Other parts of this series:
In the previous blog of this series we looked at the benefits to risk management of new and smart technologies such as artificial intelligence and machine learning. One of the roadblocks risk managers face in adopting these and other technologies is data or, more specifically, having the quality and level of data risk managers need to anticipate, assess and mitigate emerging threats. In an increasingly digitized financial services industry, addressing new risks with old data and an old data mindset cannot achieve the necessary results. The good news is that while challenges persist, awareness is increasing and progress is being made.
We found in our survey research that 39 percent of 2019 Global Risk Management Study respondents still are not confident of deriving reliable insights from new data sources at the pace necessary to respond to emerging threats. The newest threats remain the hardest to model: Only 47 percent of our surveyed risk managers said they are confident about modeling the impact of the integration of disruptive technologies, and fewer (43 percent) expressed confidence about modeling the loss exposure to cyber-attacks.
As risk managers are aware, good data is a source for more than just better risk mitigation; it can be the foundation for added value, faster action and supporting the growth agenda. While risk leaders we surveyed said data was most useful in helping the function provide real-time responses to threats—with 32 percent putting it at the top of the list—an almost equal number (31 percent) said data provided the most value in identifying new business opportunities. One in three felt data was key to identifying weaknesses in new and existing business models, key to building sustainable businesses and revenue streams.
But, as the study made clear, many risk managers remain challenged because they simply do not have access to the data they need. For example, 57 percent of study respondents expect to use marketing data to support their risk management activity in two years’ time, but only 39 percent do so today. And while 52 percent expect to use social media data in two years (for purposes such as assessing reputational risk), only 35 percent do so today. Risk functions are still evolving towards a more comprehensive data set to better manage new and emerging threats.
Of course, even if they obtain the data they want, risk managers also need to know how to analyze the data to generate useful insights. Nearly two-thirds (63 percent) of the risk managers we surveyed as part of the Risk Management study said they are improving their ability to collect enterprise-wide data, and 66 percent said they are working on their ability to analyze it. And six in 10 said they are actively exploring ways to obtain insights from unstructured external data. Many risk functions said they are planning on working with third parties on areas such as risk impact reporting (45 percent) and regulatory reporting (43 percent). Beyond reporting, 40 percent plan to outsource and/or collaborate in preparing or reviewing data quality for risk calculations, and 38 percent for model development and valuation.
“It becomes increasingly expensive and complicated to respond to our accelerating risk landscape if you don’t invest in data and analytics.”
– Steve Culp
There are also challenges to effectively bring together data from disparate sources. It is commonplace today for risk teams to actively assess customers’ credit risk by analyzing data from across sources of information both internal and external to the bank. However, in many cases this data is stored in separate systems, making it harder to gather, clean and combine the data sets before they can be analyzed effectively. Many risk functions therefore amalgamate data in a central pool, but this can create new risks regarding timeliness of the information, security and privacy controls that need to be maintained after the data has been transferred. Typically, the more moving parts to the data sourcing approach, the larger the risks to manage.
Regardless of where the data is stored, inconsistencies and inaccuracies may be created when it is tracked, collected or processed. Risk leaders should work with other functions so the data is as consistent, accurate and timely as it can be. No matter where the data comes from, the goal should be a single version or source of the truth.
Getting data right requires connectivity and collaboration. In the final blog in this series, we will look at how risk managers can improve collaboration across the business to strengthen enterprise risk-readiness.