What does successful operational and non-financial risk (ONFR) management look like? In our recently published strategic vision for operational and non-financial risk, we consulted approximately 50 CROs and other senior risk leaders from financial organisations to discuss the future of ONFR.
The leaders we spoke to were a diverse group from a wide range of financial firms. Yet the messages we heard were strikingly consistent and emphatic.
They consistently agreed that ONFR needed to match the speed and scale of the digital business to successfully balance risk and reward. It must support the business in delivering change safely, look ahead to emerging risks, and connect the dots to offer a holistic assessment of risk.
The four primary goals of ONFR management
- Reduce loss
- Safeguard customer services, data and assets
- Ensure firms are trusted by customers, the market and regulators
- Help firms grow and transform safely
Our vision for ONFR
From these conversations, we created a vision statement for the value that ONFR can bring to financial firms.
The current state of play
Today’s established approaches to ONFR were obviously not designed for a digital business environment. Nevertheless, existing risk management frameworks and tools are tested, working, valuable and create value.
Risk managers feel their frameworks are sound, but that they may have been implemented too rigidly. However, our conversations indicated that risk managers want to build off the good work they have done rather than radically overhaul systems in place.
What needs to change?
At many firms, this work is underway. Specifically, risk managers are looking to lower cost, increase benefits and, where necessary, build new capabilities. Common initiatives include simplifying tools and process, standardising taxonomy and shifting to dynamic rather than programmatic application.
To turn our vision into a reality, ONFR management must align with and capitalise on the direction of change in the
business. ONFR needs to be managed at scale, at speed, and deliver new insights and capabilities to the business.
What does success look like?
Managing ONFR at scale
The economic and operational model for business-as-usual ONFR management needs to change so it aligns with the economics and risk profile of a digital business. To do this, firms need to simplify and standardise frameworks,
automate risk identification, assessment, monitoring and controls, unify second-line activity and mandate risk management to the first line.
Managing ONFR at speed
To create value, risk must be able to operate, react and change at the speed of a digital business, which means the speed at which business is being developed. By managing change and emerging risks, the business can see risks much faster, and therefore react sooner to new and evolving threats. This need for speed is driving risk teams to upskill, changing risk culture, simplifying standard ONFR tools, and leading to new data and tools being developed.
Generating value from new insights
ONFR will add most value by developing new insights that meet the evolving demands of senior management. The
aim is to go beyond sharing insights from within specialist risk silos and to bring new information to bear on external, ecosystem and emerging threats by understanding those complex interconnections and the non-financial impact. By bringing together all this information, firms can prioritise their risks based on a whole assessment of the impact on the business.
Be ready for the future of risk management
Read the white paper, Our strategic vision for operational and non-financial risk, for more insights and to find out how you can support your firm in today's digital world.
