Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Agile risk management in banking: A contradiction in terms?

Methodical risk management practices are central to the way banks work. So, it can seem impossible for large incumbents to reconcile their entrenched methods with the fast, fluid techniques of organisational agility. In our experience, however, banks can combine the strengths of traditional risk management and agility to deliver value faster and more efficiently.

Risk management typically relies on RAID (Risks, Assumptions, Issues and Dependencies) methodologies. Risk specialists use detailed RAID logs to identify potential issues associated with technology transformation and oversee mitigation of them. The emphasis is on a comprehensive, detailed and strictly documented approach.

These methods may appear cumbersome, but they reflect the industry’s heavy regulatory burden – not to mention the vital importance of avoiding errors that might harm customer outcomes or institutional stability. So, it’s important to understand that established banks can’t ditch their longstanding risk management infrastructure as they embrace agility. Investors wouldn’t want it, and regulators wouldn’t allow it.

Instead, banks should look to use agility to adapt RAID and get the best of both worlds. This means taking three steps to align risk management with organisational agility. Which are:

  1. measurement – measure the likelihood of individual risks materialising and quantify their potential cost using the bank’s existing risk categorisation, overseen by the bank’s established risk specialists
  2. action mitigation – using the principles of agility, prioritise and speed up mitigation of these measured risks. Add these mitigation actions to the backlogs of existing delivery teams, to own and manage the action, and ensure iterative delivery that minimises adverse impact
  3. Report activities – using established systems, pre and post mitigation. This will ensure that all three lines of defence – and supervisors – have the detailed reporting they’re used to.

This is a process that works in practice. We put in place a test and learn which used these three aspects of delivering risk management at a leading UK bank. We worked with the bank’s risk teams to tease apart measurement, action and reporting. Then, as risks arose, we assessed them and quantified their impacts using the bank’s existing risk categorisation matrix. Once appropriately documented, we added mitigation activities to their delivery team backlogs.

This had two key benefits. First, risk mitigations happened more quickly thanks to fortnightly sprints that prioritised them based on their expected value destruction. Second, it was possible to report on mitigation progress and newly-identified risks at the same time to give a clearer picture of the bank’s overall exposure.

Putting in place the appropriate steps – measuring risks, actioning mitigations and reporting on activities will help with aligning risk management and organisational agility. Getting the balance right will be tricky, but manageable. It comes down to understanding the strengths and weaknesses of traditional risk management and organisational agility so you can create a sum greater than its parts.

For more information on PA Consulting’s work in organisational agility visit: https://www.paconsulting.com/insights/2018/organisational-agility/