The future of bank risk management

By Philipp Härle, Andras Havas, and Hamid Samandari

Banks have made dramatic changes to risk management in the past decade—and the pace of change shows no signs of slowing. Here are five initiatives to help them stay ahead.

Risk management in banking has been transformed over the past decade, largely in response to regulations that emerged from the global financial crisis. But we believe it could be set to undergo even more sweeping change in the next decade. Indeed, while risk-operational processes such as credit administration today account for some 50 percent of the function’s staff, and analytics just 15 percent, by 2025 those figures could be around 25 percent and 40 percent respectively.

The trends shaping the risk function come from all directions. While we cannot draw a blueprint of what a bank’s risk function will look like in 2025—no one can predict all the disruptions that might lie ahead—we can paint a picture of some important changes that are relatively certain. We see financial and nonfinancial regulation continuing to broaden and deepen as public sentiment becomes ever less tolerant of any appearance of preventable errors and inappropriate practices, or of bank failures. Simultaneously, customers’ expectations will rise in line with changing technology. In the battle for customer relationships, banks will need to offer real-time responses to customer requests to open an account or take out a loan, for example, which means the risk function will need to find ways to assess risks automatically, without human intervention. Risk functions will also have to cope with additional, emerging risks—from cyberattacks to contagion in global markets and losses made due to the increasing use of models to make decisions (losses that are not uncommon but seldom reported).

At the same time, evolving technology and advanced analytics, such as machine learning, are enabling new risk-management techniques. Banks are experimenting with self-learning algorithms in credit underwriting, monitoring, and credit-card fraud detection, with encouraging results. Advances in behavioral economics will also help risk managers make better choices as they learn to recognize and eliminate common biases from their decisions. On the downside, with banking margins under pressure worldwide, the risk function will probably be expected to deliver these improvements with substantially reduced operating costs.

Five future-proof initiatives

So how should risk managers respond to these changes? Our belief is that there are some basic initiatives that banks can undertake today that will both deliver short-term results and help them prepare for the future. Here are five that not only have a strong short-term business case, but also will help build what we see as the essential components of a high-performing risk function in 2025.

  1. Digitize core processes. By 2025, the risk function will have minimized manual interventions. Modeling, simplification, standardization, and automation will take their place, reducing nonfinancial risk and lowering operating expenses. To that end, the function should push to digitize core risk processes such as credit application and underwriting by approaching business lines with suggestions rather than waiting for the businesses to come to them. Increased efficiency, lower costs, and, often, a superior customer experience and improved sales will be the short-term gains.

  2. Experiment with advanced analytics and machine learning. In the same vein, risk functions should experiment more with analytics, and particularly machine learning to enhance the accuracy of their predictive models. Some financial institutions have already achieved significant model improvements, leading to better credit-risk decisions.

  3. Enhance risk reporting. Ever-broader regulation and the need to adjust to market developments require rapid, fact-based decision making, which means better risk reporting. While regulatory requirements have already done much to improve the quality of the data used in risk reports and their timeliness, less attention has been given to a report’s format or how it could be put to better use when making decisions. Replacing paper-based reports with an interactive tablet solution that offers information in real time and enables users to do root-cause analyses would enable banks to make better decisions, faster, and identify potential risks more quickly too.

  4. Collaborate for balance-sheet optimization. Given the many different and new regulatory ratios (such as capital, funding, leverage, total loss-absorbing capacity, and bank levy, to name a few), the composition of the balance sheet is arguably more important than ever to support profitability. The risk function can help optimize the balance sheet by working with finance and strategy functions to consider various economic scenarios, strategic choices (how much a bank would be prepared to increase or shrink a loan portfolio, for example), and likely regulation. The process, performed with the support of analytical optimization tools, often suggests ways to improve return on equity by anywhere between 50 and 400 basis points while still fulfilling all regulatory requirements.

  5. Put the enablers in place. It goes without saying that high-performing risk functions depend on a high-performing data infrastructure. What perhaps deserves more attention is the importance of starting to build the right mix of talent and embedding a risk culture. Data scientists with advanced mathematical and statistical knowledge will increasingly need also to be able to work as “business translators,” collaborating across the bank to convert data insights into business actions. Indeed, risk managers will become trusted counselors to business areas (though fewer staff will be needed in traditional operational areas). Attracting talented employees will itself be a challenge, as many potential candidates could be lured to technology firms unless banks strengthen their value propositions. A strong risk culture—in which detection, assessment, and mitigation are part of the daily job of all bank employees—will be central to the success of the risk function. For despite the push toward automation and more sophisticated analytical and technical capabilities, only human intervention will ensure they are applied appropriately and ethically.


Fundamentally changing bank risk-management functions will take years. Now is the time to start the transformation. Our vision for a bank’s risk-management function in 2025 is one where the function is the architect of a seamless system that monitors risk throughout the organization and makes de-biased risk decisions, that has stronger, more collaborative relationships with other parts of the bank, and that is more engaged at a strategic level than it is today. The actions described here are some steps risk functions can take today to move toward this vision and to help the bank excel among its competitors.

Download the full report on which this article is based, The future of bank risk management (PDF–7.55MB).

About the author(s)

Philipp Härle is a director in McKinsey’s London office, Andras Havas is an associate principal in the Budapest office, and Hamid Samandari is a director in the New York office.

More on Risk
Interview

How blockchains could change the world

Report - McKinsey Global Institute

Why investors may need to lower their sights

McKinsey Insights App

Our latest thinking at your fingertips.
Anytime. Anywhere.

or continue to site