Risk Modernization | Cut costs, not quality

The cost to maintain effective, regulatory-compliant programs is at an all-time high, with ever-evolving expectations that will only add to operating costs. In today’s uncertain economic environment, minimizing cost and improving an organization’s efficiency ratio are at the top of nearly every C-suite’s agenda. In fact, according to a recent KPMG survey, 85 percent of firms are accelerating their cost-cutting efforts.¹

No department is exempt from this scrutiny, and risk leadership must be prepared to contribute to overall organizational cost-cutting targets.

Most efforts to date to reduce costs associated with risk management oversight and execution have failed to yield maximum and sustainable savings. In this paper, we explore practical approaches to reduce spend without sacrificing quality.

It is important to recognize that cost takeout is not the only transformation driver for the risk organization (Exhibit 1). Most organizations also have initiatives underway to support: growth or strategic change (via products, service, or delivery channels), effectiveness and efficiency improvements (e.g., quality, consistency, extensibility, and confidence), regulatory compliance with new or emerging expectations from oversight bodies, and/or efforts to “de-risk” or reduce risk exposure. These transformation efforts are not mutually exclusive, often intersect, and must be effectively balanced to not significantly impact one another with unintended outcomes.

Exhibit 1: Risk transformation drivers

A modern approach to risk management lowers costs while maintaining or improving quality. For risk executives, there are 10 primary cost-reduction levers to engage that can individually reduce costs but collectively yield significant costsaving opportunities:

1. Functional, organizational, and legal entity rationalization:

Rationalization of legal entity, functional, and organizational risk accountabilities to eliminate redundancies while aligning appropriate experience/skillsets in execution and oversight of risk taking

2. Product and channel simplification:

Rationalization of product offerings and channel delivery strategies to reduce the variability in associated risk and oversight burden, a decision that is typically led by the business

3. Location, geographic, or global sourcing:

Sourcing risk headcount from cost advantageous locations

4. Delivery model improvements:

Enhanced or streamlined operating models to execute risk requirements in a cost advantageous manner including use of centers of excellence, utility functions, or other consolidated delivery approaches; in many cases, these changes can be paired with low-cost  or global sourcing strategies

5. Outsourcing risk as a service:

Use of third-party vendors to execute select risk management oversight or execution activities on behalf of the first and second lines of defense

6. Integrating risk technology:

Common technology strategy to collect, maintain, and facilitate risk-related data (i.e., single platform or linked systems, data repositories)

7. Digitization of risk (e.g., cloud, automation, advanced analytics):

Digitized risk processes, documentation, and control environment including the use of automation and advanced analytics to gain efficiencies

8. Rationalizing foundational risk data and architecture:

Creating a single, rationalized, and clean source of truth of organization risk taxonomies, inventories, and data in an optimized architecture strategy

9. Risk simplification:

Alignment and rationalization of risk processes, assessments, and methodologies to streamline the annual burden of risk execution and oversight while still maintaining quality

10. Other expense optimization:

Rationalization of other risk oversight and execution-related costs not related to headcount, such as training programs and license fees

The sequencing of cost takeout efforts is critically important to get maximum benefit in the shortest timeframe. Traditional efforts to alleviate cost in risk management to date have yielded marginal results. These traditional efforts typically lead with technology or rush to automation without addressing the root causes that drive duplication and inefficiencies. These inefficiencies are then compounded as organizations move to establish centers of excellence to process high volumes of risk activities while still leveraging complex methodologies or include a push to offshore functions which still rely upon heavy onshore oversight.

Some of these efforts are being scrapped completely given the marginal yields and quality control issues to explore alternative delivery models, such as outsourcing to a third party, which often results in a loss of the upfront investment made. Unplanned and potentially short-sighted cost-cutting efforts are ultimately frustrating given the volume of rework, time to market, and multiyear investment required to yield marginal results or nonscalable solutions that do not keep pace with changes in the marketplace, evolving strategy, or modifications to regulatory expectations. The difference between strategic and thoughtful cost-takeout transformation versus near-term cost-cutting can be dramatic.

Sequencing cost takeout efforts through the lens of short-term savings and long-term savings can position an organization to methodically and purposefully build with the end result in mind. As illustrated, an organization should focus initial efforts on planning and ideation to clearly define intended outcomes and long-term target operating model. These are essential to maximizing cost savings with limited investment. Subsequently, organizations should then focus on enhancing root cause or foundational issues that result in higher costs before fully implementing the long-term vision.

While the long-term cost takeout opportunity is significant, it is equally important to demonstrate incremental savings and quick wins to both internal and external stakeholders alike. Some organizations are pursuing a dual track of cost takeout initiatives that includes utilizing short-term tactical solutions such as headcount or expense rationalization to reduce costs in quarterly increments while also executing against strategic initiatives to unlock maximum and sustainable savings. This approach has proven successful to demonstrate immediate savings to investors that builds to the strategic cost takeout vision and also garners organization support for further cost takeout investments.

Cost takeout efforts should be thoughtful, strategic, and coordinated. Before launching any specific initiatives, organizations should:

1. Identify and inventory existing direct and indirect costs associated with the delivery, oversight, maintenance, and execution of risk-related activities (across all lines of defense)
2. Clearly define the organization’s intended outcomes or cost-saving targets (both short-term and long-term)
3. Develop an organizational value proposition including expected return on investment
4. Define the “must haves” for go-forward risk programs and execution
5. Examine existing capabilities to identify redundancies, inefficiencies, and other pain points
6. Define and prioritize cost takeout initiatives with critical path sequencing
7. Understand other competing or complementary transformation initiatives that may consume organizational effort
8. Establish a multigenerational/multiyear cost takeout roadmap, which is integrated with other organizational initiatives
9. Establish quantifiable success measures to track and report progress
10. Socialize roadmap internally (and externally) to gain organizational buy-in
11. Start small and demonstrate savings fast (quick wins)
12. Continuously evaluate, challenge, and modify your roadmap as the organization and marketplace evolves