Targeting a Tech Dividend From Risk Management in BankingPartner, Global Finance and Risk Practice and a Director of Oliver Wyman Australia Engagement Manager at Oliver Wyman, Singapore
Many drivers are shaping the context of risk management today—including macroeconomic headwinds, global geopolitical uncertainty, and increasingly frequent and damaging cyber events—leading to elevated risk perceptions.
This is changing how risks are anticipated and need to be addressed, with technology playing a critical role.
Headwinds including high global and Asian debt levels, low economic and productivity growth, growing anti-globalization sentiment, increasing policy uncertainty and the hike in U.S. interest rates create significant macroeconomic challenges, especially for many export-dependent Asian economies.
Separately, emerging risks from technological advancements are exposing organizations to new risks such as data fraud and cybersecurity. Strategic risk from technology that can disrupt business models also needs close attention.
Moreover, the interconnectedness of these risks compounds their impact—geopolitical risks mean that economic shocks are both more likely and potentially more severe than before.
The regulatory landscape is evolving, too, with a deluge of regulations introduced after the global financial crisis, creating substantially increased expectations of risk management and increasing the financial cost of risk-taking for financial institutions. Asia-Pacific regulators are following international precedent with increased oversight of multiple areas including stress testing, recovery and resolution planning, cyber resilience and capital estimation.
These increasing regulatory requirements have forced banks to ramp up compliance activities, placing pressure on risk-management resourcing. Risk teams are now under pressure to anticipate and solve for newer uncertainties, but with the same capacity. The key to address this conundrum is productivity gains, and technology must play a central role.
Targeting a Technology Dividend
The substantial opportunity offered by technological advancements for improving efficiency and building new capabilities to address risk must be seized. Advanced analytics, nontraditional data, and natural language processing, together with process digitization, present compelling opportunities for risk management.
Technology gains can be realized across multiple functions and processes, but risk teams should adopt a more practical and affordable approach by focusing on priorities.
We recommend three major levers be considered to evaluate potential opportunities.
Data—Financial institutions typically struggle with managing and making sense of masses of data, while new internal and external sources of data continue to pour in at an unprecedented rate. For example, leading banks are using transactions data, social media and other sources to drive closer to real-time customer-level risk insights and produce dividends both in problem loan management and in lowering initial underwriting costs (Exhibit 1). In our experience, social media data is found to provide predictive measures of enhanced default risk up to six months ahead of traditional indicators.
Exhibit 1: Early warning rating system
Analytics—Machine learning, natural language processing, self-learning algorithms and other advanced analytics have become affordable and readily available. A good illustration of using the advanced analytics is improving debt collection.
Traditional debt repayment collection practice involves a high volume of calls, where a vast number are unsuccessful. Using natural language processing and advanced analytics, a suite of predictive models can be developed for decision-making process optimization. Rich insight of when and how each customer will respond to different forms of outreach can then be generated with improved prediction quality.
Collections strategies informed and enhanced by advanced analytics have shown to lower call volume by over 30 percent and lead to a 15-20 percent reduction in handling time, leading to savings in excess of 20-30 percent.
Processes—Digitization also provides opportunities to automate and create new risk-monitoring processes for managing emerging or hidden risks. For example, to address conduct risk, financial institutions are combining machine learning and transaction data to automate conduct monitoring for mortgage underwriting.
Similarly, paper-based processes with significant manual interventions and long turnaround times are prevalent in traditional financial institutions. Leading banks are already digitizing risk processes to improve productivity. Among them, credit-underwriting automation is quickly becoming the norm for financial services, with loan application process times falling from more than a few weeks to a few minutes. Convenient online channels are developed for customers to access anytime, anywhere. Pre-population of information by integrating customer data provides a hassle-free experience, and advanced analytics are built-in to implement quick decisions.
Horizons of Change
Maximizing the benefits accruing from a fully digitized risk function will require a complete revamp in risk management processes, people, systems and data. In terms of the digitization extent, we see three horizons of change for the risk organizations in the context of digital opportunities:
Level 1—Traditional risk function optimization. Most financial institutions have undertaken multiple initiatives to streamline and automate their existing risk value chain. While the source of efficiency gains comes from automation and near/offshoring, the core risk activities remain in-house. About 15-20 percent efficiency gains are typically observed.
Level 2—Progressive risk foundation. Individuals need to be equipped with the right mix of capabilities to manage the newly developed information technology infrastructure and extract insight from advanced risk data analysis. Laying the foundation for the human capital and career path implications of this phase early is vital.
Level 3—Fully digitized risk function. Ultimately many risk processes may no longer remain owned by organizations. One popular future scenario envisaged is risk “staked in the cloud,” where a fully in-house risk management function is no longer needed. Through application programing interfaces vendors and utilities are able to leverage technology to provide standardized solutions, risk estimates, and releases. However, even in such cases, oversight and control remain in-house. The focus of risk shifts to “scanning the horizon” activities to identify new risks and manage vendors, providers and interfaces. Team sizes in any area of high human touch will diminish, leading to expected 60-70 percent efficiency gains.
For a typical medium-sized bank, realizing the full digitization potential is expected to translate to large cost savings along with higher levels of effectiveness, oversight and insight generation. However, as shown in Exhibit 2, the complete transformation journey will be complex with multiple interlinked elements.
Exhibit 2: Digital risk—needs and opportunities for transforming risk management
The time for the risk function to act is now. We suggest five major steps to get started today. First, “quick wins” and longer-term efforts need to be launched, based on a digital risk activity map. Second, there is a need to scan the competitive landscape to understand current positioning in comparison to peers. Third, the digital ambition for risk and vision for the future of risk management need to be defined. The fourth is to establish the required talent model and implement recruitment strategy. Finally, there needs to be an alignment of regulatory strategy and relationship. Companies should consistently monitor global and local regulatory changes relating to emerging technologies to understand their potential implications on business.