The view ahead for risk management
It’s clear that the unprecedented economic turmoil and pace of regulatory change is demanding more and more from financial risk management professionals. FNZ look at some of the key questions that need to be answered as more complexity is added to an already complex area.
Regulatory changes are never far from the top of any risk professional’s ‘to do’ list and in 2018 the twin challenges of MiFID II and GDPR are definitely going to be up there.
While MiFID II is now live – and many organisations have prepared well for its introduction – there’s almost always a gap between preparation and the reality of any major regulatory change. So now is the time to be asking questions and taking a really close look at your risk management framework. Ask yourself: have we monitored at a suitable frequency? Are we prepared to react quickly should an emergency occur?
GDPR’s requirements for identification and management/reporting are more demanding than ever before, so a preparation health check won’t hurt either. Ask: do we have an inventory of new requirements compared to current BAU? Are staff (especially front line staff) prepared and trained? Remember front line staff are the ones handling data from day-to-day – resist any temptation to focus training efforts solely on the compliance department or even on senior management.
Mobile phones are now an essential of everyday life and apps for financial services are a force that cannot be ignored. While almost every high street bank offers an app for customers’ current accounts, apps aren’t yet a necessity for the asset management sector. But as convenience of technology innovation becomes more and more attractive to investors, it’s more or less a given that apps will begin to appear in the sector’s strategic plans. Are risk managers ready to manage the associated risk to harvest the reward?
Algorithm-based high frequency trading increases efficiency, reduces costs and provides a 24/7 service. It’s a booming area. But the inherent risks of models and machine logic versus human judgement, plus the vast amount of data involved means the process is intrinsically risky – how can risk professionals deliver comfort to senior management? What changes need to be made to the risk management framework?
There’s often a gap between preparation and the reality of any major regulatory change. So now's the time to be asking questions and taking a really close look at your risk management framework.
Cyber attacks have been a risk ever since the industry began using computers. With attacks like last May’s WannaCry ransomware causing significant damage, cyber security is the last battle financial risk management professionals want to lose. So is the industry ready for the next cyber attack? It’s impossible to know: the ever-changing nature of computer viruses makes finding the right prevention as elusive as finding the cure for the common cold. Nonetheless, a combination of active firewalls and anti-virus software, regular penetration testing, routine updates of security protocols and database backups reduce exposure and bring residual risks down to a more comfortable level
The political landscape changes so quickly that proactive forecasting and preparation is essential for any financial services organisation. The impact of Brexit, whether potentially negative (changes in workforce movement; the consequences of losing access to the single market) or positive (the potential to access previously discounted territories like the Far East) has to be considered. What impact will Brexit have on your organisation? Are you prepared for every eventuality, good and bad? Does the board understand the risks -- geographical, political or even cultural – that will impact the rewards?
Playing your part to reduce risk
Whatever challenges your organisation faces, there are some common ways to reduce risk:
- Enhance the risk team: From on-the-job training and free webinars from industry forums, right through to certification by industry bodies, there are more ways than ever to up-skill your team. It’s also crucial to learn from the mistakes and triumphs of the past, both internally and externally.
- Understand your personal risk profile: Analyse historic risk incidents to identify risks specific to your organisation – for example, if your core business relies heavily on technology, cyber security will be a key risk to address.
- Educate the whole organisation: Everyone is responsible for dealing with risk, from front line staff right up to the board. Training should be both bottom up and top down.
- Celebrate achievements: It’s never been a more exciting time to be a risk professional so don’t hide your light under a bushel! Share your achievements internally and externally, helping everyone to see the impact successful risk management has on the organisation, the individual and society as a whole.