Digital risk management: Making Digitisation Work For You
Digital is the New Normal; digitisation is transforming every aspect of life as we know it, and industry is taking the lead. Today, we have digitised banking, publications and purchasing; as well as digitised teaching, learning, knowledge acquisition and service delivery. Digitisation is becoming all-pervasive, and unfortunately, so are the crimes that can be committed with the aid of technology – which has spurred the development of cybersecurity. We can hardly talk about utilising the technology of digitisation today without also acknowledging the need to keep our systems safe and working with as little disruption as possible.
“The ideas and concepts of digitisation are sometimes confused with automation,” said Ramesh Pillai, Group MD of Friday Concepts in a pre-conference session entitled “Digital Risk Management” ahead of the IERP’s Global Conference 2020. “Digitisation and automation are not really the same. When you digitise a process, you also need to change the way you approach it. You use the idea of digitisation to improve the quality of decision-making.” This implies that a digitisation risk culture needs to be developed in tandem. This will inevitably have an impact on the organisation and its interaction with other players in its environment.
But how is a digitised risk management function supposed to work? Risk management has always been the second line of defence; digitising it will make it a first line of defence. Organisations must consider if this will increase its effectiveness, and what will be required.
“With the right tools and mindset, organisations can achieve this sort of organisational change,” Ramesh said.
For organisations intent on making the change, he advocated seven building blocks to consider: data management; process and workflow automation; advanced analytics and decision automation; cohesive, timely and flexible infrastructure; smart visualisation and interfaces; the external ecosystem; and talent and culture.
Clarifying that automation was a subset of digitisation, Ramesh said that correctly applied, data analytics and automation could result in the effective redeployment of an organisation’s staff. More widespread digitisation is inevitable; statistics have shown that computing capabilities are doubling annually. Costs are falling, and almost everything is digitally recorded nowadays. This has led to an exponential increase in the amount of data being generated. “People cannot survive without the Internet,” he remarked. “Everything is interconnected, controlled at the touch of a button. Digitisation is transforming our lives.”
While all industries have been affected, nowhere has the impact been as great as in the financial sector. Ramesh said that banks have been more affected than most. Digital risk is high on their radar; proper regulation was needed. He identified six main trends for consideration, in the digital transformation of banks: rising customer expectations; competitive pressure; cost pressures; emerging/evolving risk types; regulations; and banking services ecosystems. As in other industries, the customer is king, and fulfilling customer needs is foremost. This leads to the aggressive application of technology such as fintech and increasingly automated systems that businesses race to install.
Revenue generation becomes more difficult as a result of these, and cost pressures increase. There is also emerging or evolving risks to contend with, as the business becomes increasingly digitised; the organisation may not be aware, or be able to cope. Amid all this, regulations may start tightening, as the authorities apply more robust checks. Digitisation actually helps regulators cope with the regulatory burden, enabling an increase in this area as well. New service ecosystems will emerge, offering new ways to undertake vital functions. Technology feeds on itself; all this will help users move even more quickly into the digitisation process.
Risk management therefore cannot remain analogue when the environment is becoming decidedly digital. Risk managers will have to think, for instance, about how to manage the amount of data coming from digital systems. These professionals will have to be digitally competent to ensure that the data received is “clean” and can be applied to improve decision-making. There will be other constraints to consider as well, such as if the data has the required level of integrity on which to base assumptions and decisions. Professionals schooled in the traditional methods of risk management may be too conservative to adapt fast enough. All this will have an impact on their organisations.
With the digitisation of risk management, mundane tasks can be taken over by the system. Staff can be redeployed, and enabled to focus more on strategy and high-value decision-making. The data that is now generated by the digitised systems can help optimise this, allowing users to analyse and anticipate new or emerging risks through improved connectivity. Supported by real-time analytics, business decisions can be made faster. Even transparency could be improved as digitisation almost always implies stricter documentation, which in turn allows regulators to become more efficient as they follow the virtual paper trail.
One of the major arguments against digitisation is the cost, which, for extensive systems at least, can be crippling for organisations without deep pockets. The benefits, too, will not be immediately obvious, and will also depend on the competency levels of the user. What should be developed in parallel is a mindset change, coupled with a greater awareness of risk and a more robust risk culture. Regardless of the sophistication of the systems which are put in place, risk management is still about the psychology of managing risk.
“The challenge of digitisation,” said Ramesh, “is overcoming the mental block. Digitisation is not automation. It means changing the way you do things.”