The Role of Tech in Risk Management
Author: Ron Taché
The best management teams find the time and resources to create and maintain an effective risk management program.
While capital management, loan origination, and customer acquisition justifiably rank higher on the priority scale, sound risk management practices that encompass both market and operational risks pay substantial long-term dividends. As in other areas, financial institutions can use technology to enhance and streamline their risk management programs.
The smallest institutions manage risk via hands-on decision-making and perhaps a few spreadsheets.
- A $185M co-operative bank with 1-3 branches and 10-20 employees is unlikely to have a dedicated risk professional, instead relying on the finance team or perhaps an energetic assistant vice president to handle periodic exam preparation.
- While financial risks typically dominate the thinking, operational risks related to information technology or regulatory compliance receive some mindshare.
On the other end of the spectrum, larger institutions generally have entire teams of dedicated professionals who each focus on specific areas like third-party (vendor) management or regulatory compliance.
- At some point, perhaps as assets pass $1.5B or the number of total employees reaches 300, a chief risk officer (CRO) will be appointed.
- The CRO will often have a direct line of communication with the board of directors.
Across the spectrum of institutions, risk managers and executives leverage a variety of technologies, usually software, to keep up with the demands of their stakeholders. The following breakdown outlines current trends and highlights opportunities to use technology wisely.
Small institutions (De Novo – $600M) understandably prioritize compliance in their risk management programs. Avoiding negative feedback or consequences often dominates their thinking. The prevailing mindset here is, “I will do what I am required to keep the regulators happy.”
- Home-grown spreadsheets
- Rudimentary risk assessment software
- This kind of helpful software puts the basic questions required to assess areas of risk into a standardized format. These are helpful for completeness and future retrieval.
- Smart versions of tiered or contextual questionnaires
- Depending on the answer to question number 1, you will get a different follow-up question. Or perhaps there will be no follow-up questions. These are big-time savers.
- Automated notifications
- When key dates are approaching (regulatory exams or license renewals), the software emails the people responsible – and perhaps their managers – with reminders.
- Simplified report generation
- Company-specific, up-to-date data is added to user-friendly report templates by the software to eliminate administrative tasks.
Mid-sized institutions ($600M – $10B), or those with an increasingly complex mix of products, often move towards integrated risk management programs. With staff size growing past 100, the challenge of coordinating efforts explodes. Most threats cross functions, and many controls are effective in more than one functional area. The prevailing mindset here is, “Risk management programs will provide significant benefit if we can get organized.”
- Cloud technology, shared databases
- Multi-user access
- Huge increase in visibility of results and status. Includes distributed work that is often tied to responsibilities.
- Ability to produce baseline reporting by silo
- Next-gen platforms that are integrated, allowing different areas of the institution to have synchronized assessments
- Ease the burden of data entry
- Cross-functional analytics and reporting
Larger institutions ($10B+) need to consider risk a strategic imperative. With teams of over one thousand, franchise-altering risks are omnipresent, much like regulators. Managing risk well can produce seven-figure results, justifying large technology investments. The prevailing mindset here is, “Risk management programs are a strategic initiative and provide a competitive advantage.”
- Strong integration
- Consistent innovation by technology partners
- Ability to monitor key risk indicator trends over longer periods of time
- Benchmarking for visibility into how peer institutions are assessing risks and evaluating controls
- Fully configurable GRC systems, allowing infinite flexibility
- Integration of external data for analysis
- Adherence to “big bank” best practices
- This ensures that growth to $50B and beyond won’t trip up the risk management program.
- Requires deep expertise that is often in short supply
Firms like Wolf & Company that focus on advisory services, especially in the major risk areas, provide critical guidance that allows a wide variety of institutions to take full advantage of the powerful technology solutions available.