Bob’s guide to… risk management systems: What should your priorities be?

By David Beach | 18 October 2017

This article is the second installment in the bob’s guide to acquiring risk management systems (RMS). The previous article in this guide, looked at the five questions to determine if you need a new risk management system, and lay the important groundwork before choosing the right system for your organization.

The bobsguide risk management survey, upon which this guide is based, uncovered the hesitations and expectations of the 200 risk professionals surveyed around RMS. It’s worth reiterating what that groundwork entails and what considerations have to be taken into account before moving on to choosing.

The first consideration was to have a good sense of your risk appetite and to identify a glossary of risk relevant to both your sector and specific organization. Naturally, it is expected that risk professionals have a pretty good idea of which risks they are prioritising, but how those risks interact together or, moreover, mitigating how they interact with unforeseen future risks is the aim of the game. This glossary will allow for a clear list of risks to manage to varying degrees of priority, and an idea of which variables or combinations of risks that need to be computed and quantified into hard, usable data by the RMS. With this in mind, and, of course, assuming you are looking to purchase, you must consider what it is you wish to improve; whether you are due for a complete overhaul of system or simply wish to augment certain aspects of your existing RMS.

The complete overhaul may seem a daunting prospect as the logistics of disruption may counterbalance the overall benefit, but if your current RMS is only satisfactory, chances are there’s room for improvement. A lot of that improvement is only visible through a crystal ball but as a general rule, a new or augmented RMS should make your job more efficient rather than more complicated. When we say more efficient, we mean you can delegate certain tasks previously performed by humans to automation and machines. This means you can apply yourself and your team to the human-only tasks. In fact, there are myriad ways AI is redefining financial risk management, from the advanced capabilities of big data and improved analytics, to the buzzwords of Artificial Intelligence and machine learning. And buzzword they are, where any old predictive tool is pedalled as AI. The reality is there are plenty of machine intelligent solutions out there, largely in response to the more stringent regulations.

Choosing - what to look out for

Meeting regulations has certainly come to the forefront of risk professionals’ concern. Indeed, the bobsguide risk management survey reported that the cost of regulatory compliance was the key concern for 43.2% of those surveyed, whilst the next greatest concern at 37.8% was the feasibility of meeting changing regulations. MiFID II, the General Data Protection Regulation (GDPR) and the recent AML directive all require more sophisticated and more capable big data analysis to comply or risk the heavy fines of failure. Audit trails, accounting for huge amounts of data, must be stored in active siloes and accessed by varying degrees of security, to comply both with the enhanced privacy rights of GDPR and the lifecycle management imposed by MiFID II.

The technological trend, coined by many as the next industrial revolution, will see widespread application of machines to wholly inconceivable tasks. Semi supervised machine learning - that is, with limited human intervention - can pick up unique insights that humans are unable to find. AML is a good example of this. HSBC’s anti-money laundering AI processes the vast quantities of transactional data and identifies patterns that the human eye simply cannot pick up. The resulting customer segmentation by AI is far more effective at reducing false positive rates than the human-led rules and risk approach. In this way, the dramatic sophistication of technological progress which does not seem to be slowing, has the potential to vastly change the way risk management operates for the better. The transition and trial-and-error period we find ourselves in, however, will have to be navigated carefully.

Compliance also ranked highly as a key function of RMS expected by the respondents in the survey. 47.3% indicated compliance should be integrated into RMS and working in tandem with other, traditional functionalities of risk such as: Market risk (also 47.3%), Credit risk (37.8%), Operational risk (32.4%), liquidity risk (28.4%), Asset and liability (25.7%), Collateral management (17.6%), and Other consisting of largely trade risk (5.4%). It is no wonder then that if the expectation is there for a super bespoke all-encompassing RMS, that risk analytics as a key functionality should dominate first place at 51.4%. As previously stated, a good glossary of risk and risk interplay is integral, but it is the RMS that will be quantifying those variables for more malleable and tangible use by risk managers and the board.

What to avoid

Cost is certainly an issue when it comes to new systems. Although a consultation period with the provider should bring to light major implementation problems, there’s a possibility that the intermediary disruption period and bugs post-implementation may cause more of a headache than they’re worth. Poor implementation or incompatibility with other key areas of the organization network could wrack up the bill, whilst the timeline could also extend well into many months.

Solution providers nowadays offer cloud technology, which enables external implementation (i.e. an add-on in most cases) and minimal internal interference to the organization’s network or business-as-usual. Depending on the sector, most providers allow the risk managers the ability to set their own ‘smart’ parameters to mitigate and monitor risk - in this regard, the organization has more control over the finer details of management, rather than a scaled-up database with analytic capability. Now more than ever is the time to be investing in predictive and adaptable technology, capable of reacting to new and emerging future risk and regulation trends.  

Whilst implementation concerns (54.1%) and cost (48.6%) were the biggest turn-off points, 33.8% were concerned about over-complicating and 21.6% indicated that ease of use was a factor. Evidently, a seamless and efficient integration process with post-purchase support, and an easy to use (or at least, employee trained) interface was the optimal solution.

The final article in this ‘bob’s guide to… risk management systems’ looks at the challenges of post-purchase implementation, with accompanying case studies and industry insights.