Economies and civilizations are experiencing multiple crises concurrently at this time. The era is marked by the simultaneous emergence and interaction of multiple, complex disruptions with widely varying causes and eventual outcomes. Climate change, the COVID-19 pandemic, record inflation and monetary tightening, supply interruptions, and heightened geopolitical risk all raise important organizational resilience problems that must be addressed together.
In a constantly changing corporate environment, risk management is a competitive advantage in all industries, including finance. They are working towards becoming more able to withstand adversity. Scenario-based foresight, early indicator monitoring, and crisis-response capabilities can help them absorb shocks, pivot, and accelerate into new realities.
CROs envision five fundamental changes that will shape risk management in the future.
1. Three-lines-of-defense evolution
Expectations about the role of the risk function are changing, and there should be more collaboration between the different lines of defense. CROs think that the first line of defense, the people in charge of certain processes and operations, are getting better at risk management and can therefore handle more risky decisions, such as those involved in underwriting, collections, fraud management, and in some cases, designing regulatory models.
As a result, the three-lines-of-defense paradigm is evolving in order to emphasize the risk function on traditional second-line activities, such as appetite setting and monitoring, policy development, the challenging role, and second-line controls and reporting. To be effective in its second-line role, the function should increase its knowledge of new types of risks that are coming up in cyber and tech security as well as climate change.
Nearly every respondent in our survey said that for financial risks, the roles and responsibilities of the first and second lines are clearly defined and well understood in their organization. However, for risks that are not financial, the divides are less distinct.
2. Digitization: New tools, data, and an “old” problem
The risk function can rely on new technologies, tools, and more data, even if some of these building blocks still have “old” problems. All of the CROs who answered the survey said that digital transformation was very important to them.
Nevertheless, many CROs still believe that poor data quality will continue to plague them. More than half of those polled (58%) think that data challenges, notably poor data quality, will have a detrimental impact on advanced analytics applications. It is possible to resolve the vulnerabilities by researching and inventing new kinds of algorithms with the goal of improving the overall quality of risk judgments. The attempt can be aided by the establishment of an analytics centre within the bank.
Despite being important to the risk function, reporting and monitoring continue to be arduous tasks that often need extra human effort and resources. Therefore, there is a dire need for improvements. However, digital budgets have expanded dramatically. Only 25% of CROs expect digitization budgets to rise. This means that much-needed improvements in reporting and monitoring will have to be achieved primarily through increasing risk-function efficiency.
With credit decision-making being digital and controls being automated, most CROs believe existing digital resources could be utilized to improve efficiency in conventional risk areas as well.
3. Regulatory requirements
CROs are keeping an eye on the development of climate and environmental, social, and governance (ESG) regulations, which are set to change and become stricter in the next three years. Climate change and ESG, according to CROs, will soon be among the key regulatory issues affecting the financial services sector.
Risk functions at prominent institutions are attempting to establish the processes, specific skills, and organizational models necessary to lead regulatory efforts. Particular focus is being placed on agile working methods. Overall, early and proactive engagement with regulators is the most important way to make sure that compliance and control strategies match up with what regulators want.
4. Market changes and new risk priorities
As risk levels may rise in the near future, banks are facing significant cost constraints. Fintechs and other low-cost newcomers to the market are putting pressure on existing, conventional business models. CROs are pretty split on how big they think future risk budgets will be. Most of those who see a decrease in real spending are from banks leading the digital transformation of the function. At the group level, these institutions are leading cost-cutting initiatives. The majority of CROs anticipate that risk budgets will reflect changing priorities and maturity in handling various risks.
5. Value creation and presentation as a risk function
Leading companies are beginning to pay attention to the value that those functions may and should produce. This useful shift shifts focus from bureaucratic, documentation-oriented exercises to execution and business objectives. With the right execution, a value-driven approach can streamline operations by eliminating unnecessary steps, cutting back on low-profit offerings, and combining risk evaluations into a single report. The path eventually leads to improved institutional performance. Successful institutions that are able to prioritize positive outcomes are more productive and responsive to all parties involved.
Future priorities for CROs
CROs are making future-ready plans by directing multiple concurrent long-term initiatives. They want to deepen and accelerate the digital transformation of the function, win the risk talent war, and establish cutting-edge expertise in regulation, cybersecurity, analytics, and digital innovation. These initiatives continue even as risk managers deal with more pressing macroeconomic and political disturbances.
Risk management skills are unquestionably more important than ever during this time of economic crisis and development. Digital procedures with robust analytics and data control are increasingly needed. The analytics engines and data infrastructure, two “hard” aspects of these transformations, require as much focus as the “soft” aspect, the upskilling of people.
The risk function’s involvement in institutional strategy and resilience is becoming more important to CROs. Under the pressure of many crises, the transition to a more strategic and comprehensive resilience function has intensified. Risk can predict how the economic and regulatory environment will change and spot new threats. Foresight in banking’s traditional areas of focus as well as in newer areas like ESG, cyber, and geopolitical changes can give a first-mover advantage. However, CEOs and CROs will only be able to use this valuable information if they can figure out which risk fits into the institutional strategy. When faced with adversity, resilient businesses quickly adapt to new circumstances and make decisive changes. As the conditions improve, they have the potential to transition into growth more quickly than those they left behind.