MetricStream has observed five key risk management trends from its engagements with several large organisations that rely on the MetricStream solution for managing operational, compliance and enterprise-wide risk.
1. A federated approach to risk management
This is a move away from the siloed world where most business units and functions in a bank work independently, with little or no collaboration between them. The rapid changes to this operational model have a lot to do with the recent regulatory reforms. The complexities and the business challenges created by the regulations demand that different business functions be deeply integrated and collaborated in their approach to analysing aggregated data and taking collective decisions.
In the federated structure, the enterprise risk function is aligned centrally with corporate governance and reporting, as well as distributed to lines of business, facilitating ownership and accountability for risk.
2. Real-time risk intelligence for rapid insight into the risk process
Effective risk governance requires more well-structured risk information to reach the board and its risk committee. The two are actively seeking comprehensive and real-time risk intelligence, and information and analysis on key emerging risks – not only financial risks such as credit or market risk. The risk intelligence must provide comprehensive information, highlight the key risk trends and ensure that the risks taken are well within the defined limits. It must also provide more granular data to help institutions remain in competition, and to better price their products and services. All of this information needs to be provided in real time so that appropriate action can be taken on a timely basis.
3. Monitoring and managing emerging risks
Emerging risks, although systemic in nature, have such a significant impact on the organisation that they can no longer be ignored. Financial institutions have found such risks can be devastating if not proactively addressed.
To be better prepared, most financial organisations are building up their ability to monitor and detect key emerging risks as part of their overall risk management efforts. They are taking a fresh look at their risk management processes and allocation of resources to ensure emerging risks are effectively identified, assessed and managed from strategic planning all the way down to day-to-day processes at all levels of the organisation. Risk analytics and reporting are being further strengthened to provide insight and real-time intelligence on, emerging risk trends.
4. Organisational structure for clear accountability and increased transparency
Today’s environment calls for greater collaboration and stronger relationships between the risk committee and the business unit. This encourages the free flow of information between the two entities.
The organisation has to be structured in a way that facilitates accountability and does not limit it only to the risk committee. Business units also need to be aligned to derive maximum value out of the centralised committee, and to ensure there is clear accountability and increased transparency in the entire risk management process.
5. Upgrading risk infrastructure and technological advancement
Most financial institutions are upgrading their technology infrastructure to manage enterprise-wide risks. They are migrating from their legacy systems, point applications and paper-based procedures to a web-based, integrated enterprise risk management system. The technological advancement allows the CRO to streamline and strengthen the risk management function, delivering more strategic value while lowering the costs of operations. Expected benefits include better enterprise-wide visibility, a transparent and collaborative environment, and data-driven decision-making.
The solutions and tools available today provide a reliable means to monitor access controls, observe closed-loop processes, and analyse important data and key risks.
MetricStream is the market leader for enterprise governance risk and compliance solutions, with specific offerings for managing operational risk, enterprise risk, compliance risk, internal audit, regulatory examinations, loss incidents and risk metrics. The solution comes pre-packaged with embedded best practices and a content library.
Click here to view the article in PDF format.