Ensuring resilient response capacity in risk management, whether financial, operational, compliance or strategic, is an essential responsibility of traditional risk office management. Therefore, acting consistently on the teams’ effort-impact matrices is fundamental, but is this, downstream, a success metric in itself?
The journey of automation, digitalisation and even artificial intelligence in organisations that are pillars of the stability and security of the financial system is not only about guaranteeing the present, but above all about a lasting legacy. So, to do the extraordinary is, in my experience, to ensure that this vision has an actionable plan, that the team acts committed and that regular monitoring embraces an enhanced continuous improvement cycle – in other words, based on daily increments of 4 per cent above the ‘baseline’ of comfort required for evolution in flux, not just 1 per cent.
Following this premise, the adoption of a risk intelligent hub (RIH) provides multifunctional management of heterogeneous data in a more proactive, precise, agile and efficient way. A platform that acts to cauterise the entropy of banking system processes, through an interoperability centre between organic units, where the quality of information goes beyond the limits of business intelligence (BI), data centralisation, mitigation of redundancies in data warehouses or even robust storytelling based on pre-attentive attributes.
It is through an intelligent supervision framework that RIH enables fintechs, hedge funds and investment and retail banking institutions to adopt a risk management and decision-making plan that is increasingly guided by predictive modelling in big data analysis. Driven by technologies such as machine learning, deep learning and statistical modelling, integrated into data science or the Internet of Things, the exploration of deeper insights has never been so direct and important.
One of the pressing opportunities of the integrated use of these technologies is the identification of ‘near miss’ operational risk events related to information and communication technologies (ICT). Recalling media articles in 2024, it was reported that in the first five months of the year alone 8,000 electronic frauds were recorded, with financial losses of around 112 million meticals, following a historic 180 million meticals in 2023.
Family tensions over the future of the company represent an obstacle that can jeopardise the stability of the business
For cases like these, risk management using IRH makes it possible, in perfect situations, to eliminate ‘dwell time’, increasing the capacity to prevent incidents related to information systems failures, ‘social engineering’ attacks such as ‘phishing’ or ‘pretexting’ or other types of cybersecurity failures, because the models used are trained and dynamic. Objectively, this renewed capacity for vigilance in institutions, even more relevant for periods of alert or critical fraud patterns, leads them to adopt new methodologies for analysing vulnerabilities in their systems. It also leads them to prepare mitigation plans that are truly aware of the reengineering needed to act on internal security failures, i.e. even before they materialise into actual losses.
Furthermore, looking at the European Banking Authority’s (EBA) guidelines, it is clear that the regulatory relevance of standardising organisational groups has increased, as has the readiness to provide information in greater volume and complexity; talking about institutions as preponderant as the International Monetary Fund (IMF), the Basel Committee on Banking Supervision (BCBS) or even the Financial Stability Board (FSB) is not at all dissimilar.
So IHR is not just a landmark technological innovation for the future – it is already a valuable paradigm shift in the way we manage risk. This push to migrate from reaction-centred risk mitigation plans (almost from a ‘lessons learned’ perspective) to a proactive model (based on identifying ‘outliers’ in real time) is a Herculean step, not only for the robustness of financial institutions, but ultimately for the robustness of the economy in general.
Therefore, if the risk management strategy does not include data science frameworks or an IHR pilot in the short or medium term, the central question becomes: what strategy should the organisation adopt? Should the transformation be planned primarily to accelerate early warning systems (EWS), to monitor key risk indicators (KRIs) in real time or to leverage the stress testing framework? The script that guarantees sustainable transformation, whatever the choice, involves the essential responsibility of the teams to ensure that the priorities lead to the success of doing the extraordinary. This is, in all its subtlety, the decisive redefinition of the financial sector’s legacy.
