the business in executing the overall strategy.

Risk Transformation Blog Series

In our previous blog posts, we discussed the market drivers witnessing the rising Transformation trend. In keeping up with that theme, over the course of this blog series, we will explore in more detail each of the facet of Risk Transformation: make up of next-gen risk organisation including skillset and traits, identification and management of emerging risks, data, technology, and operating model re-design while highlighting concepts and practical applications at clients as well as challenges in implementation.

*Beneficiation: Borrowing from the mining industry, beneficiation is the process of additive value in each step of the mineral refinement, extracting the unique mineralogy of iron ore deposits; similarly risk beneficiation as a concept is to extract unrealised value in each facet of risk processes, delivering an end-to-end transformative value proposition.