A panel of experts explores how greater collaboration between risk and finance teams can garner significant benefits and add value, how technological innovation is making the regulatory landscape more complicated to navigate and produce transformative opportunities, and how organisations have evolved their approaches to regulatory stress-testing
- Thorsten Hein, Principal Product Marketing Manager, Risk Research and Quantitative Solutions, SAS
- Natasha Naidoo, Chief Risk Officer, Generali UK
- Tom Wilson, Chief Risk Officer, Allianz
- David Hookings, Risk and Regulatory Transformation Director, Elite Alpha
- Jordi Mondéjar, Chief Risk Officer, CaixaBank
Which macro trends have been most influential in driving risk and finance transformation in your business in the past decade?
Thorsten Hein, SAS: SAS has seen many trends influence financial institutions, especially in the past decade, leading to a need for an integrated approach to risk and finance. First is the macroeconomic and political environment. Banking industry margins are tight and return on equity in many cases remains below the cost of capital. Banks – particularly in Europe – report persistently high operating costs, and low interest and fee income. Insurance companies are dealing with similar issues, the low interest rate affecting life insurers in particular. Another challenge is the unknown quantity of one-off events such as Brexit or the US-China trade war.
There is also the persistent challenge of regulation: banks and insurance companies are facing an array of new rules and guidelines relating to capital, liquidity and risk. Among these, International Financial Reporting Standard (IFRS) 9, Current Expected Credit Loss (CECL) and the Basel Committee on Banking Supervision’s principles for effective risk data aggregation and reporting (BCBS 239) are notable for their potential impact. The same applies to the European Banking Authority’s stress-testing initiative, Comprehensive Capital Analysis and Review, financial and common reporting, and so on, which are heading in the same direction.
Again, the situation for insurers is comparable, especially with IFRS 9 and IFRS 17, which are causing sleepless nights for many. Solvency II is still an operational issue for many insurers in the European Union, and then insurance capital standards and the Common Framework for the Supervision of Internationally Active Insurance Groups are on the horizon.
Changing customer behaviours and rising competition are other marked trends. Customer expectations are evolving fast, perhaps in part because tech giants such as Google, Apple and Amazon, and financial technology – or fintech – firms have significantly raised the bar. Imagine how the market could be affected if Google or Amazon applied for banking licences. We shouldn’t forget the shifting technological landscape. Technology is exerting a disruptive impact, especially via the emergence of fintech firms, the expansion of ecosystems in which non-banks increasingly compete and rising transparency.
Tom Wilson, Allianz: Three factors have heavily influenced Allianz’s finance and risk activities, bringing closer interaction to address critical issues in risk, solvency and business strategy.
First, changes to the insurance capital and accounting regimes have introduced greater volatility, which forces a much closer interaction between risk and finance. Solvency II was introduced to the European insurance industry in 2016, mirroring Basel II in many respects, except the entire insurance balance sheet is mark-to-market – in effect, no ‘banking book’. In parallel, the industry committed to voluntary disclosures – which are also mark-to-market – such as market-consistent embedded value. Looking forward, IFRS 17 will arrive in a few years and is based on a mark-to-model approach. These changes have had a fundamental influence on our reporting systems landscape and – due to increased volatility – our product and asset-liability management (ALM) strategies, and how we manage the business. This all requires greater co‑ordination between finance and risk.
Second, financial market uncertainty has reinforced the inherent volatility of the new regimes and their financial implications. Specifically, ‘low-for-long’ interest rates have hurt valuations of life retirement businesses with unmatched assets and liabilities. And novel monetary policy such as quantitative easing has created an environment of asset bubbles with limited monetary policy ‘powder’ available to dampen the effects of short-term dislocations. The finance and risk functions must work together more closely given the inherent volatility, combined with the need to balance the risk and returns from strategies that attempt to make up for lost investment income.
Finally, these trends are not lost on shareholders who have taken an increasingly activist approach, demanding to know how capital is deployed, at what returns and payback periods, and how much capital can be generated to finance profitable growth or repatriate to shareholders in lieu of attractive growth opportunities. There is a much closer co‑ordination between risk and finance because Solvency II is the binding constraint for capital deployment.
Natasha Naidoo, Generali: Risk transformation has been driven at a macro level by the fluid and rapidly evolving risk landscape – particularly relating to increasingly volatile geopolitical risks, driving the need for risk teams to shift their focus from technical functions developed around regulatory solvency requirements to business partners supporting nimble responses to the changing environment.
Finance transformation has been influenced by a combination of industry-level factors such as the move towards lean target operating models, digital transformation and margin pressure leading to companies actively pursuing long-term efficiencies and cost reduction.
The interaction and increased collaboration between risk and finance has influenced transformation. From a technical perspective, there has been increased demand by regulators and company boards to have consistency and reconciliations between market-value balance sheets and accounting balance sheets driving system development. Strategically, risk and finance work more closely on core business processes such as business planning forecasts and stress-testing and what-if scenarios supporting the business plan.
Jordi Mondéjar, CaixaBank: The 2007–08 global financial crisis exposed the failings of many financial institutions, highlighting the weaknesses of the capital regulations in place at the time. New and more demanding capital requirements were implemented and the new European supervisor – the Single Supervisory Mechanism – focused on achieving a level playing field through the incorporation of stress exercises, inspections, and the like.
On top of such a demanding regulatory environment, further pressure
is generated by persistently low interest rates and the need to regain customer confidence.
The industry has reacted in many ways to overcome these trends. For example, internal models have been improved to anticipate trends and evaluate risks and opportunities with minimal information in order to extend the base of potential clients in the context of digital transformation and new competitors. Further trends include improvement of the governance environment, greater attention to customer protection and participation in sustainable economy developments.
David Hookings, Elite Alpha: Following the financial crisis, the focus was primarily on regulatory compliance with new standards such as Basel III and IFRS 9. More recently, there has been a shift towards digital transformation to drive cost reductions and improve customer experience in response to the threat posed by new ‘challenger’ banks. Risk and finance transformation have a big part to play, with changes required along the end-to-end customer journey, including such areas as credit ratings and product pricing.
How does greater collaboration between risk and finance benefit your business? Where is the greatest opportunity to add value?
Thorsten Hein: First, greater collaboration between risk and finance helps work out the profitability of individual products and cleans up product portfolios. Two sets of data – one from risk and one from finance – provide plenty of information to draw firm conclusions about which products might be profitable. Unfortunately, the product portfolio splits – hence the profit and loss (P&L) data in the two departments – often lead to very different conclusions. An integrated approach also enables better monitoring and orchestrating of the business processes, such as those related to IFRS 9/CECL.
The key differentiator of an integrated approach is that the risk and finance teams can perform sensitivity analysis – for example, due to different scenarios, types of expected credit loss models and business assumptions or rules – to observe the effect on balance sheets and income statements. Traditionally, risk and finance groups within a bank operate separately with limited interaction. The challenge – especially of the new IFRS 9 and CECL regulations – requires the two groups to collaborate more closely. Following the operating model, as previously mentioned, risk and finance traditionally use separate and dedicated IT applications, but to efficiently manage the IFRS 9 and CECL processes both functions should share the same IT environment. Moreover, these two groups can readily work together to determine how different business assumptions might affect a bank’s financials and create the best strategy for the bank. For insurance companies, it’s more or less the same story, which can be seen in the case of IFRS 17. The bottom line is that growing collaboration will have a positive impact on a firm’s business.
Natasha Naidoo: The strength of business planning is enhanced through greater collaboration. By having an integrated business planning process complemented by a forward-looking risk assessment, P&L and balance sheet sensitivities can be better understood and relevant management actions planned for. This increases business resilience should a different scenario be borne out to the base case.
David Hookings: Risk and finance have been very siloed historically, which has led to disparate architectures within banks, and therefore an inability to react quickly to new regulatory and competitive challenges. Regulators are increasingly blurring the lines between risk and finance in their reporting and data requests, demonstrated most clearly in stress-testing where a firm-wide result requires collaboration between risk, finance and capital planning. From a customer experience perspective, it is impossible to provide offerings such as credit decisions in minutes without strong cohesion between the functions as well as their architectures. Strategic investment needs to be focused on the firm as a whole rather than functional goals to excel in a fast-moving landscape.
Tom Wilson: First, better co‑ordination of reporting approaches and systems leads to lower expenses in development, maintenance, validation and hardware compared to a ‘siloed’ approach. This is especially true for the stochastic cashflow models used to value life retirement products for Solvency II and IFRS 17 and for the forward-looking credit risk reserving policies under IFRS 9.
Second, a better dialogue between risk and finance can lead to better and faster strategic decisions, particularly when considering the influence of capital, risk and liquidity constraints on business plans.
Finally, we have benefited from a greater focus on shareholder value, especially on the deployment and remuneration of capital in the life retirement space. This improvement is very much evidenced in terms of new product design, ALM and more coherent risk/return measures, as well as general awareness of the link between the three.
Jordi Mondéjar: Greater collaboration between risk and finance helps generate more accurate and comprehensive financial analysis, and favours the robustness of the government and control environment. This allows a more complete vision of the business performance, synergies to set prices, and easier measurement and management of business profitability risk or set incentives. It also allows for widening of the use of early-warning models for risk and accounting, and it strengthens control processes to provide greater security to the business.
To what extent do accounting standards such as IFRS 9 and CECL reflect a changing regulatory focus towards ‘what-ifs’? How are banks and insurers coping with the implementation challenge that presents?
Thorsten Hein: The paradigm shift in the regulatory approach from ‘what was/is?’ to ‘what if?’ can be attributed to the future becoming more difficult than ever to predict. Can anyone predict with 100% certainty when – or whether – the UK will leave the EU? It makes more sense to look at a number of scenarios and project your expectations based on your findings. If a bank is ready and has an approach as an answer, these most likely will prevail.
The greatest challenges related to what-ifs is to design the right set of models than can be used with an ideally high level of certainty to simulate the future or a particular scenario. Another challenge lies in bringing risk and finance data together and reconciling them so results can be derived properly.
Tom Wilson: The general trend in accounting and capital regimes such as IFRS 9 or Solvency II market-value balance sheets to move from incurred to expected future events is well recognised and often debated. It is positive to move from ‘too little, too late’ or a ‘backward-looking’ perspective, but the resulting regimes tend to be more volatile and heavily reliant on complex models and management judgement. IFRS 9 in particular can lead to pro-cyclical action triggered by short-term dislocations as opposed to economic fundamentals.
Implementing such regimes also presents challenges, especially the systems, including underlying data and computational power, as well as in complex methodologies and associated model and data controls. A greater challenge, however, lies in designing the management framework, including stress-testing and contingency planning, to ensure management actions refrain from pro-cyclicality where possible and remain economic in the face of potential short-term dislocations.
Jordi Mondéjar: The new accounting standards incorporate forward-looking expectations under several scenarios, so banks are now provisioning loan losses according to expected instead of incurred losses. Leaving aside the debate of whether a procyclical impairment recognition is appropriate, the what-if focus required for the development of the new models implies banks are now better prepared to identify a change in the economic situation, anticipate its impacts and define how to cope with a worsening environment.
While compliance is the first goal, what are the main opportunities to deliver additional business benefits from these implementations?
Thorsten Hein: IFRS 9 and CECL pushed banks to require a higher level of skill to manage risk and improve data collection, among other things. But banks will benefit from this approach; now these data-loading processes are already established so they can also be used for addressing topics other than just the regulatory ones. Other benefits are related to staff augmentation: as banks have hired and trained new resources, they can now be used for stress-testing, capital management, and so on.
In a nutshell, IFRS 9/CECL contributed significantly to risk awareness and have improved the maturity of risk culture in banks worldwide.
Tom Wilson: I see further benefits in lowering expenses, improving strategic and risk appetite discussions, and supporting decisions that should translate into increased shareholder value.
Regulatory stress-testing has placed business models and balance sheets under greater scrutiny, prompting a rethink of capital planning and other processes. How has your approach evolved and what have been the key learnings along the way?
Thorsten Hein: First, one should consider consistency. Some countries’ stress-testing is in its infancy stage while others are far more advanced. Depending on regions and countries, regulations and approaches vary a lot, while stress-testing is more comprehensive than IFRS 9/CECL. At least, if undertaken with the right degree of severity, the challenges are pretty much the same – a lack of data, a lack of comparable and reconciled data, and a lack of modelling expertise and resources. Although every bank recognises the value of stress-testing management, many still see it as a ‘box-ticking’ exercise.
The first step is recognising the value of stress-testing, which is now clear. Every bank recognises the value of being able to stress or simply simulate their business under various scenarios. The second step is investment on a platform that can provide such capabilities in a repeatable and robust manner and that serves regulatory requests as well as managerial purposes. Banks with less sophisticated stress-testing regulators currently have, or are planning to have, stress-testing systems that are more capable and can produce more sophisticated results than the pure regulatory exercise.
Natasha Naidoo: The main way in which the approach has evolved is to move the pitch of discussion from technical to business language to facilitate engagement and effective challenge – particularly by the board. This has also meant supplementing regulatory stress-testing with internally designed stress- and scenario testing specific to the risks the business faces.
Several key learnings have emerged. First, for parameterising scenario testing, consulting with a range of stakeholders across the business – as well as economists for macroeconomic assumptions – encourages buy-in and internal consistency in the scenario design.
Second, engagement at an early stage before stress- and scenario-testing results are produced allows time for business experts to form views on expectations of scenario results. This allows a more robust challenge to the results and business model.
Finally, for internally designed scenarios, it is important to consider a range of outcomes and severities, including upside scenarios, to present a more robust view.
David Hookings: Significant investment has been required from banks to meet the recent regulatory stress-testing requirements, which has driven the need to find synergies with other processes to strengthen the business case for changes beyond pure compliance. Stress-testing – both internal and external – shares a number of components with budgeting, capital planning and recovery planning processes, so a theme is emerging among banks to bring these areas closer together as part of their transformation strategies.
Jordi Mondéjar: Regulatory stress-testing has been a key tool not only for supervisors but also for investors and analysts. First, because it has set the grounds for greater transparency in the financial sector further to Pillar 3 reports. Second, it has helped boost the recapitalisation of banks in Europe – institutions that have obtained weaker results in EU-wide stress tests have reinforced their capital levels. It cannot be ignored that these tests are not perfect due to the methodological constraints. However, the overall information they provide for stakeholders is still useful. Third, regulatory stress-testing exercises have been a challenge for institutions, which have enhanced the internal capabilities of their simulation tools. Senior management also has an increased sensitivity to identify and quantify vulnerabilities.
Tom Wilson: Allianz has fundamentally reshaped its capital planning and management processes, not because of regulatory-required stress tests but out of enlightened self-interest due to the greater volatility inherent in Solvency II, which is now the binding constraint for capital management. Specifically, we determine the target solvency position of all our entities based on stress-testing, clearly articulating a post-stress target. Similarly, we base our strategic liquidity buffer on stress-testing to cover possible capital calls from subsidiaries. Allianz also attributes capital for risk/return decisions based on a fully loaded perspective, beginning with the risk-based minimum requirements but adding the extra buffer required by each segment to reach its target ratio. Because each segment reacts differently to the stress scenarios, the implicit target capital buffer required for property and casualty is different than for life and health.
How is the explosion in new technology and fintech innovation altering the regulatory landscape? Are financial firms doing enough to embrace these opportunities?
Thorsten Hein: This is affecting the regulatory side only mildly. Regulators feel more confident requesting more complexity on reports, knowing the technology needed to produce these reports exists. Banks are now trying to fully understand how the uptake of these new technologies can make their lives easier and to respond more efficiently to regulatory requirements. Of course, individual pace depends on the complexity of the question. Technology alone cannot answer these questions; financial institutions also need to apply the adequate skills to come to the right conclusions.
Tom Wilson: Fintech offers the potential to disaggregate the insurer value chain, breaking apart customer acquisition and lifetime value management from underwriting and administration, capital provision and claims management. The most headway is being made at the customer-facing end of the chain in the form of leveraging ecosystems and using big data to support acquisition, retention and cross-selling decisions.
Notwithstanding this, optical character readers, chat bots, pattern recognition for claims photos and augmenting data through other sources at the point of underwriting are being leveraged to improve the customer journey, from acquisition to claims management, and drive efficiency. Recognising the forces of entropy working on traditional business models will not likely abate, Allianz is embracing and pursuing each of these innovations via its Allianz Customer Model, allowing it to leverage the investment across a broader portfolio of customers and businesses.
Jordi Mondéjar: Most emerging technologies respond to the demand of an evolving customer. The regulatory landscape is evolving because of the need to respond to new challenges and opportunities created by such technologies and the demand of new entrants. Consequently, new regulatory frameworks have been created – such as the EU’s Payment Services Directive 2 – and financial firms are in the process of adapting to them. In this context, we need to comply, but we should also analyse the implications of the risks and opportunities that the new regulation entails.
How is the consolidation of data, modelling and reporting processes across risk and finance changing the way banks and insurers approach model risk management (MRM)? What challenges will models based on artificial intelligence (AI) and machine learning present from a governance perspective?
Thorsten Hein: Historically, model risk has been managed at the levels of individual teams – often with tools such as Excel spreadsheets, PowerPoint presentations and governance, risk and compliance solutions. With the number of models increasing, inventory growing more complex, and organisations dedicating expensive resources to developing and supporting these high-value assets, organisations are shifting to modernised model risk platforms. These platforms offer many efficiencies that reduce the burden on modelling teams while enforcing best practice governance. A good example of this is performance monitoring – regulators’ requirement that financial organisations understand how well a model is performing. Historically, this type of backtesting would be performed annually, where results would be compared manually with defined thresholds. However, with models and data changing so frequently, these tests must be performed more frequently. Automated performance monitoring with threshold alerts streamlines these activities and allows better performance transparency. Machine learning models need governance just as other models do, only more so. A desired feature of some machine learning models is to improve automatically through experience and exacerbate model risk. Thus there is an increased need to define operating controls on inputs (data) and output (model results). Their dynamic nature requires more frequent performance monitoring, constant data review and benchmarking, better contextual model inventory understanding, and well-planned and actionable contingency plans.
There are tools available today that allow a model risk manager to use data to drive appropriate policy. The goal of any model risk manager/programme is to identify and remedy models that require attention.
Jordi Mondéjar: Model risk validation activities are largely determined by regulatory and supervisory requirements, but MRM is of utmost importance regardless of these external conditions. It is essential for any institution to understand, monitor and control model risk because we take decisions relying on many complex models.
One of the most relevant challenges when using AI and advanced machine learning modelling methodologies is to be able to update models dynamically. To tackle this challenge from an MRM perspective, the current model governance framework must be enhanced to adapt to this new reality; under these new methodologies, models are trained, tested and gradually refined based on the outputs. In some cases, experience of machine learning experts is added on in a dynamic way. Thus, we need to adapt our internal model governance framework to be dynamic as well.
Natasha Naidoo: Increasing complexity has seen MRM receive more attention from the boards of financial institutions – both in the form of more regular reporting and in it becoming more common to formalise model risk limits as part of a risk appetite framework. Internal model validation is moving away from being something of an annual exercise to a continual, risk-based validation approach. Model risk functions and independent validation units are also increasingly seen as a direct reporting line into the chief risk officer.
The key challenge for AI and machine learning from a governance perspective is defining how to influence and change decision-making in a ‘black box’-type ecosystem. While algorithms are rules-based and more intuitive to validate, the feedback loop within AI and machine learning means a change in the decision-making criteria may not be observable, making it difficult to opine on a model’s validity and consequences for the organisation. To address this, investment in the appropriate specialist knowledge and skills is critical to ensure appropriate oversight.
Tom Wilson: As valuation, reserving and risk models have become more complex, MRM and instituting effective controls around the assumptions, data and reporting process are becoming increasingly important. While MRM and internal controls on financial reporting are necessary, the key is to keep an appropriate balance. There is a high risk of the processes becoming bloated and bureaucratic rather than effective at what they were designed to do – namely, give management confidence that the results represent a fair and accurate representation of the condition of the company.
AI, primarily used in customer lifetime value management and at the customer interface, represents its own challenges – less in the area of financial controls and more in the area of ensuring the fairness of pricing and offers to different customer segments. This is perhaps the biggest area in which insurance regulation will have to catch up with the ‘brave new world’.
Where is the greatest potential for new technology to transform risk and finance in the future?
Thorsten Hein: Business ambitions and regulatory obligations require technology to have more insight into, and better control over, its end-to-end regulatory reporting processes. In parallel, the rising costs and complexity of its finance and risk application landscape are unsustainable in the long run. Financial institutions understand that consolidation of underlying technology, improved data management and more advanced analytics would enable it to develop an integrated view of its activities and performance and become more agile and cost-efficient. But it’s not only about technology – technology never is self-sufficient. Organisations will also need to optimise their business model transformation. New technologies and regulations are together helping drive a competitive wave that will gather momentum over the coming years. Fintech firms and third-party providers will increase pressure on banks and insurance companies to react quickly and intelligently to changing customer demands and business needs. Financial institutions must identify the areas in which they are best able to compete and work out how to implement their unique proposition based on the resources and skill sets they can deploy at short notice. Strategy must become agile in the same way agile development methods are enabling a new generation of digital solutions.
Jordi Mondéjar: CaixaBank believes the greatest potential is related to the automation of credit decisions. This is relevant not only to operational processes and customer experience but also to risk control. Many technologies are now involved – data and advanced analytics to better understand our customers and analyse their risk exposure, for example. New processing capabilities – such as cloud computing – are key to implementing AI algorithms for a higher accuracy in risk modelling. Quantum computing will allow all data available to be processed and simulate multiple potential scenarios for an accurate decision. Other popular technologies such as the Internet of Things or blockchain will also contribute to the transformation of risk departments by capturing more relevant data and introducing traceability.
Tom Wilson: From an overall business perspective, customer lifetime value management – from acquisition or solicitation to underwriting to cross-selling and retention – as well as improvements in efficiency along the entire value chain offer the biggest potential for business impact. From a finance and risk perspective, monitoring fast-moving outcomes from relatively opaque decision mechanisms and setting in place course corrections will be a challenge.