Four steps to building a firmer risk framework
5 min read 4 December 2023
We live in uncertain times, where it feels like the world keeps lurching from one crisis to another. It’s put organisations face-to-face with more complex, interconnected, and quickly evolving risks. To navigate them effectively, financial services firms can’t underestimate the value of a good risk framework.
All too often, though, I see organisations make the mistake of trying to bypass the tougher parts of this transformation. They believe that they just need to put a new team or new piece of technology in place, and it will magically give them what they need to identify and manage risk effectively.
But that’s a bit like a Formula 1 team thinking it can skip all the rigorous engineering, testing, and planning and simply rocket straight over the finish line in first place. Racing doesn’t work like that, and neither does risk management.
Building an effective risk framework – one that is capable of keeping your business on the right course amidst ongoing uncertainty – is an evolution, made up of many different steps. By going on that journey, a business can reach a horizon where risk management is more responsive, meets regulators’ requirements, and delivers value for the business, even during periods of serious stress and volatility.
So, what steps does an organisation need to take to evolve its risk framework? Here are four key areas I recommend focusing on:
1. Everything flows from strong risk governance and culture
Good risk management requires robust oversight and effective governance, fuelled by clear visibility into strategy. This all needs to be aligned to a culture where everyone feels responsible for risk management and empowered to challenge strategy and approach when necessary, so that commercial pressures do not lead to undue risks.
If we look to the past, many of the challenges of the 2007-08 financial crisis were around a lack of challenge and oversight. Characters running some of the largest financial institutions were often seen as infallible – until they fell. Lack of a strong risk culture meant that certain individuals were emboldened to make commercial choices that did not align with their organisation’s risk appetite or capacity. Yet none else felt like they could challenge these risky decision makers.
Today, risk culture and oversight have undoubtedly improved. But how empowered are the second and third line to challenge the business, particularly in commercial matters? Do they have the right data to support their challenges and the right skill sets to utilise that data? How do front-office functions receive that challenge? Is it seen as a blocker and a threat, or something that is protecting their institution? For more on how to build a comprehensive, integrated and agile risk culture, read our blog 'why organisational culture could be your biggest risk management blind spot'.
2. Use data for an insights edge
When volatility is high and visibility into risk gets clouded, organisations need tools that can help them see through the fog and avoid unexpected obstacles. Here, it’s vital to understand the underlying drivers of risk and their interdependencies across the balance sheet – from liquidity, interest rate, and currency to credit and capital risks. For this, data should be the fundamental starting point.
But what data should you be starting with? It’s key to identify and document all the sources of data that can create financial risks, from contractual transactional data to social media. Start by looking for sensitivities and patterns. Then examine how they are reflected in actual events verses predicted ones. And keep asking, how can I refine the way I look at those patterns?
With the right data and tools in place to provide real transparency into evolving, interconnected risks, firms are in a much stronger position to identify, measure, monitor, manage and report on risk, as well as provide their boards with reliable, timely information to support sound decisions.
3. Consider adding AI to the mix
Data management is becoming cheaper with more sophisticated, integrated tools. Artificial intelligence (AI) is still in its infancy, but the possibilities for driving change and managing the sensitivities and patterns of interconnected risk are incredible.
Think about where there might be opportunities to leverage AI to analyse risks in real time and identify actions to drive higher quality outputs without human bias. Start small, by deploying proof-of-value exercises with any new tools. Learn, refine, and evolve your process – making sure that you are continuously looking for interdependencies, sharing information, and breaking down silos.
Also, remember that AI and other tools aren’t a magic bullet. If we want to gain tangible results from AI, you first need to have your building blocks in place: good governance, a risk-based culture and an operating model that’s closely aligned to your wider risk framework. Read our article 'tactical solutions when using generative AI' for more about AI risk governance.
4. Find value in volatility
Of course, every organisation wants to limit risk as much as it can – but your risk framework should also be able to surface opportunities presented by the risks you face. Here, volatility can be a source of value. If you have the ability to spot patterns and identify the earliest warning signs of abnormalities, you can outrun rivals to spot and seize new opportunities.
Again, your data strategy will be key here, allowing you to identify, manage, and report on sources of potential risk and their potential upsides. The more teams that are aware of and ready to act on that strategy, the more effective it will be. Establish stronger lines of communication with the front office and sales teams, so you can get a timelier, fuller perspective on what people are seeing in the market. Overlay the information against the data alongside external macro information to see patterns and forecast.
A closing note
Finally, recognise that when it comes to managing risk, there really is no finish line. Uncertainty is here to stay, and the risks faced by financial services firms are always evolving. To stay ahead of them, risk management shouldn’t be looking backwards, but forwards to the next turn and the next threat.
To gain this pace, you need to get the fundamentals right and make sure you’re always working together as one team, embracing collaboration and a shared data approach. In this way, your business can more effectively guard itself against existential risks and stay on the safe path to continued commercial success – without crashing into something it should have seen coming.
Find our more on how firms can apply Formula 1 thinking to their risk management strategy.
Our Experts
Related Insights
Navigating Australian financial services regulation
Australia’s financial services companies face a wave of new regulations requiring a strategic approach.
Read moreWhy banks fail
After a decade of relative calm, a series of sharp and sudden failures hit the banking industry hard. They’ve prompted many post-mortem analyses, discussions, and regulatory recommendations. But are other institutions really taking the lessons learned to heart?
Read moreHow do super CROs navigate the double-edged sword of AI?
Explore how AI is transforming risk management for superannuation funds and the strategies Chief Risk Officers are using to navigate the complexities of the modern financial landscape.
Read moreFour steps to comply with the updated BCBS239 regulations
Banks have spent millions on BCBS239 compliance, but they aren’t yet in the clear. In case you missed it, the ECB recently published new guidance that updates the decade-old regulation. Here are the four actions that we recommend firms take to meet the latest BCBS239 rules.
Read moreAre digital and AI delivering what your business needs?
Digital and AI can solve your toughest challenges and elevate your business performance. But success isn’t always straightforward. Where can you unlock opportunity? And what does it take to set the foundation for lasting success?