Diving into the 5 categories of the RegTech Universe, Part 2: Risk Management

Welcome to the second post in our series of articles diving into each of the five RegTech categories in Deloitte’s RegTech Universe. In this article, we will be taking a look at the Risk Management category, examining why risk management is important, and what RegTechs are doing to facilitate it. Last time we wrote about the RegTechs tackling Regulatory Reporting, stay tuned for our upcoming articles looking at the other RegTech categories.

Risk management encompasses efforts to identify, assess, and reduce one’s exposure to risk. Failure to manage risk can take many forms (financial and reputational for example) and for most companies, risk can come from a variety of sources, including cyber-attacks, geopolitical movements, and even in errors in the financial models that risk managers depend upon. In addition to these risks, since the Global Financial Crisis (GFC), companies, particularly financial institutions, have seen an enormous rise in regulatory risk: the risk of being penalized by regulatory authorities and law enforcement, including fines, imprisonment and having licenses to operate revoked. This is due to the fact that following the GFC, where it became clear that the risk management of financial institutions had catastrophically failed to predict the crisis, regulators have drastically increased their scrutiny of companies’ risk management systems in an effort to reduce the chances of another crisis.

Financial institutions across the world are required by regulatory authorities to take measures to identify their exposure to risk, in some instances adapt their practices to reduce risk exposure, and to report their efforts to the regulators. These risk management practices take a number of forms, such as risk modelling and forecasting, risk assessments, as well as liquidity requirements. Traditional risk management platforms like Value at Risk (VaR) calculations, which were developed and proliferated in the 1990s, are now considered by many to be a limited tool, and one that created a false sense of security before the GFC. What is clear is that risk-related requirements for companies are rising and new approaches are required. The quality and quantity of the tests that need to be made and reported to regulators has been growing, and traditional risk management methods are struggling to keep up with risk requirements from regulations like the Basel Accords and MiFID II—paving the way for new, more sophisticated solutions. Furthermore, margin decline, which has been a common theme for many financial institutions since the GFC, has prioritized cost savings across the board, including in risk management practices. Adding to the regulatory demands and the cost priorities is a third trend that has greatly contributed to the development of RegTechs in the risk management field: technological advancements.

In an area such as risk management that focuses so heavily on data analysis, it is hardly surprising that many of the companies that we have seen in our RegTech Universe draw heavily on technological developments in data management. We believe that three of the most important technologies for the future of risk management RegTechs are:

1.      Big data

2.      Artificial intelligence & machine learning

3.      Application Programming Interfaces (APIs)

Solutions that incorporate big data capabilities allow companies to benefit from leveraging vast quantities of data for risk decision making. Moreover, the spread of artificial intelligence and machine-learning techniques offers better extraction of data, especially unstructured data, and unprecedented insights into these new data streams, providing more accurate risk modelling. Machine learning has many opportunities in risk management, as these solutions become increasingly capable with the more information they deal with, thus offering better predictive capabilities and real-time sophisticated insights into risk data.

Despite the fact that replacing the archaic incumbent systems is the goal of many of the RegTechs on the market, total substitution is still likely many years away. Therefore, it is common that many of these risk management systems incorporate Application Programming Interfaces (APIs) that allows for integration with existing IT infrastructures. Additionally, very often we find many of these solutions incorporate web interfaces and cloud-based platforms, allowing risk managers to take advantage of the flexibility and unconstrained nature of web-based solutions that is more necessary than ever in an ‘always connected’ world.

What do these technologies mean in terms of solutions? We have seen RegTechs already offering innovative solutions in a number of promising areas. For example, drawing on specific legislation parameters, many RegTechs offer automatic compliance with relevant risk management regulations. While another field that has seen great innovation is human risk analysis, using behavioral analytics and monitoring a wide number of data sources to predict damaging occurrences like insider trading or simply costly human error. A particularly pertinent area in the wake of the GFC is using advanced analytics and big data to predict entire market movements and mitigate associated risks.

The benefits for companies and management of integrating risk management RegTechs into their operations are evidently numerous. The speed and accuracy of these more advances technologies means that companies can be more effective in identifying and mitigating risks. The result can be a more compliant company, with staff freed up for other tasks, lower operating costs, and importantly, making the company more efficient in its other business needs. Because of the widespread nature of risks and companies’ inevitable exposure to risks of some form, it will certainly be interesting to see developments across the spectrum as technologies advance and more and more companies see the benefit of such powerful solutions.

The technologies and platforms offered by RegTechs cannot alone solve all the risk management needs of a company. Risk management must become a core business practice, and correct implementation of these measures requires a risk culture at every level of the company. Nevertheless, the potential rewards for RegTech adopters is clear, and the future for companies facing risks across the globe will be brighter as RegTechs continue to make promising advances with risk management solutions.