This site is part of the Informa Connect Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

Risk Management
Non-financial risk

Cost out, value in: How risk transformation could become self-funding

Posted by on 12 February 2021
Share this article

The growing need for transformation

The increasing challenges of managing risk are especially acute within financial services. As I outlined in an earlier blog, a combination of digital transformation and shifts in social attitudes are extending risk horizons beyond credit, market, and other financial exposures, towards non-financial drivers of risk. This demands new forms of risk monitoring, mitigation, and commercial optimisation. It also calls for scenario plans for the uncertainties and ‘tail risk’ vulnerabilities that can quickly erupt into major strategic threats.

Meeting these demands is likely to require a wholesale rethink of risk management priorities and a reconfiguration of risk management capabilities. The guiding principles and objectives for this transformation include making sure that it's designed with the expectations of customers and society in mind. It’s also important to clearly align risk management with the strategy, purpose and values of the business, rather than just laws and regulations. Businesses will need the capabilities to operate in a predictive, preventative and proactive manner. And they'll need to be able to make the most of next-generation technologies to deliver advanced insights, real-time risk monitoring and crisis anticipation.

Further priorities include working out how to manage risk within today’s complicated ecosystems. Conventional risk management frameworks are not set up to monitor and control the risks that stem from so much reliance on different partners and so much data traffic moving between them. Start-ups are accustomed to operating within such ecosystems and have sought to put in place the necessary oversight and control. Established institutions still tend to have work to do.

Progress mapping identifies key priorities ahead

How are risk teams performing? Our ‘fit for the future’ assessments rate an organisation’s risk management capabilities across five key dimensions: skills, taxonomy, digitisation, strategic alignment and cost effectiveness. The results help organisations to identify strengths and weaknesses, compare themselves against their peers, and target limited resources at where they can make the most difference.


Typical fit for the future benchmark assessment | Source: PwC

01 Typical fit for the future benchmark assessment, Source PwC

The fit for the future assessments reveal the progress being made across the FS industry in managing non-financial risks. These include cyber, operational resilience, and financial crime. Environmental, social and governance (ESG) issues are also moving to the centre of the agenda, as highlighted during December’s RiskMinds International conference. What marks out the top-rated organisations from the industry pack is the extent to which risk teams understand the dynamics and implications of these non-financial risks. Risk strategy and governance are also closely aligned with the changing purpose and values of the business.

The main weaknesses centre around analytics and insight. The chief stumbling block tends to be lack of funding. The tightening squeeze on margins and returns has left a big gap between how much investment is needed in these areas and how much is available. Indeed, risk teams are under increasing pressure to cut costs and deliver more for less.

However, some FS organisations have been able to make strong progress on the development of their analytics capabilities. Moving to the cloud is the starting point. This can drive out needless costs and sharpen operational agility, while laying a platform for next generation technology. The leaders are also marked out by three further attributes: digital upskilling, a problem-solving mindset and close engagement with business teams. Together, these improve their ability to respond to emerging risks and make the most of the latest tools and technologies.

Invest to save

Are the front-runners spending more than the industry average on risk transformation? In most cases, no. In fact, many have found ways to make transformation largely self-funding – reducing costs with one hand, while investing with the other.


02 risk transformation

Source: PwC

How can your business strike this balance between cost out and value in?

1/ Set a clear vision

While limited resources will inevitably curtail some plans, leading organisations have still been able to set a clear vision for risk transformation, then work towards it in iterative steps. The blueprint for the future focuses on technology and operating model transformation, along with associated upskilling and new ways of working. The vision also includes how risk teams should engage with the business frontline and the role they play. For example, rather than just a yes or no to strategic plans, there are now more opportunities to work with the business to balance risk and reward as part of the tech-enabled and problem-solving approach.

2/ Assess your fitness for the future

Assessing your capabilities against key transformation dimensions can help you to identify areas in most urgent need of improvement. It can also enable you to develop a clear business case for funding and create a baseline against which to gauge progress and return on investment.

3/ Take your cue from the business

By focusing digital investment on specific use cases or solving particular issues within the business, you can boost the benefits and accelerate the financial payback. Savings of between 15% to 30% can be achieved through this targeted, business-led approach. While some objectives take longer, it could take less than a year to achieve key gains in areas such as implementing specific process workflow simplification, delivering a rapid analytics proof of value, or realigning the three lines of defence.

If you would like to discuss any of the issues raised here, please feel free to get in touch.

© 2021 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see for further details. This content is for general information purposes only and should not be used as a substitute for consultation with a professional advisor.

Share this article

Sign up for Risk Management email updates