Explore the World's Best Ideas
Join today and uncover 100+ curated journeys from 50+ topics. Unlock access to our mobile app with extensive features.
Many financial institutions have recently undergone major risk transformations that drove universal risk capability uplift and cultural shift.
Uplifting risk management capability for financial institutions can be particularly challenging if the required transformation requires coordination across business areas and functions.
For two decades, there has been an intense focus on nonfinancial risks (NFRs). While regional or global “super incidents” originally drove the emergence of NFRs as a theme, the evolution of NFR management is ongoing, with variations in form, region and severity.
2
20 reads
The implications of a super incident can be significant and include direct financial losses, fines, compensation or remediation costs, and reputational damage. Secondary effects could include reduced sales or accelerated disintermediation by other market participants (such as fintechs) due to lost trust.
2
15 reads
This environment drove financial institutions to initiate major risk transformation programs to address incidents, immediate issues, and deeper root causes. These programs have significant monetary costs. However, the opportunity cost for the organization is much higher, given the amount of management attention and organizational capacity required for successful delivery and sustainable conclusion.
2
9 reads
The biggest challenge in starting a risk transformation is often not the “why” or the “what,” but the “how.” Questions include how to set it up and conclude it, and then transition back to enhanced business as usual.
Large-scale risk transformations often fail because change is not effectively implemented across the organization: milestones are ticked off without actually improving risk management, addressing underlying culture, or reducing risk.
2
7 reads
These transformations are typically business-led, driven by embedded line-one risk and control teams. Such transformations often include process, system, and control mapping; process simplification, digitization, and automation; documenting, decommissioning, and building ideally automated, preventative controls and monitoring in critical process breakpoints; and clarifying responsibilities.
2
16 reads
These transformations are typically business-led, driven by embedded line-one risk and control teams. Such transformations often include process, system, and control mapping; process simplification, digitization, and automation; documenting, decommissioning, and building ideally automated, preventative controls and monitoring in critical process break points; and clarifying responsibilities.
2
8 reads
These transformations are typically driven by the respective risk experts (such as a money laundering reporting officer for financial crime and chief information security officer for cyber crime) and supported by the risk function. Such transformations often include risk-type framework and operating-model uplift, paired with targeted remediation of severe issues for a specific risk type. They are often triggered by severe incidents, issues, and regulatory scrutiny.
2
4 reads
These transformations are typically driven by the risk function. Such transformations often include defining the ambition and value proposition of the risk function; improving the structure of the function (including divisions, risk-type expertise regions, and shared services); simplifying and clarifying the interactions with the business and other functional areas; and identifying and hiring capabilities to deliver.
2
6 reads
These transformations are typically board or CEO-sponsored programs involving all businesses and functions and considering all (nonfinancial) risks. Such transformations often include
2
8 reads
Risk transformations often take two to three years of dedicated effort, with enterprise-wide transformations typically taking three to five years. While transformation setups differ, most have a central program team of five to ten full-time equivalents (FTEs) for smaller transformations, with holistic risk transformations running central teams of 15 to 50 FTEs that focus on coordination, tracking, quality assurance, sharing of best practices, and support for the most challenging problems, including the coordinated delivery of change across business areas and functions.
2
3 reads
After supporting numerous businesses through transformations, we have found that while the science of transformations is crucial to get right, it is the heart and the art that deliver transformation programs to their successful conclusion and sustainably embed the change across the organization.
With science and art, the key conditions are in place for a successful risk program. But the heart is a prerequisite for deep cultural change, which is required for a sustainable enterprise-wide transformation.
2
6 reads
2
5 reads
“Because the regulator wants it” is not an intrinsic motivation—one needs to dig deeper and consider the motivations of employees. Successful transformation in any circumstance will require as much of a change in mindset as in any system or process.
An in-depth diagnostic of the psychology of the organization can help define a vision of change that connects to the collective motivation and purpose of the organization and ensures that the desired change will stick in the long term. “Serving our customers better” is an example of collective motivation.
2
3 reads
The mindset of the transformation needs to balance delivery discipline and accountability; agility and pragmatism; continuous improvement; and a sense of chronic unease.
This mindset will enable organizations to do what they say while still being able to course-correct and improve when new information becomes available and to quickly spot and address emerging challenges. If a risk transformation is initiated in response to a major incident, an honest appraisal of what drove the failures and adequate humbleness when considering the magnitude of the required cultural change is key.
2
3 reads
Organizations have a variety of cultural traits that help them thrive in transformation but also some that hold them back. Traits that often lead to unsuccessful or stalled transformations include being too siloed or too collaborative. This can lead to change being implemented inconsistently or stopped by a few business areas, or over-collaboration that results in a lack of productivity and missed deadlines.
2
3 reads
Motivation must reach the hearts and minds of employees. An intensive and continuous dialogue with a broad set of stakeholders allows a transformation program to keep its finger on the pulse while also enabling staff to own challenges and drive solutions. Communication needs to build on the organization and its leadership’s personal motivation—this is what makes it genuine and effective.
2
4 reads
2
5 reads
Large-scale risk transformations require collective accountability: the whole executive team must stack hands to deliver the target outcome. The complexity and duration of these programs make them hard to execute; they are often costly and feel more like a burden than an opportunity. Balancing the accountabilities of individuals versus the whole organization, and linking program outcomes to remuneration, are both critical. Strong top-down authority from the board and CEO is essential in supporting prioritization, providing advice, and clearing roadblocks.
2
3 reads
One of the biggest challenges is managing competing priorities and ensuring that the organization can absorb the amount of change required. This requires clear articulation of short- and long-term milestones to prioritize and sequence change at regular intervals. A radical simplification lens, which addresses gold plating by particular framework teams and over-implementation by the businesses, can reduce the need to deprioritize and descope.
2
3 reads
Means to anticipate hurdles and support course correction must be created: formal mechanisms to identify expected challenges in the form of regular premortem exercises and formal program reviews are essential. The central decision-making body needs the authority to rapidly course correct through reprioritizing or redeploying resources. This is also critical to address change fatigue, which will naturally occur over the course of a three-year program.
2
3 reads
Banks often consider risk transformation as the accountability of the risk function. However, this setup may just scratch the surface and fail to address root causes and systemic issues.
Effective large-scale risk transformation requires particular accountability for the program to be assigned across functional leadership and business areas, where many of the inadequacies in systems, processes, and behaviours originate.
Coordination between these stakeholders is essential and often driven by a neutral, central program team that sits outside of lines one and two.
2
3 reads
Implementation of complex change across the business (line one) is often where risk transformations fail. The best-designed set of change initiatives can fail without an effective delivery mechanism that supports implementation and sustainable embedment of change.
Developing a mechanism to ensure appropriate engagement between lines two and one in the design of change initiatives—and a well-coordinated and considered delivery mechanism for supporting line one implementation—is critical. vv
2
3 reads
Transparency and continuous dialogue with regulators are important. Proactive, professional, and respectful engagement can enable greater understanding and appreciation for regulators with respect to the challenges faced in large-scale risk transformations and can encourage offers for guidance and positive reinforcement.
Regulators might share their own expectations and observations from other institutions and provide insight into their own priorities.
2
3 reads
As the above three elements (heart, art, and science) demonstrate, successfully concluding a risk transformation seldom ends with just milestones in a work plan, ending a monitorship, or meeting regulatory commitments.
These are important, but genuinely transformative success lies in the smooth shift from programmatic setup to sustainably uplifted business-as-usual operations with embedded mechanisms for further improvement.
2
4 reads
IDEAS CURATED BY
Learn more about problemsolving with this collection
Conducting market research
Analyzing data to make informed decisions
Developing a product roadmap
Related collections
Similar ideas
Read & Learn
20x Faster
without
deepstash
with
deepstash
with
deepstash
Personalized microlearning
—
100+ Learning Journeys
—
Access to 200,000+ ideas
—
Access to the mobile app
—
Unlimited idea saving
—
—
Unlimited history
—
—
Unlimited listening to ideas
—
—
Downloading & offline access
—
—
Supercharge your mind with one idea per day
Enter your email and spend 1 minute every day to learn something new.
I agree to receive email updates