Andrew Gray, Managing Director, Group Chief Risk Officer
Risk managers today face a more complex and unpredictable environment than ever before as a host of external dynamics are transforming virtually every part of the financial system. With the interconnections between global markets and market participants growing deeper, new threats are emerging from a wider range of sources, sparking an evolution and expansion of the risk management function. The industry is responding to these challenges in several ways, including taking a more holistic approach to managing risk, applying a systems view to the risk landscape and focusing on resilience to ensure markets and firms can absorb and rebound quickly from disruptive incidents.
Developing capabilities in these areas requires updated conceptual frameworks as well as significant investments in people, processes and technology. In addition to this, many risk departments have begun exploring how fintech can support these objectives. Central to this work is a focus on taking a data-driven approach to managing risk and using new innovations to more effectively identify, mitigate and respond to the wide range of risks that firms face today.
Leveraging Enterprise Data
As the risk management function has expanded in recent years to include systemic risk, technology and information security risk, physical security risk, business continuity management and vendor risk, firms have begun to manage risk holistically across the enterprise and have gained deeper insights into how different risks facing the enterprise are connected. This new approach to understanding and managing risk has made enterprise data management more critical than ever.
Across the industry, firms are starting to look at ways to build data lakes to capture, store and analyze significant volumes of qualitative and quantitative structured and unstructured data across disciplines. This is important because it gives risk managers a comprehensive picture of risk within and across departments or business units and enables them to see the relationship between risk families.
In addition to these efforts, high-speed computing is helping firms measure exposures more frequently in response to fast-moving changes in market dynamics. And with lower storage costs and increasing adoption of cloud technologies, firms can now maintain vast amounts of data, which can be mined on-demand for deeper analysis of trends and other insights.
Applying a System-Wide Approach
Given the interconnectedness of financial markets and the complexity and adaptive behavior of the financial system, firms are also looking at risks that extend beyond their own institutions. However, because traditional risk management tools may not be able to predict behavior in this new environment, new techniques and resources are needed to understand and mitigate risk, particularly when it comes to extreme and unpredictable yet plausible risks. The industry is increasingly leveraging scenario analyses and stress tests for these purposes because they extend beyond common risk factors to include the potential for operational and technology incidents. Furthermore, there is the potential to use network analysis, agent-based modeling and other techniques to understand complex networks. Recently, some regulators have suggested that these tools may be able to better identify, model and analyze data in the financial system.
The quantitative and qualitative data that is stored across the enterprise is critical not just for understanding current exposures, but they are also useful inputs for forward-looking analyses.
In addition, these analyses are more powerful if the data is sourced from all parts of the network, which reinforces the need for better information sharing and common data taxonomies and standards across all the players in the space. In cyber-security, for example, the industry is making good progress in these areas with industry-wide exercises for cyber-attack scenarios, better information sharing and the development of protocols to support threat intelligence distribution.
As the industry faces a more diverse and unpredictable set of risks, disruption becomes inevitable. Therefore, firms need to do more than identify and manage risk. They must also build resilience to detect and recover from disruptions as efficiently as possible. Today’s risk management approach requires the right culture, mindset, skillset and processes focused on learning. At DTCC, for example, every employee of the firm is empowered as a risk manager and serve as our first line of defense to protect the organization.
Technology can also play a critical role in building resilience. Big data analytics and artificial intelligence, in particular, offer a variety of benefits that can help organizations act on their data more effectively. For example, machine learning could allow analysts to look at operational and incident data to discern trends and patterns that could be indicators of future disruptions and could allow them to prevent them from materializing. Models could also be leveraged to determine the financial resources required for stress events, with real-time auto-correct capabilities based on changes in the market environment using unsupervised learning techniques.
Connecting all these new technologies will enable us to create an architecture to support what we call “intelligent resilience.” The foundation of this is a data lake, which would be comprised of structured and unstructured data capable of capturing all aspects of risk, built in accordance with strong enterprise data management principles, and able to take in data from the broader network. The data lake, which could be made accessible and shared by the extended enterprise, would allow users to monitor risk in real time. An expanded set of relevant analytical tools for scenario and complex systems analysis as well as machine learning algorithms could be used to generate insights that automatically update risk manager models to size the resources required to protect their institutions as well as the broader financial network.
Fintech holds great potential to help build a risk management framework that reflects today’s post-crisis realities, focuses on the vast, adaptive system and accounts for the complexity of an interconnected and global marketplace. As the industry continues to strengthen its risk management practices in response to a fast-changing environment, firms must apply a broad, system-wide view of the risk landscape, build intelligent resilience into their frameworks and continually evaluate how technology can improve their capabilities.
This article originally appeared in GARP (Global Association of Risk Professionals)