Risk managers feel not fully prepared to face newer forms of risk
Risks that face financial services firms are getting more complex and risk managers feel they are not fully equipped to handle them:
Complex, inter-connected new risks are emerging in the financial services space at a more rapid pace than ever, reveals the Accenture 2019 Global Risk Management Study titled `The Sphere of Control’. The report says as much as 72% of the risk executives surveyed under the study said so.
“As their businesses experiment with new digital technologies, risk managers do not feel ready for the knock-on effects and are urgently seeking to improve their ability to spot and assess potential unintended consequences. As an example, today only 11% of risk managers surveyed describe themselves as fully capable of assessing the risks associated with adopting artificial intelligence (AI). Nearly all risk functions have started to use robotic process automation (RPA) to automate routine tasks, but just 10% of respondents apply machine learning to their datasets. Those that have deployed machine learning feel much more confident that they have prepared their business for volatile future scenarios,” finds the study.
The study says the past decade has seen the risk managers deal with many waves of complex new regulation resulting from the financial crisis, confront increasingly sophisticated fraud and financial crime, and grapple with the threat of businesscrippling cyber attacks, all while managing traditional financial and operational risks.
“The job is becoming more demanding, and the relentless change shows no signs of slowing down. For a start, new threats have grown significantly in importance in the past 2 years. Some 58% of the risk managers we surveyed say that disruptive technology risk has a greater impact on their business today than it did two years ago. Risks associated with data breaches have seen the second-biggest increase in perceived impact: As much as 55% say they have a greater impact today than they did two years ago,” says the study.
The study discusses the case of data breach. It says such a breach might arise from a cyber attack but could also have data privacy and regulatory implications. “So the initial attack could disrupt operations, but also has the potential - if it is not handled properly - to cause massive reputational damage and attract regulatory scrutiny.
AI, BLOCKCHAIN, RPA
The study also reveals that risk managers are most concerned that adopting AI, blockchain and RPA will have unintended consequences. They are less concerned that more established technologies, such as cloud or the internet of things, will cause harm.
Says the study: “Using these new technologies would not worry them so much if risk managers knew how to mitigate any damage they may cause. But they don’t: 89% of respondents describe themselves as not fully capable of assessing the risks associated with adopting AI, and 955 say the same about blockchain. So it is no surprise that, when they are asked which skills they should most urgently beef up, they put assessing and applying disruptive technologies top of the list. To do this, risk functions have to recruit roles and skills that didn’t exist within most risk functions 3 years ago, such as specific data science, AI and machine learning expertise, and the ability to determine how risks are linked.”
The study also cautions that the really serious threats come from the integration of cloud and other emerging technologies, and the connections between cloud vendors - specifically, when data flows from one cloud application to another. Indeed, different security standards, incompatibilities or misconfiguration can create vulnerabilities that hackers can exploit.
The study says 39% of the respondents are not confident of driving reliable insight from new data sources at the pace necessary to respond to emerging threats.
QUESTI0N OF DATA
The study emphasizes that with the external risk landscape changing rapidly, the volume of data increasing exponentially and the demands of regulators intensifying, it is imperative for risk functions to collaborate closely with functions across the enterprise. If they do not, threats can be overlooked and mismanaged,
The study found that risk managers plan to draw on a much wider range of data sources in the next 2 years to manage new and emerging threats. For example, while just 35% of respondents use social media data today, 52% expect to be using it in two years’ time.
It has also found that the risk function has improved its collaboration with the finance function, but not enough. “Those that are collaborating most closely report greater resilience to strategic risk. Looking ahead, risk managers are encouraged to improve collaboration across the enterprise - not just the finance function - to add value and factor risk into major business decisions effectively.