The evolution of non-financial risk

As featured on BusinessMirror: The evolution of non-financial risk 

In the ever-evolving landscape of financial services, the significance of non-financial risk (NFR) management has become increasingly vital. Over the past fifteen years, marked by revolutions in service delivery, operational practices and the paramount importance of trust, organizations find themselves navigating a changing terrain. As the next few years promise accelerated change amid digitization, geopolitical shifts, AI adoption and complex workforce dynamics, proficiency in NFR management emerges as a critical factor for responsible operation and prosperity.

Defined broadly as all risk types excluding credit, market, interest rate, and liquidity risk, NFR encompasses operational, regulatory, environmental, social and governance risks. Ineffective management of these risks has led to substantial losses across industries, emphasizing the need for enhanced risk practices. Looking forward, NFR is poised to remain a focal point for regulators and businesses, with stakeholders demanding transparency and accountability.

KPMG International’s latest paper entitled ‘The evolution of non-financial risk’ addresses the imperative for organizations to equip themselves with the tools and resources necessary for resilience against emerging risks and innovation in risk practices, focusing on five key elements for futureproofing:

The future of NFR is one of convergence and integration across risk types, the business and business support functions. As organizations become more complex and interconnected, so do the risks they face. This means that traditional siloed approaches to risk management are no longer sufficient. Instead, organizations need to adopt an integrated approach across all three lines of defense that considers the full range of risks they are exposed to.

Risk Management Frameworks (RMFs) provide the guardrails for managing risk and outline the ‘rules of engagement’ for dealing with emerging threats. Current frameworks are often rigid when responding to shifts in the external or internal environment, resulting in challenges when embedding and enforcing frameworks into the broader business.

RMFs can be perceived as servicing regulatory requirements, adding little practical value and often becoming outdated. By ensuring that frameworks are dynamic and efficient, organizations provide their risk community with optimal conditions to practice effective risk management.

NFRs are inherently difficult to quantify. However, organizations that aim to identify and prioritize risks effectively should have an element of automated risk MI to support efficient assessment of the likelihood and impact of risks — enabling the effective development and implementation of risk mitigation strategies.

Many organizations have dedicated teams solely responsible for the aggregation, analysis and formatting of MI for regular governance meetings creating significant overhead costs. The resulting MI is often outdated (sometimes over a month old) and does not provide sufficient or accurate information for management to make informed decisions. For example, in the financial services industry, it takes, on average, nine days from identifying a control violation until it is reported and communicated to the control or process owner.

To ensure improved risk mitigation and operational efficiency objectives are met, businesses need an Integrated Risk Management (IRM) ecosystem that harmonizes solutions across one or more platforms. This ecosystem should cover all three lines of defense using a common set of integrated policies, technology and data.

Most systems architecture today lacks the necessary tools for effective data aggregation and reporting. While policies and procedures are firmly in place, the organization of these systems remains somewhat disorganized, with each operating in isolated silos. There is a clear need for improved collaboration and insights across different business areas, but there is no ‘one size fits all’ approach to achieving IRM with technical solutions. The right approach depends on several factors, including an organization’s key reporting needs, existing assets, licensing agreements, centralized versus decentralized governance approaches, investment ability and willingness to challenge its current ways of working.

Intelligent automation (IA) is the combination of automation and artificial intelligence (AI), which has emerged as a game-changer in the business world. Its transformative potential is highly useful in addressing NFRs, not by replacing human resources, but rather by collaborating between people and technology, to achieve the best possible risk management outcomes.

According to KPMG 2023 CEO Outlook, business leaders across sectors are focused on investing heavily in disruptive technology and financial services CEOs are no exception, with 72 percent agreeing that generative AI is the most important investment opportunity for their company.

The age of IA is here, and there is no turning back. Organizations implementing IA have reported significant returns on investment (ROI) and efficiency gains. Forrester Research predicts that IA will significantly impact the global financial services industry, increasing revenue by up to 15 percent and reducing costs by up to 20 percent. The research indicates that AI and IA can automate up to 40 percent of tasks currently performed by humans in the financial services industry. This will free employees to focus on more strategic work.

Successfully navigating the journey ahead will likely demand innovative non-financial risk management that positions businesses to operate responsibly and prosper in the future. Organizations that fail to address these risks may face significant financial consequences and loss of consumer trust. Change is inevitable. And the time to act is now.