By Peter Bannister
All companies must manage risk. Failure to do so leaves them vulnerable to external and internal factors that can destabilize their market position or stunt growth opportunities. Yet, companies are operating in times of change and with change comes risk. Nowhere is this more the case than in financial services where we find consolidation of companies, fragmentation of services, changing customer demands, new competitors with disruptive technology. On top of this, agile business models, evolving regulation, and technology are transforming the way business is done and the speed that services are provided at. Without the right level of planning and anticipation of potential events, the future can feel unacceptably uncertain.
Forward-looking risk management helps manage this. It establishes a framework for risk identification and preparation in the face of wide-ranging and complex risks and a fast pace of change.
Hindsight, insight and foresight
Hindsight can inform what has happened, and the value of this should not be forgotten in risk management. If operations are impacted by an event, it is imperative to collate all information, drill down into it and generate a clear view of what occurred, how and why. On a rolling basis, data can reveal patterns of cause and effect and these should inform activities in the present and mitigating action to attempt to prevent re-occurrence in the future.
Predictive analytics deals with scenarios of the future. Fortunately, no crystal balls are required; instead a wide range of planning activities should sit beneath two deceptively simple questions:
- What is likely to happen?
- What must be done?
In the first, data mining can detect patterns to project and predict potential outcomes. Robust forecasting around trends and the likelihood of potential outcomes occurring must form a part of this activity. When it comes to planning for what must be done, scenarios- and constraints-modelling should form part of risk management activity, as should decision optimization.
A 7-point forward-looking risk management checklist
Organisations with effective forward-looking risk management practices are better able to manage existing and emerging risks and adapt quickly to crises. At the heart of a forward-looking risk management approach is the capability to deliver an in-depth understanding of the potential risks the business faces, and the level of impact they could have.It comprises:
- Past trend analysis
- Future scenario predictions
- Scenario planning and preparation
- Assessment of processes to determine potential risks
- Identification of root causes and drivers of risks
- Risk prioritisation (based on the probability of each risk occurring and impact level if they should)
- Contingency planning.
Succeeding at forward-looking risk management
Business resilience is a discipline, not a process or an initiative, and so is with forward-looking risk management which must be approached as a way of working – inherent in the culture within which every department and every employee operates – and something that becomes part of the fabric of how the organisation works.
Each programme will be unique to each organisation but all should encompass:
- A clear understanding of the breadth of risks facing the organisation
- An understanding of potential threats and opportunities
- The means for effective communication between all stakeholders across all functions.
Before forward-looking risk management can be effective in helping to manage risk, protect the business and support a high-performing organisation, several challenges must be addressed. These include any lack of clarity around the full range of risks the organisation could be vulnerable to, and limited resources – a situation which must be overcome for risk management to be effective.
It’s also likely that siloed data could hold risk management back – a not uncommon situation in financial services organisations which have grown and expanded, adding products and services along the way and possibly even assets from merged enterprises, creating a patchwork of systems which may not ‘talk’ to each other. Such lack of collaboration and interconnectivity within the business can create obstacles in the movement of data and information which could mask existing issues and potential future risks.
It may also be the case that the right tools and techniques to effectively capture data and manage risk and compliance are lacking within the company. Technology can help by enabling a higher level of control over how policies and procedures are applied, with robust reporting for effective risk management.
Lastly, the ‘tone-at-the-top’ needs to be right for forward-looking risk management to function and thrive. This comes back to organisational culture and the right way of working that embodies risk awareness and mitigation. This culture will only develop if senior management creates the right conditions for risk management to succeed.
In today’s financial services environment, where risk evolves and change is the only constant, risk management should be forward-looking and enterprise-wide. With the right tools and capabilities, the way risk is managed can be improved to help the organisation meet business and regulatory requirements. By taking a forward-looking approach, organisations can aim to avoid unexpected issues which could be costly–in both financial and reputation terms – and which could threaten the smooth running of operations.
Peter Bannisteris SVP for Governance, Risk and Compliance at MetricStream