The technological tools at the front office control function’s disposal are improving rapidly. 1LoD asked Claire Lincoln-White of New Link Consulting: Are we doomed to a tech takeover or can we embrace such changes?
It’s a bewildering new world out there, and understandably many firms seek the advice of others. Claire Lincoln-White is a co-founding partner of New Link Consulting, a management consultancy firm that provides a comprehensive portfolio of consultancy services to clients in financial services through their expert practitioners and industry expertise. Lincoln-White established New Link Consulting seven years ago and has experience in both consultancy and senior banking roles, with special skills in non-financial risk management.
Lincoln-White recognises that all control functions are buffeted by the winds of change, whether through regulation, external events or an organisation’s appetite for risk. However, she believes that such functions should embrace the opportunities and challenges that nascent technology offers and must keep ahead of the change curve.
“The control functions in the 1st line of defence need to be able to see where the emerging risks are coming from, rather than reacting after the event. New technologies can facilitate that. Artificial intelligence using predictive analytics is now commonplace and robots can perform roles in processing and operating controls that have previously been done by individuals.
Subtle and smart
Controls won’t be underpinned by binary business rules in quite the same way going forward. For example, a firm might decide to implement a blunt rule to stop any payment over a certain size from automatically being processed because of the serious implications of error in a trade of that size. However, there are plenty of legitimate large transactions, so using a blunt business rule not only means applying an unsophisticated risk-based approach to managing the control environment, but also increases staffing levels to review every designated large payment.
In contrast, machine learning establishes what looks like a ‘normal’ payment, so it only flags those that are identified as ‘abnormal’ before any payments are made. This provides a more sophisticated approach to operational risk management and an improved staffing efficiency.
But this poses questions about how control functions will assess whether those controls are adequate and effective. Traditional testing and assessment methods are unlikely to work, so control functions need to think differently about the risks encountered and the mitigation of them.
Watching and learning
Surveillance techniques using technology solutions can also identify patterns of behaviour and are now increasingly being used not only by 2nd line compliance functions, but also by control functions in the 1st line of defence, including those in operational and trading functions. For example, technology can quickly link data identifying a change in an individual’s trading behaviour to secondary events, such as change in the times when he or she comes into the office or social media activity, to identify potential collusion risk.
Technology will help control functions predict dangers like this, so the firm need no longer accept them as an expected risk of doing business. Overall, the environment is much more data-rich than before, thus giving more opportunities to see trends and highlight abnormalities much faster.
Banks (some more than others) are spending millions annually on technology as they begin to see the long-term benefits. While the initial investment can be significant, it means that the firm can break the link, and cost, between changes in business and impact on human capital levels.
Operational risk management techniques have traditionally tended to look for scenarios to identify risk events but identifying what the next scenario will be is difficult. Banks need to harness technology to look for the abnormal without predefining what abnormal is.
I think up to now the control functions in the 1st line have been under-invested, but this is going to change. Banks need to keep up. Even the smaller firms will need to invest in more non-financial risk management technology, though they will be able to take less customized, off-the-shelf products because their operations are less complex.
There is still a need for people with risk management skills who understand controls, but I expect that banks will increasingly look to recruit people with significant technology skills in order to understand emerging risks, even outside of the technology functions themselves.
Within this new world of risk management, there’s an excellent opportunity for banks, and in particular control functions, to attract exceptional individuals from both financial services as well as those from outside our industry. I think it’s much more exciting to look forward than backward, and this is the time for control functions to embrace the change and add increased value to the businesses they operate in.
We’re far from doomed.”