The time to invest in digital innovation is now

ARTICLE | May 30, 2023

How risk becomes reward

Asia’s banks are increasingly approaching risk management as the common denominator for linking historically siloed operations. What will make their strategy pay off?

The number of risk categories that Asian banks must deal with has skyrocketed from just 9 to 29 in the past two years- with customer data privacy, cloud risks and consent management, growing in importance, according to a ServiceNow-sponsored report by analyst firm IDC.

Asia-Pacific banks were far more likely to pay attention to operational resilience, cybersecurity, and climate risks than their global peers, according to the IDC report. Only two-thirds prioritised credit risk issues in their strategy, compared to the 98% global average who put credit at the top of their concerns.

“Historically, banks have focused on credit risk—but credit modelling won’t solve anywhere near all of your problems today,” says Radish Singh, ASEAN financial services risk management leader at EY. “Your operational risk is potentially your most intangible and least scientific category of risk, including aspects like cybersecurity or governance of digital transformation, and it can blow up extremely rapidly.”

“Banks have become painfully aware of the risks they face in every aspect of their business and that’s prompting some of them to consider if they can turn risk management into a real competitive advantage,” she says.

Chief risk officers are not able to solve the explosion of priorities without taking a hard look at the interdependencies that exist between employees, customers, technology, facilities, partners, processes, and more, according to Matthew Talbot, ServiceNow’s head of financial services, Asia Pacific and Japan.

“The only way financial institutions can compete with the rise in risk and compliance is by aligning their risk operating model with business growth while at the same time linking real-time data across the organisation,” Talbot says.

Talbot’s observations come as Asian banks double down on risk management in a volatile world. Research from IDC shows that 86% of Asia-Pacific banking leaders increased IT spending into cybersecurity and identity/access management, making it the most popular priority for tech budgets by a substantial margin. More broadly, the region’s top banks increased spending on risk from 23% of budget in 2018 to 30% in 2021.

Allowing risk management to connect banking functions that are traditionally siloed allows banks to simultaneously improve their overall customer experience.

“Risk management is a common denominator for all processes,” says Talbot. “With intra-office operational processes like issuing credit/debit cards, payments operations, or loans servicing, the process can stop for hours, days, or even weeks when the customer contributes. That’s because the data and workflow don’t flow seamlessly between siloed systems and departments.

“If you can integrate some of these traditional bottlenecks like risk and compliance controls, you can potentially bridge some of these silos and eliminate this stop-start disruption with a single view of the customer,” he says.

It’s an area where Asia’s banks have typically struggled, with only 25% expecting internal business processes to be “straight through” or fully integrated by 2025 – lower than customer-facing processes.

Using risk management to drive that integration and close the gap on internal processes would ideally also deliver a much more straightforward and speedy customer experience, especially for more complex transactions.

In many cases, newer digital banks have shown what’s possible leveraging straight through processing to bypass legacy systems and offer customers reliably faster interactions. Even so, silos still exist when it comes to risk and compliance and adapting to changes in regulation—let alone integrating new products—becomes challenging and in some cases financially unviable.

“There’s been a lot of money spent on front-end banking technology, but the middle-and back-office experience remains persistently fragmented or extremely rigid both of which cause immense frustration to customers and employees,” Singh says. “Tie the back-end together with a risk management lens that’s adaptable to change by default and you can expect customer experience to get much better.”

Making such changes would logically require banks to not just spend more on risk management, but also establish a single view of risk across the enterprise. That involves clear and consistent thinking about both technology and culture.

“You first need a single view of your risk footprint that ties together different risk controls across the full range of banking functions,” says Talbot. “But to get to a place where new functions or products are compliant by design, you need a culture of risk awareness throughout the business otherwise you’ll constantly find yourself playing catch-up.”

“You want that state where everyone factors risk into their decisions, adds Singh, “but it’s always going to be like pushing jelly uphill. There will always be lapses, even from the top.”

You want that state where everyone factors risk into their decisions, adds Singh, “but it’s always going to be like pushing jelly uphill. There will always be lapses, even from the top.

So where should banks begin? Most banks in Asia are off to a good start, with widespread support from boards and executives for risk management. The trick, according to Talbot, is sustaining that investment in the long term as the complexity and challenges evolve.
“You can’t stop regulation and you can’t stop cyberattacks, but you can admit that risk isn’t a one-off program,” Talbot says.
Singh also encourages banks to acknowledge their differing appetite for risk sooner rather than later. “Risk culture is never homogenous you’ve always got lines of business pushing to move faster while your second-line compliance functions say no,” she says.
Ultimately, banks need to acknowledge that setting a risk culture in place won’t happen overnight. “There’s no silver bullet to all of this,” Singh says. “Sometimes the best thing to do is reimagine the entire process of how different functions and departments work together. And that takes substantial and sustained effort, but it’s worth the effort in the long run.”


The self-optimizing enterprise

Related articles

Ensuring Singapore’s future growth
Ensuring Singapore’s future growth

Noted Singaporean economist and finance CEO Manu Bhaskaran shares his outlook on how the city-state will keep flourishing in the years ahead

From cloners to explorers
From cloners to explorers

Singapore’s future depends on its leaders embracing innovation—and difference

4 organisational truths to keep Singapore growing
4 organisational truths to keep Singapore growing

Sustaining the ‘red dot’

Singapore’s skills shortage—all in the mind?
Singapore’s skills shortage—all in the mind?

The secret to closing the skills gap in Singapore could be an attitudinal shift toward productivity and personal growth, says ServiceNow Asia HR Director Michael Tan

Loading spinner