Risk transformation can enable financial institutions to look at risk management on a continuum from a functional capability to an enterprise responsibility. When this takes place, all functions of the entity recognize the importance of risk awareness and addressing risks that are an integral part of their business strategy and goals. This article will highlight four cornerstones of risk transformation:

  • Strategy
  • Governance and culture
  • Business and operating models
  • Data, analytics, and technology

Data, Analytics, and Technology

As financial institutions plan for increasing regulations and competitive challenges, some find their approaches to be outdated, most often in data, analytics, and technology.

  • Many regulations directly affect data, analytics, and technology.
    • Regulators focused on risk data quality, consistency with financial data, methods of aggregation and reporting, and related processes
    • The Federal Reserve has increased regulators visibility to risk data as well as FR Y-14 Capital Assessments and Stress Testing detailed data submissions for the top 30 US banks
  • Institutions need to optimize risk, not simply lower risk.
    • Having more detailed data that is readily available can enhance how capital is used, and increase its efficiency and return on risk weighted assets.
    • Meeting risk-related business goals will establish a foundation for future risk management and governance efforts.
  • Costs are rising and profits are threatened.
    • Pressuring is rising on profits as institutions attempt to respond to regulatory changes, but also use resources as efficient as possible.
    • Institutions are now recasting data improvement or IT architecting programs with regulatory compliance, and a view of the long-term efficiency of technology.
  • Information technology has become a valuable enabler.
    • IT is enabling risk data aggregation and repositories, structured and unstructured data aggregation, real-time risk reporting, and visualization tools.
    • Only few institutions have begun to face the challenges of formulating data integration strategies governance needed to be useful.

These trends point to the need for a more integrated strategic approach to data, analytics, and technology. The need for aggregated views of risk is driving the breakdown of silos. Silos create technological barriers between finance, risk management, and the front office trying to accomplish optimal compliance. Barriers exist between finance and treasury departments through the monitoring of credit, liquidity, market, currency, counterparty, and other risks. Forward-thinking leaders in this new landscape will take regulatory demands as an opportunity to increase efficiencies all while improving risk management and capital allocation. This requires a transformative mindset where senior management paves the way for others to follow, or else, there will be no buy in.

Monitoring Key Risks

Improved integration with data and analytics leads to enhanced stress testing and monitoring of risks potentially affecting the entity. Monitoring nonfinancial risks often can involve pouring through large amounts of unstructured data from many different sources. This calls for addressing structured and unstructured data in an integrated manner. Conduct risk, which is an increasing focus of regulators, demands surveillance of transactions, most preferably in real time. This monitoring can also involve unstructured data, which provides the context of transactions as well as more structured data for accounts, amounts, controls and access patterns. This presents a strong rationale for integrating data sets, and for capabilities that can enable analytics of diverse data sets. Analytics must not only enable risk reporting, stress testing, and model validation, but also monitor transactions, positions, and risks on individuals and aggregate levels. As with data integration, the analytical possibilities are ever expanding with the evolution of technology.


Traditionally, databases have been geared primarily for storage and integration. Combining business rules and standardization in appliances represents a shift away from applying business rules and standards after data was centrally stored. The following emerging technologies can enable the kind of data access, integration, and analytics institutions require now:

  • Streaming technology and event processing technology
    • These are still limited to high velocity and smaller volume trading situations and have yet to see wide application
    • Potential for broader adoption with transactions and conduct surveillance
  • Open source
    • Technologies can enable access to data in its native form and provide analytical capabilities to its users
    • Technologies can enable queries on large, unstructured data sets
  • In-memory technologies
    • Major enterprise resource planning vendors and emerging companies provide in-memory or equivalent solutions
    • These technologies may help overcome limits of relational databases

Self-service and visualization tools are also winning acceptance. These put analytical and monitoring capabilities into the hands of users and eliminate the need to transfer data to different analysts. Self-service can also enable entities to provide regulatory transparency as they seek risk data and information. Enterprise governance, risk and compliance solutions are starting to rapidly gain acceptance following the Sarbanes Oxley Act of 2002 over controls over IT and financial reporting. In light of more stress-testing requirements, many ERP vendors are trying to extend solutions to apply against challenges of data convergences across finance, risk, and treasury. These ERP programs are still relatively new and thus unproven in delivering the promised benefits, but they will become a standard for the future. Technology is undergoing generational change with short and long-term impacts on how entities structure, store, access, and analyze data.

The Business Case

In the business sense, companies must specify between transformation in the business case and regulatory. These two are intertwined in that compliance is not option as is the business case regarding data, analytical, and technological transformation. This rests on using increasing regulatory pressures as an opportunity to transform risk-related opportunities over time. Fragmented approaches to regulatory compliance often wastes money and other resources. An integrated approach may reduce the TCO of technology and optimize efficiencies. The point of a transformative approach is to have both the regulatory requirements and business case that permeates the organizations approach to data, analytics, and technology. This will make organizations capable to break down siloed areas and strengthen the three lines of defense.

Institutions should also aim to position themselves to understand risks more broadly and deeply by smartly allocating capital and enhancing the selection and management of businesses. Improved data aggregation, analytical accuracy and immediacy, greater operation efficiency, and enhanced competitive advantage.  

Link: Deloitte & Touche LLP "Implementing Risk Transformation in Financial Institutions"

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2019-07-30