While data and technology continue to evolve rapidly, the use of models and broader analytics to manage financial risk continues to expand with greater reliance on AI and availability of new industry technologies. However, as the industry becomes more accustomed to managing financial risk through new technologies, the industry has failed to sufficiently leverage new technologies to manage nonfinancial risk (NFR), whether related to compliance failures, misconduct, technology, or operational challenges.
In these instances, failing to effectively manage NFR has only a downside. And the downside is large considering the continuing and recent headlines where losses through regulatory fines, remediation activities, and operational mishaps claims millions to an organisation’s bottom line. Yet the direct financial consequences of NFR are not the only consequences. The reputational damage wrought can hit an organisation hard at a time when customers, shareholders, and the public at large question the social and corporate responsibilities of financial services. All of this, and the prospect of still tighter regulation, puts considerable pressure on financial services to manage NFR better. The attached two-minute video gives an interesting view on the problem The Control Environment Industry Challenge.
The old working norms of reviewing every record in the control population to provide assurance only focuses on historical performance and can no longer claim to provide effective oversight over continuously changing processes and risk environment. Which in turn, with the current approach using minimal new technologies, is increasingly becoming unwieldly, too costly to manage, error prone and unsustainable.
As risk practitioners, we need to find new directions and advocate for new technologies and risk tools that provide predictive and real time diagnostics of potential issues and direct efforts to mitigating issues in areas that are of highest importance. I believe that is not a contradiction to be risk averse and simultaneously embrace new technologies. We can use our collective experiences (including through frameworks, control sampling and assessments) to cautiously embrace these new technologies. If we do not disrupt ourselves, the emerging market trends will disrupt us.
Our risk and compliance functions need to complement traditional sample testing with advanced diagnostic tools to provide effective assurance and free up risk and compliance effort to focus more broadly on areas that require urgent and timely attention. We can lead the change that this needed.
The need has never been greater especially as regulators raise the benchmark introducing tougher standards to strengthen operational resilience (e.g. APRA’s upgraded CPS 230).
Would love to hear practitioners’ thoughts on this.