Risk management goes digital

by Holger Harreis and Kayvaun Rowshankish

When it comes to digital, banking is more tortoise than hare. Recent McKinsey research suggests that financial services is digitizing much more slowly than most other industries. And within banks, the focus has been mostly on customer-facing “journeys” (such as online marketing) and the operations that support them (customer onboarding, customer servicing). Only recently have banks expanded their transformations into other parts of the organization. Our new research finds that, at last, banks are digitizing risk.

Banks have been hesitant till now, for good reason. Risk leaders are inherently and appropriately cautious, given their mandate. Risk staff are often slower to adopt the most up-to-date digital and analytics technologies; 43 percent of risk managers we surveyed saw talent as a key challenge in digitizing. Another factor: the risk function is highly involved in thousands of daily decisions across the entire bank. Thirty-seven percent of risk managers viewed a complex organizational structure as a main challenge in digitizing. And regulatory requirements for transparency, auditability, and completeness limit the depth and speed at which risk teams adopt digital tools.

But the benefits of digitizing risk management are becoming clear and now far outstrip the costs and challenges. Once digitized, risk would be equipped to peer into nontraditional sources of data, like social media, chat transcripts, and online business-review ratings. Advanced analytics could use this data to make risk models much more predictive and consistent, in part by greatly reducing inherent biases. Forty percent of risk leaders we surveyed say this would reduce credit-risk losses by at least a quarter. Risk could also use new tools and data to identify emerging risks much more quickly; its warnings would come earlier and be more accurate. Risk would automate its own and other functions’ processes. It would supply tools and data to the bank’s website, its mobile trading app, and its corporate-banking platform, empowering a vastly more useful and enjoyable customer experience. At the top of the house, executives would consult self-serve dashboards powered by a risk “nerve center”—and thus act on risk-driven strategic advice. In our estimate, these and other benefits would be massive. The annual steady-state value from digitizing risk management, including both cost and revenue effects, would produce a return on investment of about 450 percent for a first-mover bank with a well-executed program. For a typical global systemically important bank (G-SIB), this would translate to about $600 million to $1.1 billion of annual, steady-state impact after five years.

Getting all of this won’t be easy, but banks can draw on a vast toolkit. Banks already have good experience with using digital tools to automate processes, and they can do the same in risk, particularly in credit- and operational-risk applications. Augmented-reality overlays could transform applications for mortgages and auto loans. Machine learning can improve current credit models, help with fraud detection and anti-money-laundering efforts, assist with documentation, and even open up new revenue sources, like SME supply-chain financing. Stress-testing compliance is another big time-waster where automation can help. The list of tools and risk applications is long and growing every day.

Our research also found the risk-specific steps that can help banks digitally transform the function. Among the key findings: banks might need to run new and old risk processes in parallel for a time, until regulators are confident. The risk function must move forcefully and yet carefully, but it can be done. Slow and steady wins this race; this is digital transformation the “risk way.”

Holger Harreis is a partner in McKinsey's Dusseldorf office, and Kayvaun Rowshankish is a partner in the New York office.