When it comes to financial services risk management, many financial institutions seem to have risk management nailed down, from system implementation through processes and governance. However, when analysts at MountainView Financial Solutions, a Situs company, dive deep into risk management discussions with industry partners, we find that even the most well-organized and well-staffed institutions require regular self-evaluation to determine whether their approach to risk management is both tactical and strategic. While many of the challenges we see are unique to a specific risk function, often such challenges are a byproduct of broader risk management myths that cause financial institutions to make costly errors. Here are three key myths to avoid when developing your risk management approach:
Myth 1: Risk management comes down to a specific person, function, process or technology
An occasional mistake made by many institutions is to treat risk as highly specific and the result of singular functions. While it is critical to identify specific risks within a financial institution, it may create new risks if the institution’s risk audits and resulting corrective actions are limited in scope. Often, specific risk is either a) a byproduct of another risk, or b) will result in one or more new risks if not properly evaluated.
It is important to keep in mind that the industry continues to learn the lesson that risk is interconnected and trickles down from factors both outside and within your organization. For example, data management impacts the accuracy of financial models, and the assumptions and outcomes of those models feed other models. This in turn impacts the accuracy of information on which stakeholders make business decisions. By looking at specific risk within the context of systemic risk (including data, technology, functions, processes, policies and regulations) and thinking through how risk cascades, financial institutions will be able to capture risks earlier, prevent them later and do it more efficiently.
Myth 2: Risk management responsibilities are owned by risk management professionals
Of course, risk management professionals are hired to manage risk and when something goes wrong, they will surely be the first to answer the hard questions. But, as the saying goes, “point one finger and three will point back at you.” When something goes wrong at a financial institution, it is rarely the fault of one individual. Even in the cases of fraudulent activity or insider trading when the big arrow points to one bad apple, other factors come into play, such as the effectiveness of policies, communication and ethics training.
Some institutions mistakenly view risk management through the lens of regulatory compliance alone and hire individuals based on the premise that passing the audit is the core risk management objective. This narrow risk management narrative is rapidly becoming outdated within financial services. Of course, passing an audit is important so long as it is not the only risk management objective. There is a fundamental shift in how financial institutions approach risk management — and that is to drive a culture of risk management and compliance from the ground up. Establishing a risk philosophy and building a risk-aware culture will reinforce how leaders, managers and employees perceive and account for risk in day-to-day activities.
Myth 3: With better tools and technology, fewer audits, validations and analyses are required
Systems, artificial intelligence (AI) and machine learning all offer amazing, groundbreaking developments in financial services risk management. Exploring and implementing such tools will most definitely increase efficiencies in your risk management approach and will likely capture more errors. That said, since some of these tools are fairly new, and others are still subject to human error, overreliance on systems, automation and AI may pose a risk.
The learning curve associated with many new systems can sometimes result in modeling errors, data integrity challenges and additional work. While we advocate for modernizing and automating risk management, third-party, objective reviews are still required, and the frequency of third-party reviews may even increase as new tools are embraced. The takeaways are to evaluate your systems and technology options thoroughly, choose tools and technology strategically and in a way that won’t disrupt your institution, and look for forward-thinking risk analytics partners that understand modeling software and watch tech advancements closely. As systems and technology evolve, so too should your third-party partner.
If your institution requires comprehensive model validation, loan analytics or deposit studies, reach out to Andrew Phillips, Andrew.firstname.lastname@example.org