Risk man­agers feel not fully pre­pared to face newer forms of risk

Banking Frontiers - - Research Report -

Risks that face fi­nan­cial ser­vices firms are get­ting more com­plex and risk man­agers feel they are not fully equipped to han­dle them:

Com­plex, in­ter-con­nected new risks are emerg­ing in the fi­nan­cial ser­vices space at a more rapid pace than ever, re­veals the Ac­cen­ture 2019 Global Risk Man­age­ment Study ti­tled `The Sphere of Con­trol’. The re­port says as much as 72% of the risk ex­ec­u­tives sur­veyed un­der the study said so.

“As their busi­nesses ex­per­i­ment with new dig­i­tal tech­nolo­gies, risk man­agers do not feel ready for the knock-on ef­fects and are ur­gently seek­ing to im­prove their abil­ity to spot and as­sess po­ten­tial un­in­tended con­se­quences. As an ex­am­ple, today only 11% of risk man­agers sur­veyed de­scribe them­selves as fully ca­pa­ble of as­sess­ing the risks as­so­ci­ated with adopt­ing ar­ti­fi­cial in­tel­li­gence (AI). Nearly all risk func­tions have started to use ro­botic process au­to­ma­tion (RPA) to au­to­mate rou­tine tasks, but just 10% of re­spon­dents ap­ply ma­chine learn­ing to their datasets. Those that have de­ployed ma­chine learn­ing feel much more con­fi­dent that they have pre­pared their busi­ness for volatile fu­ture sce­nar­ios,” finds the study.


The study says the past decade has seen the risk man­agers deal with many waves of com­plex new reg­u­la­tion re­sult­ing from the fi­nan­cial cri­sis, con­front in­creas­ingly so­phis­ti­cated fraud and fi­nan­cial crime, and grap­ple with the threat of busi­ness­crip­pling cy­ber at­tacks, all while man­ag­ing tra­di­tional fi­nan­cial and op­er­a­tional risks.

“The job is be­com­ing more de­mand­ing, and the re­lent­less change shows no signs of slow­ing down. For a start, new threats have grown sig­nif­i­cantly in im­por­tance in the past 2 years. Some 58% of the risk man­agers we sur­veyed say that dis­rup­tive tech­nol­ogy risk has a greater im­pact on their busi­ness today than it did two years ago. Risks as­so­ci­ated with data breaches have seen the sec­ond-big­gest in­crease in per­ceived im­pact: As much as 55% say they have a greater im­pact today than they did two years ago,” says the study.

The study dis­cusses the case of data breach. It says such a breach might arise from a cy­ber at­tack but could also have data pri­vacy and reg­u­la­tory im­pli­ca­tions. “So the ini­tial at­tack could dis­rupt op­er­a­tions, but also has the po­ten­tial - if it is not han­dled prop­erly - to cause mas­sive rep­u­ta­tional dam­age and at­tract reg­u­la­tory scru­tiny.


The study also re­veals that risk man­agers are most con­cerned that adopt­ing AI, blockchain and RPA will have un­in­tended con­se­quences. They are less con­cerned that more es­tab­lished tech­nolo­gies, such as cloud or the in­ter­net of things, will cause harm.

Says the study: “Us­ing th­ese new tech­nolo­gies would not worry them so much if risk man­agers knew how to mit­i­gate any dam­age they may cause. But they don’t: 89% of re­spon­dents de­scribe them­selves as not fully ca­pa­ble of as­sess­ing the risks as­so­ci­ated with adopt­ing AI, and 955 say the same about blockchain. So it is no sur­prise that, when they are asked which skills they should most ur­gently beef up, they put as­sess­ing and ap­ply­ing dis­rup­tive tech­nolo­gies top of the list. To do this, risk func­tions have to re­cruit roles and skills that didn’t ex­ist within most risk func­tions 3 years ago, such as spe­cific data science, AI and ma­chine learn­ing ex­per­tise, and the abil­ity to de­ter­mine how risks are linked.”

The study also cau­tions that the re­ally se­ri­ous threats come from the in­te­gra­tion of cloud and other emerg­ing tech­nolo­gies, and the con­nec­tions be­tween cloud ven­dors - specif­i­cally, when data flows from one cloud ap­pli­ca­tion to an­other. In­deed, dif­fer­ent se­cu­rity stan­dards, in­com­pat­i­bil­i­ties or mis­con­fig­u­ra­tion can cre­ate vul­ner­a­bil­i­ties that hack­ers can ex­ploit.

The study says 39% of the re­spon­dents are not con­fi­dent of driv­ing re­li­able in­sight from new data sources at the pace nec­es­sary to re­spond to emerg­ing threats.


The study em­pha­sizes that with the ex­ter­nal risk land­scape chang­ing rapidly, the vol­ume of data in­creas­ing ex­po­nen­tially and the de­mands of reg­u­la­tors in­ten­si­fy­ing, it is im­per­a­tive for risk func­tions to col­lab­o­rate closely with func­tions across the en­ter­prise. If they do not, threats can be over­looked and mis­man­aged,

The study found that risk man­agers plan to draw on a much wider range of data sources in the next 2 years to man­age new and emerg­ing threats. For ex­am­ple, while just 35% of re­spon­dents use so­cial me­dia data today, 52% ex­pect to be us­ing it in two years’ time.

It has also found that the risk func­tion has im­proved its col­lab­o­ra­tion with the fi­nance func­tion, but not enough. “Those that are col­lab­o­rat­ing most closely re­port greater re­silience to strate­gic risk. Look­ing ahead, risk man­agers are en­cour­aged to im­prove col­lab­o­ra­tion across the en­ter­prise - not just the fi­nance func­tion - to add value and fac­tor risk into ma­jor busi­ness de­ci­sions ef­fec­tively.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.