Risk transformations: The heart, the art, and the science - Deepstash

Bite-sized knowledge

to upgrade

your career

Ideas from books, articles & podcasts.

created 24 ideas


Risk transformations: The heart, the art, and the science

Risk transformations: The heart, the art, and the science



19 reads

Risk Transformation: The Premise

Many financial institutions have recently undergone major risk transformations that drove universal risk capability uplift and cultural shift.

Uplifting risk management capability for financial institutions can be particularly challenging if the required transformation requires coordinatio...

A Super Incident

The implications of a super incident can be significant and include direct financial losses, fines, compensation or remediation costs, and reputational damage. Secondary effects could include reduced sales or accelerated disintermediation by other market participants (such as fintechs) due to los...

The Costs Involved

This environment drove financial institutions to initiate major risk transformation programs to address incidents, immediate issues, and deeper root causes. These programs have significant monetary costs. However, the opportunity cost for the organization is much higher, given the amount of manag...

The biggest challenge in starting a risk transformation is often not the “why” or the “what,” but the “how.” Questions include how to set it up and conclude it, and then transition back to enhanced business as usual.

Large-scale risk transformations often fail because change is not effecti...

The Four Broad Categories of Risk Transformations: Business Area

These transformations are typically business-led, driven by embedded line-one risk and control teams. Such transformations often include process, system, and control mapping; process simplification, digitization, and automation; documenting, decommissioning, and building ideally automated, preven...

Risk-Type-Specific Capability Uplift And/or Remediation

These transformations are typically business-led, driven by embedded line-one risk and control teams. Such transformations often include process, system, and control mapping; process simplification, digitization, and automation; documenting, decommissioning, and building ideally automated, preven...

These transformations are typically driven by the respective risk experts (such as a money laundering reporting officer for financial crime and chief information security officer for cyber crime) and supported by the risk function. Such transformations often include risk-type framework and operat...

Risk Function Operating-Model Uplift

These transformations are typically driven by the risk function. Such transformations often include defining the ambition and value proposition of the risk function; improving the structure of the function (including divisions, risk-type expertise regions, and shared services); simplifying and cl...

These transformations are typically board or CEO-sponsored programs involving all businesses and functions and considering all (nonfinancial) risks. Such transformations often include

  • uplifting the risk management framework and policy governance;
  • establishing, improving or op...

The Time Factor

Risk transformations often take two to three years of dedicated effort, with enterprise-wide transformations typically taking three to five years. While transformation setups differ, most have a central program team of five to ten full-time equivalents (FTEs) for smaller transformations, with hol...

What Makes A Successful Risk Program

After supporting numerous businesses through transformations, we have found that while the science of transformations is crucial to get right, it is the heart and the art that deliver transformation programs to their successful conclusion and sustainably embed th...

The Science, The Heart, The Art

  • Science speaks to the mechanics that need to be in place around program structure, integrated plan development, delivery mechanisms, and regulator engagement throughout the process.
  • Art refers to capabilities, accountability, prioritization, and the ...

Getting to The ‘Heart’: Motivation

“Because the regulator wants it” is not an intrinsic motivation—one needs to dig deeper and consider the motivations of employees. Successful transformation in any circumstance will require as much of a change in mindset as in any system or process.

An in-depth diagnostic of the psychology...

Transformation Mindset

The mindset of the transformation needs to balance delivery discipline and accountability; agility and pragmatism; continuous improvement; and a sense of chronic unease.

This mindset will enable organizations to do what they say while still being able to course-correct and improve when new...


Organizations have a variety of cultural traits that help them thrive in transformation but also some that hold them back. Traits that often lead to unsuccessful or stalled transformations include being too siloed or too collaborative. This can lead to change being implemented inconsistently or s...


Motivation must reach the hearts and minds of employees. An intensive and continuous dialogue with a broad set of stakeholders allows a transformation program to keep its finger on the pulse while also enabling staff to own challenges and drive solutions. Communication needs to build on the organ...

Appreciating the ‘Art’: Capability

  • The skills required to transform are often not those required to manage.
  • A risk transformation program team must have capabilities across project execution, strategy, and risk management.
  • The team should adopt both an inward- and outward-looking mindset that leverages the e...


Large-scale risk transformations require collective accountability: the whole executive team must stack hands to deliver the target outcome. The complexity and duration of these programs make them hard to execute; they are often costly and feel more like a burden than an opportunity. Balancing th...


One of the biggest challenges is managing competing priorities and ensuring that the organization can absorb the amount of change required. This requires clear articulation of short- and long-term milestones to prioritize and sequence change at regular intervals. A radical simplification lens, wh...

Means to anticipate hurdles and support course correction must be created: formal mechanisms to identify expected challenges in the form of regular premortem exercises and formal program reviews are essential. The central decision-making body needs the authority to rapidly course correct through ...

Excelling At The ‘Science’: Program Structure

Banks often consider risk transformation as the accountability of the risk function. However, this setup may just scratch the surface and fail to address root causes and systemic issues.

Effective large-scale risk transformation requires particular accountability for the program to be assi...

Implementation of complex change across the business (line one) is often where risk transformations fail. The best-designed set of change initiatives can fail without an effective delivery mechanism that supports implementation and sustainable embedment of change.

Developing a mechanism to...

Regulatory Engagement

Transparency and continuous dialogue with regulators are important. Proactive, professional, and respectful engagement can enable greater understanding and appreciation for regulators with respect to the challenges faced in large-scale risk transformations and can encourage offers for guidance an...

As the above three elements (heart, art, and science) demonstrate, successfully concluding a risk transformation seldom ends with just milestones in a work plan, ending a monitorship, or meeting regulatory commitments.

These are important, but genuinely transformative success lies in the s...




created 21 ideas

Ransomware has rapidly become one of the top cybersecurity nightmares. Strategies for prevention, preparation, response, and recovery can help.



23 reads

It's time to




Jump-start your

reading habits

, gather your



remember what you read

and stay ahead of the crowd!

Takes just 5 minutes a day.


+2M Installs

4.7 App Score