Proactive approach key to navigate the emerging risk landscape

23 January 2019 Consultancy.uk

In today’s increasingly uncertain risk landscape, executives are continuously searching out ways to curb vulnerabilities, complex dependencies and the threat of disruption. According to experts at Arthur D. Little, leaders now require a “sixth sense” of risk, to provide intuition into the emerging risk landscape and enable their organisations to sense and respond to emerging risk. This can be achieved through a proactive approach to risk management, write UK-based advisors Tom Teixeira, Emily Channon and Marcus Beard.

At its core, proactive risk management involves identifying emerging risks early, determining how they should be prioritised, and then responding to them quickly and effectively. The integration of this approach is facilitated by a shift in risk management from a reactive “measure and manage” approach to an anticipatory “sense and respond” tactic , which utilises organisation-wide engagement to ensure a dynamic response to risk.

Traditional enterprise risk management (ERM) is well suited to complicated organisations facing determinant risk. This typically features optimised risk management strategy – a one-size-fits-all approach based on past experiences; a “Measure and manage” risk approach – reactive response with separation between risk management and organisational strategy; and lengthy internal and public monitoring methods – risk registers, audit committees and annual reports.

Such risk management approaches can lead to over-reliance on conventional methods and discourage exploration of novel risks and control measures. Even organisations with exceptional risk management processes may fall foul of emerging risks as they lack the agility to adapt in time. Indeed, the more skilled an organisation becomes at managing its known risk profile, the harder it may be to spot weaknesses or respond quickly to new threats. Three key aspects that are integral to proactive risk management:

Forward-facing practices

As complexity and uncertainty increase, so do the associated risk and the difficulty of identifying this. Predictive risk identification techniques such as horizon scanning and key risk indicator (KRI) monitoring should be used to detect, predict and monitor emerging risks. Subject-matter experts should scan the horizon, analysing trends to determine probable futures using political, societal and organisational data. From this, potential emerging risks can be identified in advance, and effective management strategies put in place.

Three integral aspects of agile risk management

Once potential risks have been identified, they can be monitored using KRIs, which provide leadership with a real-time health assessment of the organisation. KRIs are leading indicators which are calibrated to provide a “red flag” prior to a risk event occurring; the calibration should be directly related to an organisation’s risk tolerance. These contrast to key performance indicators (KPIs), which are traditional, well-established lagging indicators that provide situational awareness after a risk event has occurred. Such metrics are useful for preventing known risks and recording the performance of control measures, but they do not provide the whole picture.

The “Holy Grail” is to have a set of both leading and lagging indicators to support timely intervention to protect the organisation and mitigate the risk. KRIs are most effective when detailed understanding of a risk allows informed thresholds to be set. When the threshold is exceeded, an alert can indicate that the probability of a loss has risen considerably and the risk requires immediate attention.

Dynamic prioritisation

Emerging risks are particularly difficult for leadership to prioritise when traditional rating methods rely on severity and likelihood – how can these be gauged when there is no supporting data? A helpful metric here is risk velocity – how quickly an organisation will feel the impact of a risk event. For example, reputational damage due to one-off extremely negative media coverage would be high velocity, whereas changing customer needs as they embrace new preferences would be lower velocity. The high-velocity emerging risks should be given high priority and brought to the attention of the executive.

For such risks, a “knowledge base – control effectiveness” map provides an effective reporting tool for executives, as emerging risks can be put in context by relating them to risks with which leadership is familiar. Where velocity is indicated by the size of the marker on the map, it is easy to identify which emerging risks require the highest priority for oversight. The dynamic nature of the map provides a more engaging way of presenting risks than the traditional risk register, and can be a useful visual tool for working sessions.

Essential to successful risk management today is understanding the varying requirements for different categories or phases of risks. Static risks – which are well understood, have effective control methods, and are unlikely to fluctuate a great deal in the future – are well suited to traditional governance and oversight. Such risks are positioned in the bottom-left quadrant of the map and can be effectively monitored by the risk function.

Control effectiveness map

Conversely, high-velocity emerging risks, which are poorly understood and have no controls, should be proactively managed through executive oversight and a disruptive management team. The result should be that as both understanding and control effectiveness grow, the risk migrates to the bottom-left quadrant. At this point the responsibility of oversight shifts to the risk function.

Adaptive response

Adaptive response is the ability of an organisation to manage different phases of risk through the most appropriate approach, balancing traditional and proactive methods. One proactive method is disruptive management, which comprises multidisciplinary teams that can challenge conventional methods, adapt a project as it develops, and foster a “fail early, learn fast” attitude. The output is achieved through breaking a project into numerous small sub-projects known as “sprints”, with proof of concept required at each stage.

Regular meetings are held for progress updates and to ensure that the optimal approach is used. The result is that the end goal is agreed at the project outset; however, the route to get there is not set in stone and may deviate from initial expectations. Using forward-facing practices enables the team to adapt to changing information as understanding of the risk evolves. A reporting tool such as the knowledge base – control effectiveness map then provides evidence of success, as teams should observe migration towards the bottom-left quadrant if their approaches are effective.

Conclusion

For organisations to respond effectively to risk within the current evolving risk landscape, a “sixth sense” must be engaged and a proactive approach employed. A combination of proactive risk practices alongside traditional ERM methods can aid executives in preparing their organisations for the unforeseen.

Related: The top 10 business risks for executives and multinational companies.

More news on

×

An 8-step framework for banks to prepare for FRTB changes

02 April 2019 Consultancy.uk

With FRTB expected to come into force in 2022, it is critical that banks implementing necessary changes remain on track for their compliance timelines. Whether a company is aiming for the mandatory Standardised Approach (SA) or the voluntary Internal Models Approach (IMA), the programs often represent a significant investment, requiring process, systems and cultural change. 

Drawing from its experience in helping banks meet the milestone set in their compliance timelines, Capco – a management and technology consultancy for the financial services industry – has developed an eight-point prioritisation framework for FRTB preparation and implementation. Natasha Leigh Giles, a Managing Principal at the consultancy, outlines the main dimensions of the framework: 

Prioritisation framework for FRTB

1. Front office operating model

For those who have already implemented the Volcker rule, the desks are well defined with monitoring and governance frameworks. However, for companies that have not been required to adhere to the U.S. regulation, there may be additional work involved in implementing desk-level controls as required under FRTB. The trading desk structure is especially important for banks planning to implement IMA, as this regime is applied at the desk level and requires that the full flow of the selected desk is able to pass the IMA requirements (including the modelability test for the risk factors). Key business decisions may be required if a desk trades complex products that are more aligned for SA treatment. 

2. Product scope

In order to reach the IMA status, products are required to be supported with additional data sets including historical market and reference data as well as risk factor pricing evidence. The opportunity for 2019 lies in refining the assessment on the feasibility of each product type to ensure a clear scope is agreed for the IMA environment. If the challenges are too complex or costly to overcome, such as access to historical market data, availability of price verification for the risk factors or significant enhancements to support computational capacities, then these products should be scoped out of the IMA program as soon as possible in order to save time and effort on continuing analysis. 

3. Client & trading activities

There is no need to wait until the FRTB implementation timeframe to undertake a holistic review of client and trading profitability – including the capital impacts. For example, running training and awareness campaigns within the front office can help the traders to understand the impacts of their activities and encourage changes in the way that they trade. By considering this holistically as a business and operational change, it can help keep the focus and resources on the primary (profitable) business in preparation for the compliance deadline. 

4. Internal controls

Methodology, reporting, auditability, and process governance for internal controls also need to be monitored in detail. We recommend having clearly defined processes accompanied by effective training across front-to-back office. For some banks, it will be beneficial to audit existing capital adequacy processes to ensure that findings are highlighted in advance of the implementation timeline and the appropriate focus is achieved within senior management.

5. Data & metrics

Financial institutions need to consider their overarching governance and ongoing management for the data (including ownership, quality control, golden source storage solutions, etc.) and the ongoing control framework for ensuring the data remains accurate and relevant for capital adequacy modeling. If there has not been a data lineage exercise already applied, this is a great opportunity to deliver business benefit, even in 2019. By creating agreed definitions, preferred sources, ownership and workflows for managing data quality, the benefits of more accurate data can already be applied to existing capital calculation models. 

Framework for FRTB

6. Model management & validation framework

In preparation for the FRTB regime, an opportunity for 2019 is to understand if there are gaps or control concerns to manage immediately. Model enhancements across SA and IMA will need to be productionized for output accuracy and refinement, however, these need to be maintained alongside existing Basel 2.5 BAU models and other concurrent changes e.g. LIBOR Transition. Business process optimization, testing environments and automation tools, documentation and model validation can all be reviewed for immediate benefits and prepare the process for a smooth implementation of the future FRTB models. 

7. Technology platform & testing environments

With regards to technology planning, the opportunity in 2019 is focusing on gaining agreement of the front-to-back FRTB future state architecture including the use of vendors as applicable. By ensuring a disciplined focus upon design and solution definition across all requirements, it provides a clear baseline for implementation planning and scheduling. Establishing a technology architecture which allows for FRTB data feeds, model enhancements, control definitions and accurate capital calculation outputs will provide the program with essential data and metrics needed for decision making. 

8. Leverging synergies

Once a baseline plan has been established, it is possible to identify synergies across other programs – such as the SA-CCR (Standardized Approach for Counterparty Credit Risk) or the IMM (Internal Models Methodology) – that could deliver overlapping benefits at reduced effort. Understanding requirements, defining the future state architecture, and implementing the change in a complex environment requires a mix of strategic principles and program management. Therefore, we consider it an opportunity for 2019 to take a centralized approach for data lineage and requirements gathering as this would be beneficial for optimizing capital costs across both the market and credit risk environment.

Conclusion

By considering each topic strategically in 2019, benefits such as data quality enhancements, strengthened internal controls and flexible test environments will not only bring immediate business value, but also set a solid foundation for a comprehensive FRTB implementation in the years to come. 

For more information on Capco’s model and the its approach in helping banks plan for FRTB, download the full whitepaper on the firm’s website.