R Digital Risk: Transforming Risk Management For The 2020s
F E B R U A R Y 2 0 17 Agsandrew/Getty ImagesRiskDigital risk: Transforming riskmanagement for the 2020sSignificant improvements in risk management can be gained quickly through selective digitization—butcapabilities must be test hardened before release.Saptarshi Ganguly, Holger Harreis, Ben Margolis, and Kayvaun RowshankishDigitization has become deeply embedded in bankingstrategy, as nearly all businesses and activitieshave been slated for digital transformations. Thesignificant advantages of digitization, with respectto customer experience, revenue, and cost, havebecome increasingly compelling. The momentumto adopt the new technologies and operatingmodels needed to capture these benefits continues tobuild. The risk function, which has seen significantgrowth in costs over the past decade, should beno exception. Indeed, we are starting to see digitaltransformations in risk create real businessvalue by improving efficiency and the quality of riskdecisions. A digitized risk function also providesbetter monitoring and control and more effectiveregulatory compliance.Experience shows that the structural changesneeded to bring costs down and improveeffectiveness in risk can be accomplished much likedigital transformations in other parts of the bank.The distinguishing context of the risk environment,however, has important implications. First, riskpractitioners in most regulatory jurisdictions havebeen under extreme pressure to meet evolvingregulatory requirements and have had little timefor much else. Second, chief risk officers have beenwary of the test-and-learn approaches characteristicof digital transformation, as the cost of errors in therisk environment can be unacceptably high. As aresult, progress in digitizing risk processes has beenparticularly slow.1
This status quo may be about to change, however,as global banking leaders begin to recognize howsubstantial value can be unlocked with a targeteddigital agenda for risk featuring fit-for-purposemodular approaches. In addition to the objectiveof capturing value, this agenda incorporates riskspecific goals. These include ensuring the ongoingeffectiveness of the control environment andhelping the risk function apply technology to betteraddress regulatory expectations in key areas—like risk measurement, aggregation, and reporting.What is digital risk?Data, analytics, and IT architecture are thekey enablers for digital risk management. Highlyfragmented IT and data architectures cannot providean efficient or effective framework for digital risk.A clear institutional commitment is thus requiredto define a data vision, upgrade risk data, establishrobust data governance, enhance data quality andmetadata, and build the right data architecture.Fortunately, processes and analytics techniques cannow support these goals with modern technologyin several key areas, including big data platforms,the cloud, machine learning, artificial intelligence,and natural-language processing.Digital risk is a term encompassing all digitalenablements that improve risk effectiveness andefficiency—especially process automation, decisionautomation, and digitized monitoring and earlywarning. The approach uses work-flow automation,optical-character recognition, advanced analytics(including machine learning and artificialintelligence), and new data sources, as well as theapplication of robotics to processes and interfaces.Essentially, digital risk implies a concertedadjustment of processes, data, analytics and IT, andthe overall organizational setup, including talentand culture.The organization and operating model will requirenew capabilities to drive rapid digitization. Althoughrisk innovation takes place in a very specific, highlysensitive area, risk practitioners still need tocreate a robust culture of innovation. This meansputting in place the right talent and nurturing aninnovative “test and learn” mind-set. Governanceprocesses must enable nimble responses to a fastmoving technological and regulatory environment.Managing this culture of innovation in a way that isappropriate for risk constitutes a key challenge forthe digitized risk function.Three dimensions of change: Processes, data,organizationTo realize the full benefits of process and decisionautomation, banks need to ensure that systems,processes, and behaviors are appropriately fittedfor their intended purpose. In the risk environment,prioritized use cases are isolated in such areas ascredit underwriting, stress testing, operational risk,compliance, and control. In most banks, currentprocesses have developed organically, without aclearly designed end state, so process flows are notalways rational and efficient. Operational structureswill need to be redesigned before automation anddecision support can be accordingly enabled.2Adapting digital change to the risk contextMost institutions are digitizing their risk functionsat a relatively slow pace, taking modular approachesto targeted areas. A few have undertaken largescale transformation, achieving significant andsustainable advances in both efficiency and effectiveness. Either way, in the risk context, care must betaken when adapting test-and-learn pilots commonlyused in digital transformations in other parts ofthe bank. Robust controls must be applied to suchpilots, as the tolerance for bugs and errors in riskis necessarily very low. When digitizing processesrelating to comprehensive capital analysis andreview (CCAR), for example, solutions cannot be
introduced into production before thorough testinghas convinced designers and practitioners of theircomplete reliability and effectiveness. In certainother risk areas—such as monitoring and earlywarning systems in commercial credit risk—bankscan use test-and-learn approaches effectively.reduce operating costs for risk activities by 20 to30 percent. The state of risk management at mostglobal, multiregional, and regional banks isabundant with opportunity. Current processes areresource intensive and insufficiently effective, asindicated by average annual fines above 400 millionfor compliance risk activities alone (Exhibit 1).Our experience suggests that by improving theefficiency and effectiveness of current riskmanagement approaches, digital risk initiatives canThe potential benefits of digital risk initiativesinclude efficiency and productivity gains, enhancedrisk effectiveness, and revenue gains. The benefits ofRisk 2017Digital RiskSizing the opportunityExhibit 1 of 3Exhibit 1Digital risk management can significantly reduce losses and fines in core risk areas.Impact from digitization:Risk areasCreditriskHighMediumLowRepresentative global bankRepresentative regional bankLosses2015, billionLosses2015, billion20–40OperationalriskFines, 2009–15, millionYear avg.Top decile30–50600 300–6004,500 2–4Compliancerisk3–5Fines, 2009–15, millionYear avg.Top decile5–10150 10–20225 15–30350 0.2–0.3400–6001,850 Market andliquidity risk 0.575–150500 0.120–40300 StresstestingNANANANANANAThe greatest financial opportunities from digitization for both universal and regionalbanks are in the areas of operational and compliance riskNote: Credit risk losses are gross charge-offs; operational and compliance risk losses do not include opportunity costs (such as unearnedrevenue due to operational risk events); the average total yearly fines are given for banks fined at least once in the period 2009–15.Source: Bank holding company Y9C reporting forms; Financial Times’ bank-fines data; McKinsey analysis3
greater efficiency and productivity include possiblecost reductions of 25 percent or more in end-toend credit processes and operational risk, throughdeeper automation and analytics. Risk effectivenesscan be strengthened with superior transparency,gained through better management and regulatoryreporting and the greater accuracy of model outputsdue to better data. Revenue lift can be achievedthrough better pricing or an enhanced customerand frontline experience—for example, by reducingthe know-your-customer (KYC) cycle time from oneweek to under one day, or the mortgage-applicationprocess to under 30 minutes, from 10 to 12 days.Improved employee satisfaction can also be achievedthrough focusing talent on high-value activities.Target risk processes: Credit risk, stresstesting, and operational risk and complianceThe possible action areas for digital risk areextensive, but in our view three specific areas areoptimal for near-term efforts: credit risk, stresstesting, and operational risk and compliance.Alhough no one bank has fully digitized all three ofthese areas, we are seeing leading banks prioritizedigital initiatives to realize discrete parts of the totalsavings available. The following discussion is basedon actual digital risk initiatives across risk typesand processes.Credit riskCredit delivery is hampered by manual processes fordata collection, underwriting, and documentation,as well as data issues affecting risk performanceand slow cycle times affecting the customerexperience. Digital credit risk management usesautomation, connectivity, and digital delivery anddecision making to alleviate these pain points.Value is created in three ways: by protectingrevenue, improving risk assessments, and reducingoperational costs.4To protect revenue in consumer credit, digital riskstrengthens customer retention. It improves thecustomer experience with real-time decisions,self-service credit applications, and instant creditapprovals. The improvements are enabled throughintegration with third parties for credit adjudicationand the use of dynamic risk-adjusted pricingand limit setting. One European bank is exploringthe potential for digital risk to expand revenuein consumer credit within the same risk appetite.Digitized credit processes will permit fasterdecision making than the competition while thebank maintains its superior risk assessment.Value is also created by improving risk assessment.Advanced analytics and machine-learning tools canincrease the accuracy of credit risk models used forcredit approvals, portfolio monitoring, and workouts.It can also reduce the frequency of judgment-basederrors. The integration of new data sources enablesbetter insights for credit decisions, while real-timedata processing, reporting, and monitoring furtherimprove overall risk-management capabilities.Operational costs are also reduced as credit processesare digitized. A greater share of time and resourcescan be dedicated to value-added activities, as inputsand outputs become standardized and paperless.In addition to improving default predictions, wehave seen credit risk improvements in these areascreating a revenue lift of 5 to 10 percent and loweringcosts by 15 to 20 percent (Exhibit 2).Stress testing, including CCARBanks find that significant value can be capturedthrough a targeted digitization effort for stresstesting, including CCAR. The current approachis highly manual, fragmented, and sequential,presenting challenges with data quality, aggregation,and reporting time frames and capacity. The
Risk 2017Digital RiskExhibit 2 of 3An integrated digital risk program for consumer credit can protect revenue, improve riskassessments, and reduce operational costs.Improvement potential:High (10% )Medium (5–10%)Low (0–5%)Digital credit risk value mapRevenueimprovementCredit risk value chainAppetite and limit settingFront office, customercontactCostreductionCost of riskmitigationStrategies and policiesSales and planningPricingAnalysisWork flowExhibit 2Credit analysisand decisionScoring and ratingApplicationDecision makingBack office/loanadministrationMonitoring/earlywarning systemCollection andrestructuringContracts and documentsCollateral managementIssue identificationAction recommendationWorkout strategiesRestructuringReport generationReportingInsights/analysisWork-flow supportprocesses are prime candidates for digital automationand work-flow tools.The underlying stress-testing process is the startingpoint. The improvement program will aim atoptimizing resources. Dedication of resources willbe prioritized based on materiality of risk.Institutions can achieve additional efficiency throughparallel processing, centralization, and crosstraining of staff, as well as better calendaring.Templates and outputs are standardized, and“golden” sources for data are designated. Theresulting process becomes increasingly transparentand effective. Process optimization is supportedby digital-automation initiatives for data loading,overlays, Y 14A reports, and the end-to-end reviewand challenge process. Real-time visualization andsensitivity analysis are digitally enabled as partof the transformation. In addition to optimizingstress testing directly, banks are also looking for5
opportunities to harmonize the data, processes, anddecision-making models with business planning.We have seen digitization in CCAR and stress testingbring significant cost improvements and—even moreimportant—free up capacity so that experts canapply more insight and improve the quality and useof outputs (Exhibit 3).Risk 2017DigitalRiskrisk and complianceOperationalExhibit3 of 3banks, manual processes andAt many globalfragmented systems have proliferated acrossExhibit 3In alert generation, digital risk improvements ensurethat reference data available for use in the analyticengine is of high quality. Advanced-analytics toolsThere are many ways digitization can improve efficiency and effectiveness ofcomprehensive capital analysis and review (CCAR) and stress testing.High impactMedium impactLow impactCore CCAR elementsSupporting activitiesHow to digitizeImplementation of tool to collect andaggregate risksRisk identification Risk assessmentRisk aggregation and reportingScenario Forecast developmentMacro forecasts Data preparationModel developmentAdoption of end-to-end data-hostingsolution and model-developmentenvironment Jump-off data and forecast executionAggregation and schedule constructionAutomated aggregation engine with feedsfrom model-development environment Data, models,and forecastingAggregation andreporting6operational risk and compliance controls andactivities. In anti-money laundering (AML), forexample, processes and data have become unwieldy,costs have skyrocketed, and efforts have becomeineffective. Significant opportunities to increase theeffectiveness and efficiency of AML operations liein thorough end-to-end streamlining of the alertgeneration and case-investigation processes. “Appification” of scenario syndicationby lines of business, senior executives,and boardReview and challengeCreation of dynamic review-andchallenge appInternal controlsImplementation of control-monitoringand attestation toolDocumentationAdoption of work-flow, tracking,aggregation, and storage tool
such as machine learning are used to test andrefine the case-segmentation variables and support“auto-adjudication” where possible. In addition,digitization and work-flow tools can support smartinvestigations and automated filing of suspiciousactivity reports, an improvement that enhances theproductivity of the investigation units.Our experience of digital risk initiatives in AML is thatthey invariably improve effectiveness and efficiency,typically in the range of 20 to 25 percent. The overallimpact of such improvement is even greater, however,given the large cost base of this function acrossinstitutions and the risk of not identifying bad actors.Digital risk is differentA digital risk program must be designed inrecognition of those aspects of the risk function thatdistinguish it from other functions, such as frontlinedigital sales. For risk, regulators will not acceptthe characteristic approaches of traditional digitaltransformations. Live launches of “minimum viableproducts” to be tested and refined in production isnot an appropriate path for most risk activities.Most approaches to digitization focus on improvingthe customer experience. Digital risk will involvesome actual external customers, such as in creditdelivery, but in most areas the focus will be oninternal customers, stakeholders, and regulators.Moreover, digital risk is never a self-containedeffort—it will depend on data from all businessesand functions. Development thus proceeds at apace limited by the careful management of theseinterdependencies. Innovative approaches such asagile and digital labs provide effective options toimplement solutions incrementally.Direct impact will be felt in cost and risk reductionWhile digital risk offers clear opportunities forsignificant cost reduction, the impact on revenueis less obvious but implicitly understood by leaders.Frontline digital transformations are often aimedat direct revenue improvement; proof of this impactfrom digital risk programs is more elusive, sincerisk is an enabling function. Faster turnaroundtimes for loan applications is a typical digital riskimprovement. This will likely drive higher lendingvolumes and, consequently, increased revenue—evenif the correlation cannot be precisely determined.Given the indirect impact on revenue, digital riskprograms should focus primarily on reducing riskand cost. The exception is digital credit, where thecase for revenue lift will be clearer.Designing a programAn effective digital risk program begins with chiefrisk officers asking the right questions—those thatpoint the institution toward specific initiatives fordigital innovation. “Can we reduce the time neededfor structured credit approvals to a few minutes?”“How can we increase straight-through processingrates?” “How can we improve the efficiency andstreamlining of KYC activities to reduce pain pointsin the account-opening process?” “How can we makeCCAR less sequential and resource intensive?” “Howcan we improve the timeliness of reporting to meetregulatory objectives?” “What value can we extractfrom better use of internal data?” “What is theincremental benefit of including new data sources?”The answers will help shape initiatives, which willbe prioritized according to current resource-allocationlevels, losses and regulatory fines, and implementationconsiderations, such as investment and time.Digital risk programs can incorporate the familiardesign features of digital transformations, suchas zero-based process and interface redesign andan agile framework. The testing and refinement,however, takes place entirely within a controlledenvironment. The design approach, which can bemodular, must also be comprehensive, based on athorough review of risk activities, appetite, and policies.The designs cannot be migrated into productionuntil they have been thoroughly tested and7
syndicated, often with regulatory bodies. Becauseof its highly sensitive environment, risk is digitizedend to end over a longer timeline than is seen incustomer-service areas. Specific capabilities aredeveloped to completion and released discretely, sothat risk management across the enterprise is builtincrementally, with short-term benefits.The anatomy of a transformationA digital risk program can get a running startby capturing high-value opportunities first. Theanatomy of the transformation will resemble that ofother digital transformations, with the usual threestages: 1) priority initiatives are identified accordingto the value at stake and the feasibility for near-termimplementation, 2) digital solutions are designed tocapture that value and tested and revised accordingto stakeholder input, and 3) the improvementis introduced into production, with continuedcapability building to embed the design, engineering,and change management into the operating modeland invest in the right capabilities and mind-sets.The opportunities identified in stage one arematched in stage two with digital and other solutionsthat will reduce waste and optimize resources whileimproving standardization and quality. Thesesolutions will involve work-flow automation, digitalinterfaces, and the use of advanced analytics andmachine learning. The technology design may use a“two speed” architecture to support fast innovationin IT while allowing the main IT infrastructure tooperate normally. New functionality is rigorouslytested prior to migration into production, to ensurea smooth, error-free transition for critical riskfunctions. Iterative test-and-learn processes takeplace within environments featuring higher controlstandards than typical elsewhere. Stakeholderfeedback and often regulator syndication areobtained prior to production release.8In the third stage, where the innovation isintroduced into production, the organization focuseson change management. In itself, this is no differentfrom typical digitization programs in other businessareas. The focus is on embedding the design into theoperating model and continuing to invest in digitalcapabilities to build momentum for further launches.Having the right talent in place, whether drawn frominternal or external sources, is the key to a successfultransition to digital risk.The path to digital risk will be a multiyear journey,but financial institutions can begin to capturesignificant value within a few months, launchingtailored initiatives for high-value targets. As therisk function becomes progressively digitized, it willbe able to achieve higher levels of efficiency,effectiveness, and accuracy. In the future, risk management will be a lean and agile discipline, relieving costpressures, improving regulatory compliance, andcontributing to the bank’s ability to meet escalatingcompetitive challenges. The first steps toward thatfuture can be made today.Saptarshi Ganguly is a partner in McKinsey’s Bostonoffice, Holger Harreis is a partner in the Düsseldorfoffice, and Ben Margolis is an associate partner inthe New York office, where Kayvaun Rowshankish isa partner.Copyright 2017 McKinsey & Company.All rights reserved.
The potential benefits of digital risk initiatives include efficiency and productivity gains, enhanced risk effectiveness, and revenue gains. The benefits of Exhibit 1 Digital risk management can significantly reduce losses and fines in core risk areas. Risk 2017 Digital Risk Exhibit 1 of 3 Credit risk Risk areas osses 2015, billion
Transforming strategic risk management to realize competitive advantage Advanced digital technologies are having a huge impact on risk functions. In a digital future, the chief risk officer's remit will extend further, while the risk function will encompass both detecting risks and helping define and achieve business strategy.
students and future leaders in the fi elds of science, technology, engineering, and math (STEM) education. Another block has taken on the vital topics of . Transforming families Transforming individuals Transforming education Transforming lives I shared a more complete picture of our fi rst year during my State of the College address
Digital inclusion is defined in various ways and is often used interchangeably with terms such as digital skills, digital participation, digital competence, digital capability, digital engagement and digital literacy (Gann, 2019a). In their guide to digital inclusion for health and social care, NHS Digital (2019) describe digital
Digital Media Middle East & Middle Eastern Digital Media Awards 29-30 Nov 2022 Riyadh Digital Media Africa & African Digital Media Awards 12-13 July 2022 Virtual Digital Media LATAM & LATAM Digital Media Awards 16-18 Nov 2022 Mexico City Digital Media India & Indian Digital Media Awards 08-10 Mar 2022 Virtual Digital Media Asia &
Financial risk Risk that the third party cannot continue to operate as a financially viable entity Regulatory and compliance risk Risk that a third party fails to comply with a required regulation, thus causing the organization to be out of compliance Digital risk Risk that is associated with the third party's digital business processes
games, etc. Includes businesses operating in non-digital industries according to the ONS, such as wholesale and retail trade, education, etc. Digital Tech Industries Traditional (non-digital) Industries Digital job in digital tech industries (Front-end developer in a software company) Non-digital job in digital tech industries
How Digital Innovation is Transforming the Food & Beverage Industry 2 Digital Innovation The oldest industry in the world, food and beverage, now finds that modern . technology must be on the menu. Food and beverage companies need digital
par catégorie alimentaire. A partir des informations disponibles dans les listes d’ingrédients, il est parfois délicat pour un même libellé d’ingrédient de différencier son utilisation en tant qu’additif ou en tant que substance à usage d’enrichissement (exemple : acide ascorbique). Pour ce rapport et pour ces substances, il a été décidé, par convention (choisie), de .
