It’s natural that there would have been a period of regulatory digestion for risk managers and financial organisations over the past year. It has been a challenge to absorb and operationalise the protocols that have hit their desks.

The first evolution of new risk management software was written after the financial crisis and new systems were developed to meet those initial requirements. Now new needs have emerged and are in some instances more complex. Systems need to be more agile, simpler, holistic and customer-centric, something that was not considered an essential a few years ago.

Empowered by new technologies like big data analytics, cloud computing, machine learning, and robotic process automation (RPA), firms are aiming to increase efficiency in the automation of manual tasks.
The implementation of artificial intelligence factors as perhaps the greatest needle-mover in the industry. The consolidation of managing risk sensitivities, improving insurance underwriting, optimising margin valuation adjustments, and detecting anomalies into systems which can perform tasks autonomously might seem like music to the ears of anyone controlling the risk exposure of their company. Yet dangers remain. Firms will need to bolster their frameworks to address any concerns about the use of these nascent capabilities, while existing IT infrastructures will require investigation to prevent problems like inadvertent bias, rogue programs or inaccurately-trained models producing poor automated results.

A January Deloitte survey found that 48 percent of organisations currently use cloud computing in the risk management function, while robotic process automation (29 percent), machine learning (25 percent), and cognitive analysis (19 percent) were reported by fewer. The greatest benefits given by emerging technology were cited as increased operational efficiency (68 percent), enhanced risk analysis (67 percent) and better reporting (60 percent).

RMS users and providers have seen the market increasing in both size and complexity, and many now operate with these technologies. Vendors have progressed from offering off-the-shelf “best of breed” solutions and are now focusing on modularity, customising bespoke systems on a per-client basis.

Data from a bobsguide survey conducted in July and August shows 85 percent of firms utilise between one and five risk management systems across their technology infrastructure, compared to 57 percent of respondents in 2014.

Emerging from this need is an ecosystem of partners, being called on to provide value. The days of single vendor-client relationships are fading as discerning firms enter the marketplace hoping to pick and choose products from multiple sources. There is likely to be a continuing development in the number of partners in the ecosystem, as well as firms breaking into the sphere offering new technology.

With a basketful of regulatory standards to comply with, many buyers have switched systems in the past few years and are looking to move once again. Installations appear to remain fairly fresh according to survey data, with half of those asked stating that their risk management platforms were between one and two years old. Just 16 percent of those asked were using risk management platforms that were more than 10 years old.

Despite most firms having their systems installed in the past few years, less than half said that they were confident that their systems could support their operations in the future, reflecting on the myriad challenges affecting industry participants.

A sense of ambivalence also appears in bobsguide survey data, as 52 percent of respondents stated that they felt their systems were performing at an average level across all functions of risk management. Real-time assessment was highlighted as a bugbear, with 83 percent reporting that their current system was poorly suited or below average at dealing with it.

Buyers of risk management technology are fairly active in the market, represented by the fact that 33 percent of those asked by bobsguide reported that they are either in the process of reviewing their systems or are actively moving across to a new platform. System maintenance and entry cost was cited by 50 percent of respondents as a major factor determining their move from one system to another.

“It would be fair to say that up until now the risk department has been allowed to buy the Rolls Royce,” says Simon Kent, global head of financial services at AT Kearney. “It is something that has largely gone unquestioned and unchallenged given the environment following the financial crisis.” That situation is changing, he adds, as risk finds itself no longer ringfenced away from the customer.

Regional risk analysis

The rapid regulatory change which followed in the wake of the financial crisis has abated somewhat, yet financial services firms are still preparing for regulatory requirements and effects that are yet to be finalised and may yet have an impact across the globe.

Among other issues still to be solved between the UK and Europe in the Brexit negotiations is the treatment of derivative and cross-border insurance contracts with durations which extend past the UK exit date. Additionally, financial institutions based in the UK could be prevented from operating in the bloc via the loss of their passporting rights. Some have mitigated this issue by establishing front office operations in cities like Paris, Amsterdam, Berlin, and Dublin. However, it remains a real possibility that clearing activities could be moved from London to a new European home. Alongside these movements, market participants are likely to be investigating relationships RMS providers – notably along the lines of moving data between two increasingly distinct jurisdictions. The creation of Brexit-specific solutions may soon become necessary.

While firms and financial institutions have busied themselves with compliance with the EU’s new regulatory regimes – the second Markets in Financial Instruments Directive (Mifid II) and the second Payment Services Directive (PSD2) – the General Data Protection Regulation (GDPR) remains a headline-grabbing obligation for any firms dealing with data on EU citizens.

In the US the Trump administration has continued in its attempts to dismantle the Dodd-Frank Act, leading to the finalisation of modifications which relaxed trading restrictions for midsize banks and eased requirements for larger institutions. The changes proved divisive, with Democrat and FDIC commissioner Martin Gruenberg warning that they could “effectively undo” the ban on proprietary trading and allow systemically important banks to begin making risky bets again.

Conduct risk has been highlighted in Australia, where the Royal Commission into Misconduct has investigated issues in banking, superannuation and the financial services industry. Commissioner Hayne’s final report was published on February 4, recommending 76 changes be made in the conduct of the country’s banks, setting into motion a cultural and technological journey that may take years before the results are fully borne out.

Privacy initiatives have been ongoing in India and China, too, where the Foreign Account Tax Compliance Act (FATCA) highlights the potential extraterritorial reach of regulation. Nerves have been strained in Asian markets by the potential deployment of “son of FATCA” measures aping those introduced in Italy and Spain. A high level of enthusiasm in jurisdictions like Hong Kong to pursue wrongdoing in the market has led the Securities and Futures Commission (SFC) of Hong Kong to use its Securities and Futures Ordinance to track down offshore parties.

Considering the varying strata of regulation present in Asia, an increase in compliance staff alone will likely not mitigate the legal, reputational and regulatory risks present in the market. There is always space for surprise, too. The Libor transition was considered a background problem 18 months ago for Asian firms but is now making waves across the entire industry.