The business environment is rapidly evolving through new strategies and opportunities, and risk management needs to evolve along with it. In order to align strategy and risk management, three levers have been identified to more effectively address strategic risk management.
For risk management functions, taking on ownership of strategic risks will require new organizational constructs, competencies, experiences, and business relationships. Institutions will need to empower chief risk officers (CROs) to have accountability for strategic risk management and establish “owners” of specific strategic risks such as geopolitical, economic, and FinTech risks. Management of strategic risks will require the ability to apply a risk lens to areas such as product development, sales, and culture. This will be a departure for many institutions, where risk management has in some cases focused more narrowly on financial and regulatory risks. Some organizations have found it useful to bring in individuals from the business either on a rotational or permanent basis, as well as training up existing risk professionals in new methodologies for assessing strategic risk.
Three lines of defense.
Under the three lines of defense risk governance model employed by most financial institutions, business units own and manage their risks; the risk management function provides independent oversight and challenge; and internal audit reviews the effectiveness of the risk and control framework. While the three lines of defense risk governance model is conceptually sound, many institutions have faced practical challenges in implementation (especially in the first line) resulting in the risk management function effectively playing both first and second lines of defense risk roles. This is due to the challenge of sufficient attention and investment by the first line in risk management responsibilities and resources. Embracing a strategic risk approach, including embedding risk throughout the business including into the strategic planning process and utilizing strategic risk tools, allows the risk management function to play a true second line of defense role — providing effective challenge to critical business decisions in order to enhance decision-making and to enable growth.
The latest technologies — such as cognitive analytics, machine learning, natural language processing, and big data — have the potential to fundamentally transform risk management. From a strategic risk management perspective, organizations can use these technologies to continuously monitor changes in the environment to determine which could be truly disruptive; and embed these technologies into enhanced tools such as horizon scanning and scenario planning and analysis to drive higher levels of sophistication in managing risk.
By addressing these three levers, firms will be better able to integrate strategic risks into their risk management programs and thereby position themselves to take advantage of strategic opportunities in this dynamic environment.
Edward Hida — Thought Leader on Managing Risk
Ed Hida, retired Senior Partner at Deloitte and CEO of Hida Advisory LLC, is among the most preeminent risk and…
The future of strategic risk management in financial services
The financial services industry is currently in a period of heightened change and uncertainty. Changing regulatory…
News, analysis and comment from the Financial Times, the world's leading global business publication