4 Questions Risk Managers Must Ask to Build Resiliency

The financial services industry played a role in the economic downturn of 2008. In an about-face, financial institutions will be the catalyst to drive the economic recovery from the impact of COVID-19 by adjusting their risk management strategies to the “new normal” for all aspects of business operations, IT and partnerships.

Financial institutions are focused on several priorities now. Increasingly critical are profitability, balance sheet management, and data security focused on preventing fraud, cyberattacks and internal threats.

Tool evaluation and deployment to address fraud and cyber threat prevention are necessary for mitigating risk via digital delivery and fulfillment channels as well as schemes and collusion with business partners. Credit risk management agility regarding policy, process and tooling is equally critical and must span the product lifecycle, customer segmentation, and seasonality (traditional and behavioral). These activities, in turn, drive model adjustments and tailored treatment strategies to optimize customer acceptance, portfolio performance and regulator expectations.

As financial services firms see their customers, employees and portfolios impacted by the COVID-19 pandemic, here are four questions risk managers must ask:

Are our risk strategies and controls sufficient and standardized to keep up with new customer behavior, threats and compliance expectations?
As individuals across the nation lose jobs, and requests for new credit extensions significantly increase, financial services institutions must make sure they can effectively measure their exposure to potential future losses. FSIs must also avoid the temptation to relax credit standards to meet profitability targets.

Risk strategies should be recalibrated to address the increase in requests for credit while anticipating significant losses. Recent forecast models project that the national unemployment figures will exceed 25%. The population will fall into four segments:

1. Those customers who have adequately prepared and have the necessary level of reserves to weather the storm.
2. Those businesses that will require the stimulus package to remain solvent and in business until the economy returns to normal.
3. Those customers who will need a short-term loan but will eventually recover to profitability.
4. Those customers who will take the stimulus package/loan that never had any intention of recovery or business reopening.

Recommendation: Properly identify each population segment and tailor the credit risk management strategies to address each, based-on profitability-based policies and treatment strategies. Verify that your risk controls are standardized across the organization and if they are predictive versus reactive. Also, look for opportunities where data and analytics tools can provide predictability.

Can we keep up with accelerating cyberattacks and fraud?
As every interaction moves online, threats of PII data breaches and the creation of synthetic IDs has never been higher. Recent studies on 2018 write-off data for cards identified 20% of those accounts were the result of synthetic fraud.

Recommendation: Do a forensic autopsy of your write-off portfolio, and build the analytical models to identify potential synthetic fraud accounts. Models should consider how the customer was acquired, frequency of transactions, and credit usage behavior.

Does my identity and access management approach empower our people to work from home?
As our workforces now have to work remotely, financial services firms must make sure that employees can have friction-free, productive experiences from home at the same time they protect their systems from cyberattacks.

Recommendation: FSIs should evaluate the effectiveness of the multistage authentication, biometrics, and digital security tools in place. Start with an assessment to determine your readiness to implement Attribute-Based Access Control (ABAC) solution for identity access management for internal/external employees and contractors. Migration to an ABAC solution (while not the right model for all institutions) provides an enhanced level of risk controls for unauthorized access by internal/external resources into critical FI assets, tools and applications. The responsibility and control for access is now moved to the First Line of Defense (FLOD), which is in alignment with the OCC’s heightened expectations for risk controls and automation.

Are my back office operations ready to handle potential remediation to correct errors in PPP loan processing?
A flood of applications from commercial and small business customers who applied for Paycheck Protection Program (PPP) funds required FSIs to allocate resources to meet this demand from areas not experienced in loan process/due diligence.

Recommendation: FSIs should look at partners to perform a forensic review of loan samples to identify any potential errors in processing, which may impact the SBA from guaranteeing the loan. Loans not processed per the SBA guidelines may be rejected by the SBA buy back policy. The industry should be prepared to retain non-performing loans and to see increased defaults due to business failures or funds not being used for the intended purpose per SBA guidelines.

Find out more
Learn more about NTT DATA’s Risk and Compliance practice and how we can provide outcome-based value to your risk management methods.

Visit our latest COVID-19 resources.

Read all our blog posts related to COVID-19.