With the pandemic plunging the global banking industry into one stress test after another and exposing its many weaknesses, operational risk management has risen up the agenda. Firms are now looking for ways to innovate and adapt to ensure operational resilience is a priority.
For Rupal Patel, Network Engagement and Insights Lead at Acin, the key lies in focusing on data, technology and industry-wide collaboration. She specialises in digitising operational risk management across financial services and has extensive experience working with global banks, where she has successfully tackled topics ranging from supervision and surveillance to regulation and the design and creation of risk frameworks.
Passionate about non-financial risk management and leveraging digital-first solutions to solve client challenges, here Rupal explains why banks should be putting technology centre stage when it comes to managing risk.
The cost of faltering risk management is growing fast. In 2020, compliance and regulatory fines reached €11.61 billion cumulatively, well before the year was over.
A huge proportion of these relate to operational risk – the overlooked cousin of market and credit risk – with the 1Malaysia Development Berhad (1MDB) scandal alone incurring a bill of $2.9bn. And since the emergence of Covid-19, risks relating to conduct, data security, cyber, communications and more have soared, prompting increased concern from compliance functions and scrutiny from regulators.
Faced with a more complex risk and regulatory environment than ever, it’s crucial that financial services firms harness technology to their advantage, to make their operational risk management more effective, dynamic and robust. It’s the last of the three risk areas to be tackled with a quantitative, digital mindset – but by no means should it be considered least important, given the lasting financial and reputational disruption that operational risk failures can cause.
To boost operational resilience and develop more effective operational risk frameworks, banks should consider:
- Understanding new regulatory dynamics
One year on from the pandemic, regulators are raising their compliance expectations. Although rules were relaxed initially, while banks found their feet, regulators are now calling in this regulatory debt as well as implementing new rules in areas impacted by Covid-19, such as monitoring and surveillance.
Forward-thinking risk teams should pool their knowledge to optimise their response. By using technology to compare regulatory and risk data collectively, with industry peers, firms can better establish the key controls required on an ongoing basis. This allows them to stay ahead of changing regulatory dynamics and protect their firm from fines and reputational damage, in turn helping build resilience.
2. Implementing enhanced data governance
As part of this increased scrutiny, regulators, including the Basel Committee, are increasingly flagging robust data governance for operational risk data as a priority. With many firms still relying on masses of siloed data, disorganised spreadsheets and other approaches that lack automation, this is hardly surprising.
To measure, manage and mitigate operational risk more effectively firms must enhance data governance, through digitalisation and process automation. Those who leverage AI (Artificial Intelligence) and advanced analytics most effectively will stand the most chance of transforming operational risk from a qualitative and subjective discipline into one that is quantitative and objective.
3. Engaging with a single taxonomy
For optimal data governance, the key is a common data language. This is where many firms struggle, using multiple, outdated or incomparable taxonomies. With no consensus view, firms are missing the foundation they need to fully understand their risk environment.
Automation and data processing techniques, such as NLP (Natural Language Processing), can be helpful for sifting through and streamlining multiple data sets with unparalleled efficiency – creating a single, refined risk and control inventory that can be easily understood and compared by all.
4. Identifying and assessing risks effectively
Regulators generally concur that inter-firm collaboration can help financial institutions to identify and assess operational risks more effectively. By collaborating, they diminish their chances of being the subject of headline-grabbing enforcement fines for regulatory breaches and failures, although a culture of distrust around sharing risk intelligence can hold firms back.
However, in such an interconnected industry it is in the interests of these institutions to work collectively, to solve the raft of challenges that are common to all. Technology now allows firms to benchmark data anonymously, forging interconnections that become a continuously learning neural network achieved through sound data hygiene. This provides the benefits of shared experience and peer comparisons that were sorely missed until now.
5. Monitoring controls through metrics
Regulators are redoubling long-standing calls for firms to carefully govern and monitor the controls they put in place, to ensure their effectiveness and prevent recurring issues. Metrics provide a quantitative window into operational risk, an approach that should be embraced to enable data-driven risk intelligence and proactive risk management.
This is most effectively done with the support of technology such as AI, which can help uncover data that is actionable and remove human judgement from the equation, to consistently and accurately monitor controls efficacy.
6. Creating an end-to-end, front-to-back view
Regulators are not only expecting better data from firms; they also want them to do more with it.
By harnessing tools like AI and NLP, and leaning on common taxonomies, firms can potentially align risk and controls data enterprise-wide, and support the holistic view of the organisation. This strengthens their ability to pinpoint potential operational risk issues and reduces the likelihood of escalation. It also enables the intellectual capital and resource to focus on the core business, trusting data-driven analytics to guide them.
7. Developing better reporting
Knowing your firm is compliant is worth nothing if you can’t provide evidence of it to the regulator – and with the continual emergence of standards like BCBS 239, which criticised banks’ approach to achieving and validating compliance, the bar for regulatory reporting is rising. Regulators are demanding more proactivity and the use of better visual dashboards to deliver actionable, robust data that better evidences their compliance.
Firms can use technology with built-in analysis and reporting to ensure the data they provide is accurate, timely and conducive to the dynamic approach being urged.
The pandemic has challenged the banking industry’s resilience, accelerating reviews and action plans for risk professionals, boards and regulators. With the dust now settling, every financial institution has the opportunity to build a more operationally resilient new normal. With a data-led approach, and the intelligent application of technology, firms can be proactive in building the capability and agility to address both current challenges, and those emerging on the horizon.