During the last decade, the business landscape of both industrial companies and financial institutions has become much more digital in its essence. In particular, the constant flow of information has given companies the opportunity to think and act on data, as well as to rely on innovative ways to produce new products using emerging technologies. Despite the countless opportunities and benefits, many companies still struggle with harnessing the true power of data when formulating business strategies and marketing plans, as well as for R&D, risk management, product manufacturing and distribution. While there are many possible explanations for this, recent studies and experience suggest that the biggest challenges in utilizing data include lack of visibility into enterprise data, an excess supply of technologies based on complex mathematical concepts, exponential growth in data size and traffic, reliance on manual processes, a complex regulatory environment, and budget, staffing and time constraints. Collectively, these challenges often cause companies to adopt inefficient, expensive and high-risk systems and models, especially in areas such as Machine-Learning, Robotic Process Automation (“RPA”) and Artificial Intelligence (“AI”).
Technology solutions
For risk managers, the recent trends in technology and data have presented numerous opportunities and solutions. These solutions are referred to as “Risk Analytics”, and include a wide range of systems, models and programming languages that make it possible to measure, quantify and predict adverse events or risks. Risk analytics solutions are generally divided into four levels of maturity and complexity:
- Infrastructure and Foundations of Data – This is the most basic type of analytics (and perhaps the most ignored of), and generally includes mapping of information sources to systems and databases, adopting Big-Data platforms, creating data-pools and establish robust IT governance frameworks.
- Descriptive Solutions – This type of analytics includes models and algorithms that extract insights from data sources, both structured and unstructured. Popular examples include dashboards and Interactive reports, and network analysis. Whatever the solution may be, when insights are extracted from data, ideas begin to formulate, and good ideas often translate into the adoption of technologies that are more likely to benefit the organization.
- Predictive Solutions – These solutions aim to predict or classify current or future events, based on historical or real-time data. Popular examples include machine-learning models for prediction and classification, time-series forecasting, and regression/correlation analysis. Once organizations can predict events accurately, they are able to overcome most of the challenges mentioned above.
- Prescriptive Solutions – This type of analytics is intended to inform decisions and prescribe the best future actions to mitigate risks, and usually involves advanced AI systems, cluster analysis and other types of anomaly detection models, robotic process automation, and even complex system optimization algorithms.
Technology Risk Management
- Conduct technology risk assessments across legacy and core systems, financial modules and Enterprise Resource Planning (“ERP”) systems, in accordance with best practices such as COBIT;
- Conduct Information Systems audits (“IT audits”), including testing of system permissions and user management, as well as segregation of duties;
- Conduct readiness assessments for IT compliance standards such as ISAE3402 (SOC 1/2/3 reports);
- Support IT and digital transformations in organizations and/or specific business units;
- Assist companies with IT vendor assessments and software selection for financial risk management, anti-money laundering and other compliance management systems (e.g., GRC).
Risk Analytics
- Design and deliver analytical models and frameworks across risk management, compliance and internal audit function, focusing on procurement or accounting fraud detection, detection of operational anomalies, AML/CFT transaction monitoring, and other challenging business cases;
- Conduct statistical analysis using big-data environments in order to improve monitoring systems in terms of efficiency (false-positives) and effectiveness (true-positives);
- Provide crisis response and conduct electronic investigations using advanced e-Discovery tools and techniques.
Capital Market Activity
- Advising companies on how to design effective operational processes, policies and procedures that align with both IT and operational units;
- Implementation of IT governance frameworks – design holistic frameworks, IT governance structures and policies, internal controls and other supporting processes;
- Selection and implementation of EDM systems.
Information Security and Cyber Risk Management
- Conduct cyber risk and security risk assessments;
- Carry out internal audits focusing on cyber risk areas;
- Assist in the implementation of cyber, information security and privacy regulations in banking institutions, investment firms and other capital market participants;
- Design and implement information security policies and procedures;
- Conduct readiness assessments and assist in ISO 27001 certification processes;
- Conduct regulatory reviews and gap assessments relating to GDPR and similar regulatory requirements;