Making Holistic and Data-Driven Risk Management a Reality
Enterprises depend on entity data to effectively manage risks. So, data leaders are working to establish single sources of truth for risk data and create integrated views of enterprise risk
The strategic conversation around risk is changing. Data-driven tools we could only imagine a decade ago are transforming risk management from a defensive business function to one that drives enterprise performance.
Even at companies with relatively traditional risk functions today, data-focused executives are very aware of the ways they can help to transform their organizations’ risk management strategies in the future.
“Risk is all about quantifying things and making them measurable, and this is pretty much what we do,” says Dirk Jungnickel, SVP, Enterprise Data and Analytics at Emirates Group. “This is something which, over time, very likely we could get involved in much more.”
“The key challenge most organizations have is that risk people often don't understand data and data people often don't understand risk”
Gladwin Mendez, Data and Technology Operations Officer, Fisher Funds
Many data teams still provide entity data and other specialist datasets to the risk-focused units across their companies on a siloed basis. But these executives are increasingly exploring what they can do to better serve the needs of their organizations.
“The organizations that have already made the transition to an integrated data model are the bigger organizations and those that have presence across regions,” notes Carolina Azar, Director, Product Strategy at Moody’s Analytics. “Through data or knowledge portals, these organizations are providing their teams access to a more holistic approach to data management.”
“This transformation is about moving away from providing raw and disperse datasets into an integrated data management approach,” Azar continues. “Data users can then get more accurate and faster insight, instead of spending their time making sense of large and diverse datasets.”
Fostering Collaboration Between Data and Risk
The lack of collaboration and shared understanding between data and risk teams is a key challenge in many organizations. Fostering collaboration and shared working practices is the first step toward transforming the role risk functions play within the modern enterprise.
“I would say the key challenge most organizations have is that risk people often don't understand data and data people often don't understand risk,” says Gladwin Mendez, Data and Technology Operations Officer at Fisher Funds. “Coming from a risk background, I've seen it time and time again. The risk people are just seen as police.”
At State Street, the Global Markets business unit has established defined processes to help to encourage collaboration between its data- and risk-focused departments.
“I feed a lot of data to the risk management team and I talk to them almost every day,” reports Dan Power, MD for Data Governance at State Street Global Markets. “We're one of the biggest sources of risk and we have to do the best job we can supporting the team that manages risk.”
“We have daily or weekly meetings on individual issues that come up,” he adds. “Then, we have a monthly forum where we go through everything that happened since the last meeting, whether it be a data quality issue or a server that was down or a data center that got flooded.”
“Now, it's much more of a three-way collaboration and you're starting to see IT savvy risk management people, or risk savvy businesspeople, or risk and business savvy IT people,” he concludes.
Establishing Data-Driven Risk and Control Indicators
So long as risk management depends heavily on manual or subjective processes, it can never be truly efficient.
The automation that has enabled leading enterprises to track and manage a wider range of risk factors starts with defining data-driven ‘indicators’ to make exposure to a given risk type measurable.
Data-focused executives can then source the necessary data to monitor those risks and create reports or self-service dashboards that make it easier for risk professionals to manage these risk metrics.
Hartnell Ndungi, Chief Data Officer at Absa Bank Kenya, says: “How we as data people support the Chief Risk Officer is, other than just having a list of all the risks, we have to find ways of identifying the risk indicators.”
“[We’re also] coming up with control indicators,” he adds. “So, you can easily visualize these in a dashboard and know exactly what kind of levers you have to pull to mitigate a given risk from materializing.”
“You used to identify [risks] based on [historical data]. These days, we are coming up with risk indicators that are more predictive or prescriptive”
Hartnell Ndungi, Chief Data Officer, Absa Bank Kenya
For technology-based risks, it’s often possible to automate the collection of the data needed to monitor these risk indicators. But data on many operational risks must be collected manually.
“We are also coming up with new data collection tools for risk champions,” Ndungi concludes. “So, they can key in different types of manually collected datapoints, such as trainings done to sensitize staff on a particular risk type. We're also fetching automated datasets from our warehouse and streaming these insights into the data collection and visualization system we developed for the risk professionals.
“That's how we’re able to aggregate everything together and have a proper reporting storyboard that covers entity risk and all risk types within the organization.”
Creating a Single View for Risk Management Data
In addition to having defined risk and control indicators, data-driven risk management depends on ensuring data sources and metrics are used consistently across the enterprise. Establishing agreed ‘sources of truth’ for entity data is a key step on the path to achieving this goal.
Morgan Templar, VP, Information Management at Highmark Health, says: “Not having the approved source established was one of the challenges we faced in the past. But as part of the government mandated interoperability rules, the first thing we had to do was establish an enterprise person master.”
“We have seven or eight legal entities that are part of our Highmark family,” Templar adds. “We needed to bring all that information together to make sure it was all being governed in the same way.”
Power notes that establishing company-wide master datasets for different types of risk can be hard, especially for large enterprises. But he argues that doing so is essential for consistent entity risk management.
“Otherwise, you have chaos,” he warns. “You might have your official source of data. And then you have these other five sources of data. So, how do you know which one's right? The whole purpose of [a master data management] hub in the first place is to get you out of that game.”
“Organizations are increasingly looking to third-party providers to help resolve master data basics for their businesses,” adds Sander Desmet, Senior Director, Product Strategy at Moody’s Analytics. “At the end of the day, you are resolving to an objective set of business entities in the external world (e.g. customers, suppliers, locations).
“The use of third-party data in the creation and maintenance of your master can have innumerable benefits for an organization, including avoiding duplicative work and reducing the marginal cost of data, ultimately reducing risk and increasing business agility.”
Embracing Risk Management by Design
Transforming risk management into a data-driven business function takes time and resources. Our research suggests that executives in heavily regulated sectors such as financial services or healthcare may be more likely to be prioritizing this kind of enterprise transformation.
But risk teams that have started this journey are finding it easier to act as business enablers, rather than potential innovation roadblocks.
“We have trained our people on how to identify proper sources of risk data and how to change their subjective key risk indicators to more quantitative indicators,” Ndungi says. “We are also training them on how to use the centralized tool to put in new risks for us to address. So, we’re actually democratizing risk management using data.”
“Risk now is less about using the stick and more about using the carrot. It's more about considering the balance between risk and reward”
Hartnell Ndungi, Chief Data Officer, Absa Bank Kenya
“Risk now is less about using the stick and more about using the carrot,” he adds. “It's more about considering the balance between risk and reward. As you're trying to prevent the business from collapsing or going into unchartered, unsafe waters, we also have to be very careful that we don't limit the business with regards to achieving its objectives.”
“The primary thing that has changed that I have seen is really bringing [risk] to the table early,” agrees Templar. “When we bring risk to the table early, they're part of the conversation. The outcome of that conversation will already have the flavor of risk tolerance we’ll have for any given decision.”
In this way, transitioning to data-driven and integrated risk management processes is enabling companies to embrace risk management ‘by design’.
Companies that want to make their risk functions more efficient and empower risk professionals to partner with business stakeholders more efficiently should consider allocating resources to foster greater collaboration between their risk and data departments.
This is an excerpt from our Embracing Data-Driven Risk Management in 2022 report. To access the full research paper, click here now.
