Digitization has become deeply embedded in banking strategy, as nearly all businesses and activities have been slated for digital transformations. The significant advantages of digitization, with respect to customer experience, revenue, and cost, have become increasingly compelling. The momentum to adopt the new technologies and operating models needed to capture these benefits continues to build. The risk function, which has seen significant growth in costs over the past decade, should be no exception. Indeed, we are starting to see digital transformations in risk create real business value by improving efficiency and the quality of risk decisions. A digitized risk function also provides better monitoring and control and more effective regulatory compliance.

Experience shows that the structural changes needed to bring costs down and improve effectiveness in risk can be accomplished much like digital transformations in other parts of the bank. The distinguishing context of the risk environment, however, has important implications. First, risk practitioners in most regulatory jurisdictions have been under extreme pressure to meet evolving regulatory requirements and have had little time for much else. Second, chief risk officers have been wary of the test-and-learn approaches characteristic of digital transformation, as the cost of errors in the risk environment can be unacceptably high. As a result, progress in digitizing risk processes has been particularly slow.

This status quo may be about to change, however, as global banking leaders begin to recognize how substantial value can be unlocked with a targeted digital agenda for risk featuring fit-for-purpose modular approaches. In addition to the objective of capturing value, this agenda incorporates risk-specific goals. These include ensuring the ongoing effectiveness of the control environment and helping the risk function apply technology to better address regulatory expectations in key areas—like risk measurement, aggregation, and reporting.

What is digital risk?

Digital risk is a term encompassing all digital enablements that improve risk effectiveness and efficiency—especially process automation, decision automation, and digitized monitoring and early warning. The approach uses work-flow automation, optical-character recognition, advanced analytics (including machine learning and artificial intelligence), and new data sources, as well as the application of robotics to processes and interfaces. Essentially, digital risk implies a concerted adjustment of processes, data, analytics and IT, and the overall organizational setup, including talent and culture.

Three dimensions of change: Processes, data, organization

To realize the full benefits of process and decision automation, banks need to ensure that systems, processes, and behaviors are appropriately fitted for their intended purpose. In the risk environment, prioritized use cases are isolated in such areas as credit underwriting, stress testing, operational risk, compliance, and control. In most banks, current processes have developed organically, without a clearly designed end state, so process flows are not always rational and efficient. Operational structures will need to be redesigned before automation and decision support can be accordingly enabled.

Data, analytics, and IT architecture are the key enablers for digital risk management. Highly fragmented IT and data architectures cannot provide an efficient or effective framework for digital risk. A clear institutional commitment is thus required to define a data vision, upgrade risk data, establish robust data governance, enhance data quality and metadata, and build the right data architecture. Fortunately, processes and analytics techniques can now support these goals with modern technology in several key areas, including big data platforms, the cloud, machine learning, artificial intelligence, and natural-language processing.

The organization and operating model will require new capabilities to drive rapid digitization. Although risk innovation takes place in a very specific, highly sensitive area, risk practitioners still need to create a robust culture of innovation. This means putting in place the right talent and nurturing an innovative “test and learn” mind-set. Governance processes must enable nimble responses to a fast-moving technological and regulatory environment. Managing this culture of innovation in a way that is appropriate for risk constitutes a key challenge for the digitized risk function.

Adapting digital change to the risk context

Most institutions are digitizing their risk functions at a relatively slow pace, taking modular approaches to targeted areas. A few have undertaken large-scale transformation, achieving significant and sustainable advances in both efficiency and effectiveness. Either way, in the risk context, care must be taken when adapting test-and-learn pilots commonly used in digital transformations in other parts of the bank. Robust controls must be applied to such pilots, as the tolerance for bugs and errors in risk is necessarily very low. When digitizing processes relating to comprehensive capital analysis and review (CCAR), for example, solutions cannot be introduced into production before thorough testing has convinced designers and practitioners of their complete reliability and effectiveness. In certain other risk areas—such as monitoring and early-warning systems in commercial credit risk—banks can use test-and-learn approaches effectively.

The path to digital risk will be a multiyear journey, but financial institutions can begin to capture significant value within a few months, launching tailored initiatives for high-value targets. As the risk function becomes progressively digitized, it will be able to achieve higher levels of efficiency, effectiveness, and accuracy. In the future, risk management will be a lean and agile discipline, relieving cost pressures, improving regulatory compliance, and contributing to the bank’s ability to meet escalating competitive challenges. The first steps toward that future can be made today.