Michael Leibrock, DTCC Managing Director and Head of Credit and Systemic Risk
The complexity of the financial industry has increased exponentially with the rise of fintech, as new technologies such as machine learning, artificial intelligence and distributed ledgers are integrated into industry workflows. Market and operational risks are far from new, but fintech represents a new ballgame. So how do we manage innovation in a way that protects the safety and resiliency of the industry as a whole?
The complexity of the financial industry has increased exponentially with the rise of “fintech,” as new technologies such as machine learning, artificial intelligence and distributed ledgers are integrated into retail and back-office operations. It’s a challenging environment for regulators, policymakers, technologists and IT departments to keep current with the rapid development of new innovations while having to perform the day-to-day tasks of ensuring the markets operate safely and at their most efficient.
For risk managers, there is a different set of issues. From our perspective, the question is: “How do we manage innovation in a way that protects the safety and resiliency of the industry as a whole?” Our responsibility is to create an environment that fosters progress and development in a way that mitigates risk and ensures the ongoing stability of the global financial system.
To understand how the financial industry balances innovation and risk management, it’s critical to examine how major risks to the industry have shifted over the past several years. One of the most prominent is cyber risk. Financial services is one of the most targeted and attacked of all sectors because of its potential to create global chaos. Banks have responded by increasing their defenses, but at a significant cost. Today, the industry’s largest, non-government concentration of investment and spending is in cyber security. However, the sophistication of cyber threats and the number of actors also continues to increase, placing increased burdens on organizations around the world.
Another risk that has increased over the past few years is geopolitical risk and, recently, in countries that have previously been havens for stability, uncertain election outcomes, including Brexit, across Europe and the U.S. and the impact of sanctions on national economies. Geopolitical risk is often underestimated for its far-reaching consequences, from economic and trade policy to immigration and security.
And of course, there is regulatory and compliance risk. Following the financial crisis, the global industry saw a major overhaul to key regulations, some of which are still being implemented today. At the same time, the U.S. administration is also considering rolling back certain pieces of regulation that could undo years of previous work, reversing the direction of many new initiatives. This complex regulatory environment has created a challenging and costly compliance landscape.
Considering the potential impact of fintech, have we arrived at a point where it, too, should be added to this list? In many ways, it is still too early to gauge whether fintech will cause financial instability, but it needs to be on the radars of market participants and, more specifically, risk managers. With the financial system undergoing unprecedented technological change, the remit of the risk management function must expand and evolve because traditional risk management structures will likely no longer be enough.
We’ve studied this issue at DTCC, discussing whether the potential for enhancements to risk management outweigh the possible downsides that are inherent in fintech adoption. As new fintech technologies are developing — such as distributed ledgers and robotics, as well as more mature offerings like cloud — there must be a focus on creating frameworks to enhance how risk is monitored, leveraging a set of principles for calculating the systemic implications of new technologies and entrants. For example, the underlying assumptions of existing models may need to be revisited, risk tolerance levels and acceptable risks may need to be revised, stress testing and simulations may need to increase in both frequency and sophistication, and the list goes on.
Market and operational risks are far from new, but fintech represents a new ballgame that requires a different approach and demands that we double down on our tools and systems to build across other areas of market risk to protect the stability and integrity of the system. Ultimately, the key to addressing risk in financial services, particularly in a landscape shifting to accommodate the development of fintech offerings, is to think of everything that could happen and over-prepare for both the expected and unexpected by building the most robust, forward-looking and resilient risk-management framework possible. If risk managers do not begin today to ensure their firms develop the necessary frameworks, skill sets and tools to identify and mitigate emerging fintech risks, it may simply be too late to react in the not too distant future.