Broadway Technology is now a part of Bloomberg. Find out more here

Beyond Checking Boxes: A New Approach to Operational Risk Management Will Create Value for Financial Institutions

This article originally appeared on

* * *

The COVID-19 pandemic upended almost all industries, including investment banking. Once bustling trading floors quickly transformed into a dispersed network of home offices and new operational risk challenges arose.

Technological innovations and an ever-evolving regulatory landscape have made archaic approaches to operational risk management ill-suited to tackle the complexity posed. Traditional ‘revenue generating’ functions have adapted to solve these challenges with digital automation and transformation. Operational Risk Management (ORM) functions must now do the same, or risk being left out in the cold. The Basel Committee defines operational risk as the “risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” The Challenge? Many Investment Banks still view ORM as a regulatory and compliance necessity rather than a business function that delivers real value. Executives and risk management departments must adjust their approach to risk and pivot to become more dynamic and flexible, guiding their organizations through complex situations whilst maintaining the ability to meet the evolving expectations of regulators and their clients.

Operational Risk Management is still a young field compared to other risk sectors in the financial markets. However, it has always provided as a broader umbrella which encompasses risks and uncertainties difficult to quantify and manage in traditional manners. ORM has also been the convergence point where corporate governance issues overlap with revenue generating business activities, causing potential confusion between departments.

Rather than recognizing that a sophisticated ORM function brings quantifiable value, investment banks have placed undue emphasis on creating governance frameworks designed to ensure they meet Basel Committee on Banking Supervision (BCBS) standards. Their desire to merely meet BCBS standards and avoid historic risks has in effect led to an outdated, analogue approach in an increasingly digital world. Savvy investment banks have grasped the value potential of ORM and begun to drive a shift in awareness about the importance of a comprehensive risk identification, measurement, and mitigation program.

A Data-Driven Approach

Today’s Operational Risk Management functions must adopt an intelligent, data-driven approach with a mandate to match, and be championed at all levels of the organization.

Industry participants now recognize the adoption of a digital strategy will allow them to deploy diverse and agile risk management mechanisms, empowering them to develop a strong and dynamic understanding of risks whilst adding real value to the business. This value goes beyond meeting regulatory and compliance mandates introduced as part of the Standardized Measurement Approach developed under Basel 3[1]. A robust approach to risk allows the ORM functions to provide actionable intelligence to support business decision-making and assume a more commercial role that supports the various business units’ day-to-day activities.

An aggressive approach to digital transformation can also bolster the ability of ORM functions to handle ambiguous and/or improbably events, especially as traditional methods of risk analysis prove unable to manage the ever-increasing volume of data. In 2010, the total amount of data created, captured, copied and consumed equaled about 2 zettabytes[2], compared to 2018 when volumes reached about 33 zettabytes. This 26 percent compounded annual growth rate means that if the rate of growth steadily continues by 2024, we can expect 149 zettabytes of data created per annum.

Available data levels will prove challenging for analog ORM functions to successfully meet the executive expectations, however organizations that adopt a data-driven approach will find increased data volumes provide them the insights to gain a competitive advantage and ability to proactively manage their risk.

Advanced Analytics and Operational Risk Management

The implementation of a data-driven approach can be supplemented with the deployment of cognitive computing technologies, such as artificial intelligence (AI), data mining and natural language processing (NLP) to confidently automate decisions, optimize processes and provide a deeper insight into available data. One of the most significant impacts of implementing cognitive computing technologies is the reduction or elimination of time-intensive and repetitive tasks, often related to data collection, handling and analysis. Instead of spending time on repetitive tasks that are better suited for automation, employees can call on their years of experience, knowledge of policies, and powers of assessment to support ORM functions to achieve their goals and focus on high-impact, high-value deliverables.

Cognitive computing can teach computers to recognize and identify risk, which is especially useful to handle and evaluate unstructured data – the kind of data that doesn’t fit neatly into structured rows and columns on a spreadsheet. Natural language processing (NLP) in particular can analyze text to derive insights and sentiments from unstructured data, which a 2015 study by the International Data Group[3] estimates accounts for 90% of all data generated daily. When combined with the estimated future data volumes, cognitive computing functionality presents an immense opportunity for ORM functions to add additional business value in ways previously impossible. A detection model built on cognitive analytics can manage risk on a near real-time basis, and can also unlock organizations’ historic datasets that have been compiled for internal, regulatory, or compliance purposes. These datasets often contain free text descriptions that contain a potential wealth of untapped, institution-specific information and could provide valuable insight into historic operational risk losses, providing data to augment employee’s qualitative experiences.

Old Habits Die Hard

The adoption of these new data-driven approaches and cognitive computing technologies do not come without challenge. Employee uncertainty and ethical considerations are some of the many potential complexities to consider during a digital transformation project. To adopt a technology enabled approach to Operational Risk Management, firms must preemptively address and prepare for potential challenges.

Employee buy-in will prove critical to ensure stakeholders utilize implemented technology to its full potential, and to assuage any concerns that technology diminishes employees’ important role in the organization.

Operational Risk Management functions must now shift and focus on enabling investment Banks to become more adaptive and agile in an increasingly volatile, complex and uncertain word. Over 66% of banking executives report the adoption of new technologies like AI and NLP will be a key driver in IBs development through to 2025. Yet ORM functions in most investment banks have not started to leverage the powerful new tools available to them – including increased computing power, digitization, advanced analytics and data visualization techniques – much less harnessed the power of cognitive computing technologies. Until ORM functions leverage these tools, executive leadership cannot allocate resources and solidify ORM’s role in business strategy, performance and decision-making processes.

If ORM functions do not learn to embrace new technologies, methodology and approaches, there is a real risk they may stifle the wider organization and impede new opportunities, and paths to business growth.


[1] Basel 3: International Regulatory Framework for Banks

[2] Statista: Volume of data/information created, captured, copied, and consumed worldwide, 2010 to 2024

[3] International Data Group: Big Data and Analytics Survey, 2015