Edward “Ed” Vincent has rich experience leading financial technology SaaS organizations, building services and analytics teams, defining and implementing content and product strategy, and innovating products in the insurance, capital markets, investment banking, private equity, and compliance segments. Ed’s more than 25 years of leadership and operating experience include incubating businesses, securing capital investment, leading through growth, transformation and scaling stages, and culminating in successful exits to both strategic and financial buyers. Prior to joining SRA Watchtower, Ed led services, support and client enablement functions as COO of StarCompliance. This followed multiple leadership roles within fintech, regtech and insurtech businesses, including at Shore Group Associates, Thomson Financial, and Vertafore. Ed is a CFA charterholder, Certified ScrumMaster and Product Owner, and has served as a Member of the Advisory Board for Edgeware Analytics.
Redefining Risk Management for Financial Institutions
Banks should adopt a transformative risk management approach to stay ahead in today’s environment.
Brought to you by SRA Watchtower
Current risk management practices in banking are rapidly becoming inadequate. Banks face a surge of regulatory pressures, information overload and operating inefficiencies. Traditional methods, often reliant on manual processes, struggle to address the complexities of today’s risk environment, leading to reactive rather than proactive decision-making that does little to optimize regulatory interaction and oversight.
Instead, banks should adopt a transformative risk management approach that not only strengthens the traditional three-lines of defense but also equips organizations to enact risk-informed strategic decisions and streamlines communication with regulators and examiners. This transformation involves adopting a strategic framework built around four pillars:
1. Essential key risk indicators (KRIs).
2. Monthly updates powered by automation.
3. Benchmarking against standards and peer behavior.
4. Configurable, permission-based dashboards.
Adopting these pillars can drive significant improvements in industry safety and soundness, setting a new standard for managing risk.
Streamlining Essential Key Risk Indicators
Many banks today calculate hundreds of KRIs, resulting in a complex and often unwieldy risk management landscape. The extensive number of KRIs can overwhelm stakeholders, complicate communication with regulators and dilute focus on critical risk factors, hampering swift decision-making.
To balance comprehensiveness with manageability and enhance risk management efficiency, banks should adopt a core set of around 40 essential KRIs. This standardization simplifies the education of and communication with regulators, boards, management and other stakeholders across the three lines of defense. This reduces time spent explaining numerous indicators, allowing for deeper discussions around a narrower universe of highest impact KRIs.
This framework empowers risk teams to get out of the gate quickly and with less effort than building a bespoke set of KRIs from scratch. Regular review provides an opportunity to supplement essential KRIs with a few personalized KRIs, informed by actual behavior and outcomes learned from prior periods.
Monthly Updates Powered by Automation
Timeliness and accuracy of risk data management presents critical challenges. Many institutions rely on infrequent quarterly or annual updates powered by significantly aged data — such as Form 5300 and Federal Financial Institutions Examination Council 041 call report filings — arriving weeks after quarter-end, leading to outdated assessments that fail to reflect the current environment. This delay can result in decisions based on stale information, increasing vulnerability to emerging threats and yielding missed opportunities.
Transitioning to monthly updates, enabled by automated data ingestion tools, ensures that risk data is timely and reflective of the latest developments. Furthermore, automation tools enable scalable increases in update frequency and reliability by streamlining data collection, processing and reporting. Risk intelligence platforms can streamline data ingestion and analysis, utilizing machine learning and artificial intelligence to identify patterns and anomalies, thereby enhancing accuracy. While technology offers significant benefits, it should be managed with oversight and a balance between automation and human input.
Adopting monthly, automated updates to your KRIs can improve frequency, timeliness and accuracy in risk data management, letting the risk team focus on analyzing the data rather than manual compilation.
Benchmarking Against Standards and Peers
For many banks, aligning KRIs with their strategic goals, risk appetite and evolving regulatory requirements can seem like a significant challenge. Institutions must ensure that each KRI is carefully benchmarked against internal risk tolerances, external regulatory standards and industry peers. While comparing KRIs to regulatory standards verifies compliance and identifies gaps ahead of regulatory interaction, peer benchmarking can offer insights into industry standards and best practices.
Adopting a set of standardized KRIs enables a bank to benchmark its own results against the KRIs of an aggregate group of relevant peers. Highlighting KRIs that breach risk appetite thresholds or other benchmarks represents a logical approach to cut through the noise, and to prioritize stakeholder dialogue, behavior changes and remediation efforts on the most important issues. By aligning KRIs with risk appetite, regulatory standards and peer behavior, banks can improve risk management practices, ensure compliance and gain a competitive edge.
Configurable, Permission-Based Dashboards
A major challenge in risk management is effectively sharing and communicating risk data among various stakeholders. Traditional reporting systems, often managed through Excel or custom-built methods, frequently fail to deliver tailored, actionable insights. This can lead to unnecessary noise that distracts from priority risks, creates fragmented information, delays decision-making, and causes misalignment on key risk issues. Configurable, permission-based dashboards and reporting can address this challenge by offering unique views of risk data for different audiences. Some benefits include improved transparency, better-informed decision-making and enhanced strategic alignment.
Technology that specializes in managing enterprise risk offers tailored views to meet the needs of each stake holder group, ensuring ease of use and robust security, with user permissions defining access to sensitive information. A well-structured permission scheme allows the risk team to regularly share certain KRIs with regulators to improve understanding and facilitate timely dialogue on emerging risks, streamlining subsequent examinations. This leads to more-efficient board or exam prep activities and a sharper focus on critical risk areas.