November 27, 2024

The Future of Risk and Control: Data is the Fuel Driving the Future

The resounding message from the two days of 1LoD’s 2024 XLoD Global – London was clear:

Data isn’t just an asset anymore—it’s the fuel driving the future.

A survey of 800 senior risk management professionals from top global banks revealed alarming statistics:

  • 74% report that core data quality and availability are their biggest challenges, partly as a function of siloed risk controls across the 3 lines.
  • However, 76% are not yet using AI to enhance the quality of their risks and controls.

Acin clients have seen firsthand how AI can drastically reduce control rewrite time—from 3 hours per control down to just 20 minutes – banks have realised efficiencies of 90%. For example, using AI to uplift 10,000 controls can result in savings equivalent to 12 months of ~10 FTEs, which can equate to more than £1 million. This highlights the significant opportunity for banks to leverage AI for improving data quality in risk management practices.

Another key theme was the pivotal role of AI in creating standardisation across the industry. Regulatory asymmetry remains a big challenge, but standardising controls across the industry helps institutions speak the same language without losing their competitive edge. With the clear message that AI is pivotal for competitive advantage, Acin was referenced multiple times over the two days, particularly in discussions around the value of accurate data quality.

Acin’s Risk and Control Index not only helps banks identify control gaps but also uplifts their controls in line with the industry. This improves regulatory dialogue by providing regulatory assurance.

Despite banks’ frustrations over unclear regulatory guidelines, regulators emphasised their role is not to prescribe specific actions but to offer flexibility. This enables businesses to innovate while maintaining regulatory coherence.

Data and Technology: The Cornerstones of Effective Risk Management

Several important themes emerged in discussions about the intersection of data, technology, and risk management in the financial services sector:

  1. Balancing Regulatory Compliance and Operational Efficiency
    Financial institutions often over-engineer their responses to regulatory feedback, resulting in higher costs and complexity. In fact, 65% of organisations say their top risk and control priority is reducing the complexity and manual nature of controls. When we run our Risk and Control Quality Assessment (RCQA) over a bank’s controls, we typically find opportunities to increase the number of automated and preventative controls compared to peers.
  2. A Shift in Focus: From Controls to Risk Management
    Institutions are shifting their focus from managing controls to managing risks. By pivoting towards live scenario analysis—and moving away from backward-looking RCSAs—banks can anticipate risks and make smarter decisions.
  3. Control Design for Board Assurance
    For effective oversight, boards need confidence in controls that are well-designed and mapped to the right risks. However, there are often too many administrators and not enough experts who understand end-to-end processes and can design controls that align with actual risks.
  4. Standardised Controls Across Institutions
    Standardising controls across banks can significantly enhance communication with regulators. A unified framework ensures consistent approaches to risk management, alleviating pressure on individual institutions and promoting a more cohesive industry approach. This shared methodology benefits the entire sector, especially in an industry-wide event where a weak link could impact everyone.
  5. The Importance of Data Literacy and Knowledge Sharing
    Data literacy is vital for improving consistency across departments. Fostering knowledge-sharing not only upskills employees but also promotes a more collaborative approach to managing risk. However, data quality and accessibility challenges remain, requiring efforts to break down silos and ensure data is accurate, consistent, and easily shared.
  6. Cost of Controls Monitoring and Testing
    The cost of monitoring and testing controls reflects the overall control environment and company culture. Resources spent on inefficient monitoring, testing, or unclear tasks could be reassessed and streamlined. Aggregating controls helps eliminate fragmentation, reduce complexity, and improve resource allocation.

Cyber and Third-Party Risks

As banks become more dependent on technology and external vendors, managing cyber and third-party risks is more crucial than ever. Strengthening both internal and external resilience is key to maintaining operational continuity. An industry-wide event affects all institutions, and every bank must allocate resources to defend its position and mitigate the impact.

Regulatory Insights: Adapting to a Changing Landscape

The regulatory environment is evolving, and financial institutions must remain agile to meet new challenges. Some key regulatory themes discussed at the event included:

  1. Information Integrity and AI
    Regulators are placing greater emphasis on the integrity of financial data and how AI can be used for compliance. This underscores the need for regulatory traceability—from obligations through to processes, risks, and controls—which many institutions are currently grappling with.
  2. Agility in Risk Management
    The financial sector must remain adaptable to changing regulations and emerging risks. Agile risk management frameworks will help institutions respond to new threats without compromising compliance or operational efficiency.

Future Challenges and Opportunities in Risk and Compliance

Looking ahead, several key trends will shape the future of risk and compliance management:

  1. Adapting to the Evolving Regulatory Landscape
    Financial institutions must remain flexible in the face of an ever-changing regulatory environment. Emerging technologies like AI and data analytics will require robust governance frameworks to ensure compliance.
  2. Integration of Risk and Compliance Functions
    There is increasing recognition that risk and compliance functions need to work more closely together. By integrating these functions, institutions can identify and mitigate both operational and regulatory risks more effectively.
  3. Sustainability and ESG Considerations
    Environmental, Social, and Governance (ESG) factors are becoming an important part of risk management frameworks. Institutions must not only comply with regulatory requirements but also meet growing investor and stakeholder demand for sustainable business practices.

Navigating the Future: Building Resilient, Agile Frameworks

The discussions at the XLoD Global event highlighted the complexity of managing risk and control in today’s rapidly changing financial landscape. As institutions embrace new technologies, adapt to regulatory changes, and prioritise data security, effective risk management is more important than ever.

The key takeaway is that while technology and regulation will continue to evolve, the fundamentals of strong risk management—such as data integrity, collaboration, and regulatory alignment—will remain essential. By focusing on these areas, institutions can build resilient, agile frameworks that not only comply with regulatory requirements but also position themselves for long-term success in an increasingly complex market.

About Acin

The 4th annual WiRC event by Acin and Deutsche Bank examined how AI and data transformation are reshaping Non-Financial Risk Management, focusing on data quality, AI-driven compliance, and fostering adaptability for future challenges.

November 11, 2024

The FCA’s new strategy focuses on proactive compliance and early intervention. This article outlines how firms can strengthen risk and control frameworks and leverage data-driven solutions like Acin to align with regulatory expectations and reduce manual efforts.

October 15, 2024