Enterprise Risk Management and RegTech: A Dynamic Duo
- Faline Rezvani
- Aug 22
- 4 min read
Risk management is present in daily life. We weigh the potential for poor dietary choices to have adverse effects on our health, or the potential for discretionary spending to prevent us from reaching financial goals. On a larger scale, an enterprise must itemize and prioritize all risks to gain momentum, succeed, and indeed, comply with regulations.
Enterprise Risk Management (ERM)
ERM strategies are designed to maintain the health of a company and withstand fluctuations, creating the opportunity to take bigger risks and meet long-term goals. Desired outcomes of ERM include cultivating risk awareness and responsibility, establishing the acceptable risk level for meeting business objectives, or risk appetite, developing risk responses, and preparing for emerging risks related to climate-change, or new products and services.
Financial Institution ERM
One example of ERM principles put into action is the PNC Bank ERM Framework, outlining control points where it’s crucial to identify, assess, monitor and report risks.
Credit Risk - The potential for financial loss that a lender, creditor, or investor faces if a borrower fails to repay a loan or meet contractual obligations.
Market Risk - The potential for financial losses resulting from fluctuations in overall market conditions.
Liquidity Risk - The potential difficulty of converting assets into cash quickly and at a fair market price to meet financial obligations.
Operational Risk – The potential for losses stemming from inadequate or failed internal processes, people, systems, or external events. The Basel Committee on Banking Supervision (BCBS), established in 1975 to improve the quality of banking supervision worldwide, has identified seven risk domains within the Operational Risk category.
Internal Fraud
External Fraud
Employment Practices and Workplace Safety
Clients, Products, and Business Practices
Damage to Physical Assets
Business Disruption and System Failures
Execution, Delivery, and Process Management
Strategic Risk - The potential for a company’s strategic choices to jeopardize its financial well-being and sustainability.
Reputational Risk - The potential harm to an organization’s reputation and credibility resulting from negative publicity, actions, or decisions, both within and beyond their control.
Conduct Risk - The potential for a company’s and it’s employees’ actions and behaviors to lead to negative consequences for customers, stakeholders, or broader market integrity.
Visit the PNC Bank website to learn more about their ERM Framework.
Governance
The Sarbanes-Oxley (SOX) Act of 2002 aims to protect investors by ensuring transparency in reports and reliability of financial statements. Sections 302 and 404 state senior executives must certify the accuracy of financial reports and rigorous internal controls must be in place.
Financial institutions demonstrate compliance through reports submitted to the U.S. Securities and Exchange Commission (SEC). The U.S. Federal Reserve’s Comprehensive Capital Analysis and Review (CCAR) exercise is an annual stress-test assessing capital adequacy and planning processes.
BCBS’s Principles for Risk Data Aggregation (BCBS 239) sets standards for accurate, comprehensive, and timely data. BCBS 239 encompasses 14 principles, which fall into four categories:
Governance challenges faced by bank holding companies (BHCs) include navigating the fines of non-compliance, which can be well over double the cost of investing in governance solutions.
Automation in ERM
The ability to conduct accurate monitoring and reporting directly affects a financial institution’s ability to meet regulation requirements. By rigorously managing historical, unstructured, and real-time proprietary data, financial institutions can unlock the potential to serve underbanked populations and achieve the following machine learning goals:
Model credit risk using loan performance data
A support vector machine (SVM) classification model efficiently and accurately determines credit risk.
Detect conduct risk, abusive behavior, credit card fraud, and combat the financing of terrorism (CFT)
Benefitting from many decision tree models working together, random forest classification uses ensemble learning to reduce variance in fraud detection results.
Deep learning, or neural network-based models make decisions based on a series of weighted values to detect sequential transaction patterns indicative of terror financing.
Establish anti-money laundering (AML) programs
Employing a combination of clustering and isolation with the logic that outliers will require fewer splits, anomaly detection becomes more effective.
Simulate stress scenarios
Utilizing a top-down approach, pre-provision net revenue (PPNR) and net charge-offs (NCO) forecasting is improved to obtain more accurate Tier 1 common equity capital (T1CR).
Streamline workflows and data management
Harnessing intelligent document processing (IDP), users create an interface to separate, classify, and extract unstructured documents.
These are just a handful of explicit use for automation. On a grander scale, financial institutions have the opportunity to invest in solutions that steward the process of automation integration. Regulatory technology (RegTech) companies take on the role of trusted AI industry expert operating with the intent to meet governance, risk, and compliance (GRC) requirements.
Regulatory Technology (RegTech)
RegTech addresses the challenges that arise from implementing an ERM framework along with GRC requirements. RegTech providers offer preventative and detective controls and generally fall into three categories: regulatory compliance, risk management, and financial crime.
Comments