In a fast-changing regulatory and business environment, agility is key. The ability to react quickly to new regulations, adapt old products or launch new ones in new markets, and enhance customer satisfaction with new technologies is essential for organizations to move forward with confidence.
In the wake of the global financial crisis, financial services organizations invested heavily in risk and compliance activities to fix significant problems and demonstrate to regulators that the banks have their priorities straight. Because much of this work was reactive, manually intensive and done under significant time pressure, it increased the cost structure for risk and compliance. It also diverted resources from strategic investments, such as critical legacy system upgrades and customer relationship-enhancing technology.
Perhaps most important, as firms fought fires, they lost sight of the real benefit of risk management, namely, looking ahead to identify threats and opportunities.
The prevailing model at many financial institutions, in which control functions, including the first, second and third lines of defense, tend to be siloed, manual and reactive, is making things worse.
Firms have recognized that they need to become more efficient and proactive in managing risk, compliance and internal audit requirements. And while some have made progress toward ensuring that control functions work more closely together, processes generally still take too long, with risk management and compliance remaining detective rather than preventative.
The alternative to the status quo is agile risk management. This approach, developed by Protiviti and discussed in a recently published white paper, aims to change the fundamental view of risk management from an obligation to an opportunity. It does that by replacing short-term, manual and siloed solutions with a solid foundation of embedded practices managed seamlessly, proactively and easily through everyday business processes aligned for clarity, collaboration and convergence.
While the elements of agile risk management are no different from the fundamentals of traditional risk management, new philosophies — operational excellence, customer satisfaction and an aligned organization — are applied to achieve a more efficient and effective risk management framework. This philosophical change can create real value: For example, a 10-percent reduction in operating costs due to increased risk management efficiency could translate into a 3-percent increase in available capital to invest in new or existing businesses, or standardized business processes and collaborative controls could reduce total risk management hours by 25 percent.
Similarly, the increased confidence resulting from agile risk coverage can yield significant reduction in issues and regulatory findings, and the reduction in total risk and compliance spending can allow for redeployment of resources from the second line of defense back to the business, to help drive growth.
The numbers above are illustrative, but they demonstrate how an agile risk management philosophy can translate into real monetary value for risk managers and the enterprise as a whole.
Adopting an agile risk management philosophy doesn’t need to be an elaborate process. Firms can apply these principles to realize benefits relatively quickly. At its core, agile risk management is about putting the customer first and providing consistent customer experiences. For the organization, agility optimizes performance, freeing up management time and resources to focus on growth by making risk-enabled decisions.
For our detailed analysis of agile risk management, download the white paper here.