ORX: Safe digital transformation calls for fundamental shift in op risk models

Global financial institutions must manage risk more actively if they are to succeed with the digital transformations necessary to keep them relevant and competitive.

This is the warning from Simon Wills, executive director at global operational risk association, ORX whose latest report, Right Time, Right Place, explores ways in which operational and non-financial risk management functions can support their businesses as they go through vital digital transformations.

Wills's report seeks to demonstrate that risks are now faster, more complex and more ambiguous than we’ve seen in the past. Events are more interconnected than ever, and impacts are multifarious and interlocked.

As a result, ORX proposes that risk management be automated, real-time and pre-emptive, and reputation and service resilience be addressed side-by-side with financial resilience.

Wills comments: “We know that the COVID-19 pandemic has been a wake-up call for risk leaders within global financial services and the challenge now is to recognise and embrace the acceleration of digitalisation and develop new risk management practices to keep up. Many legacy frameworks and out-of-date approaches to risk will leave banks and insurers behind, and that will happen very quickly as digitalisation changes core business practice forever.

“Operational and non-financial risk management functions have had to optimise quickly and it is fair to say that it is now impossible to be successful at change as a business without active risk management. Getting the right skills on the team, embracing innovative technologies and inspiring a culture of change will help risk managers to see the shift they need to be more active and move the risk agenda forward for a digitalised future.”

Report highlights: Right Time, Right Place (Source: ORX)

The report urges risk managers to consider the following:
• Optimise, active, or both?

ONFR leaders must consider their ambition. Do they only want to “Optimise” (i.e. work more efficiently, reduce the administrative burden risk management places on others, simplify frameworks, deploy innovative tools and practices)? According to the report, this will only allow them to keep pace with the risk profile. To get ahead of the rapidly changing risk profile, ONFR leaders need to consider being more active – which means being on the front foot at all times, pre-empting the risks associated with change initiatives by working with the business to mitigate them in the design and development phase. It means translating the risks into actionable processes for senior management, offering active crisis management, ensuring a sharp focus on the most material risks, and scanning the horizon for the risks that lie ahead. To be active, the risk function needs to be fast, dynamic and innovative – both in the digital tools it deploys but also in how it positions itself in the organisation.

• Strategic capabilities

Banks and insurers need to embed a set of strategic capabilities – technological, cultural, and organisational. The technological enablers revolve around using analytics on data that already exists to see the risks that lie ahead, to get in front of them and to introduce the appropriate control. The cultural enablers involve establishing senior-level relationships and being able to persuade and influence actions before risk events occur. Organisational enablers revolve around skills, for example specialist data science skills, skills in cyber security, and strong scenario development skills.

• Capitalising on new technology

ONFR leaders should consider using the following available technologies to enhance their risk management practices:
o Cloud Computing provides a platform to bring together disparate datasets and information to create the portfolio view of risk that is central to ONFR
o APIs break down the boundaries between functions and institutions, allowing risk to take advantage of an ecosystem of innovative providers and scale efficiently
o AI and machine learning underpin some of the most significant innovations in risk management. Activities that were once slow or even impossible, can now be done in real time

• Being the umbrella function

ONFR needs to provide an overarching framework, bringing consistency across specialist second line control functions and working with compliance teams for an integrated approach to non-financial risk management.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.