During the last 10 years, non-financial risk management has become more complex to manage. With increased regulatory scrutiny, rapid shifts in technology, and new cyber and data theft exposures, financial institutions need to rethink their approach to managing non-financial risks and improve resource allocation.
Given multiple pressures, the industry has traditionally responded by building out non-financial risk management capabilities. In an effort to cover all bases, they have hired more people, introduced additional controls, and developed new processes. This has resulted in larger non-financial risk functions with greater responsibilities, but not necessarily ones that are best organized to meet these challenges. Non-financial risk areas often operate in silos, however, the silo approach has resulted in both ineffectiveness and inefficiency.
In our new paper, we present findings on how the industry is changing, and discuss the limitations of current approaches used by financial institutions. You will learn about key strategies and actions institutions need to consider for managing today’s non-financial risks, and find solutions to help broaden talent skillsets and improve teaming.
Non-Financial risk areas often operate in silos, however, the silo approach has resulted in both ineffectiveness and inefficiency.
The path to convergence and integration
The shortcomings of a silo approach significantly constrain the effectiveness and efficiency of non‑financial risk management. To help reduce the pain points, we recommend integrating seven components.
Seven components of an integrated approach
1BUILD A SINGLE NON-FINANCIAL RISK TAXONOMY
Develop a common taxonomy, with a greater level of granularity. This requires significant effort and coordination among the multiple impacted areas. However, a single risk taxonomy delivers several benefits such as stronger organizational structure, less risk exposure, increased efficiency and enhanced communication across teams.
2DRIVE A STRATEGIC GOVERNANCE AND ORGANIZATIONAL FRAMEWORK
Leverage the risk taxonomy to develop better governance around non-financial risks. This minimizes the overlaps, gaps and the duplication of work between non-financial risk functions.
3STREAMLINE IDENTIFICATION AND ASSESSMENT METHODOLOGIES
Set up a common methodology for non-financial risk identification and assessment. This removes the duplication of front-line activities and ensures consistent unit communication.
4INTEGRATE CONTROLS, MITIGATION, AND TESTING
Closely align controls with the risk identification and assessment processes. This helps institutions rationalize the number of effective controls in place and ensure key risks are covered.
5DESIGN A SINGLE DATA REPOSITORY AND REPORTING SYSTEM
Provide a consistent “one source of the truth” of non-financial risk data and reporting to make processes and collaboration between functions more efficient.
6PLAN FUTURE WORKFORCE TRANSITION
Build talent with a broad range of non-financial risk expertise, including a focus on strategic and principles-based management. Plan for future workforce transition, for example, adapt career planning, talent acquisition, and training.
7BUILD EFFECTIVE TEAMS
Foster a culture where collaboration, knowledge sharing, and leveraging best practices and synergies are actively encouraged and continuously enforced.