Automation to improve risk governance | KPMG | KE

Automation of information to improve risk governance

Automation to improve risk governance

Quality and timeliness of information a major challenge for board risk committees. Automation can help.


Related content

Business people in a discussion

The best business decisions are based on relevant, comprehensive, actionable information, and the work of the Board Risk Committee (BRC) is no exception.

The BRC sits at the top of the systemically important banks (SIBs) framework of risk governance and in this regard has two primary functions: to set expectations and to review reports to ensure that those expectations are being met. If it is not functioning well, the chances are that risk of one kind or another is not being managed effectively. Despite the importance of risk data to the overall risk governance of the organization, there are significant challenges faced by the BRCs. Our recent analysis of 20 SIBs highlights some of these challenges.

Top challenges for the board risk committee

Much of the information that passes through the risk department to the BRC is produced through systems with some manual intervention. The challenge is to obtain a more granular and detailed analysis of risk data that is available automatically. Various scenarios need to be run against the data to see what the impact would be of changing market conditions. Multiple systems and inconsistent data standards can cause this to be time consuming, reducing the time available to analyze the data.

One answer to the problem of quality and timeliness of information is to automate a greater proportion of the process of gathering it. While automation is needed at every point in the risk governance process, it is seen as a particularly vexing problem for banks when performing stress-tests, particularly when responding to regulatory requirements.

Top challenges for banks performing stress-testing

Half the SIBs in the survey perform five or more stress-test scenarios a year, but continue to require a significant amount of manual intervention. This is an onerous process, given the amount of data to be analyzed.

“The automation of risk-data analysis needs to be seen in the context of overall risk governance. It should enable people at key points in the risk architecture to have the time to think clearly of what the priorities are and how to deal with threats, both in the short- and long-term. Automation is an enabler.”

Michelle Hinchliffe, Partner KPMG in the UK 

While automation can definitely help, it is only part of the solution. SIBs also need to capture the right data, which requires well-designed models that neither raise alarms too frequently nor instill a false sense of confidence that the banks are operating within risk parameters.

© 2018 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.

Connect with us


Request for proposal