Three steps to value-adding risk management within Nordic financial services

By Alexander McGill

As a leader in financial services, you know it’s complex when the quantity of non-financial risks feels innumerable, and the level of complexity unprecedented. And while terms like permacrisis, polycrisis, or VUCA (volatile, uncertain, complex, and ambiguous) go some way to capturing the mood – they do little to offer solace or direction in difficult times.

The current level of complexity comes from the fact that while financial institutions are well versed in how to handle financial risk, dealing with non-financial risk is hard – and getting harder. This could be through changes to global security apparatus, worsening economic conditions, evolving social and consumer expectations, and new laws and regulatory demands.

Signs of encouragement

It’s an area we’re deeply interested, and invested, in. And we’ve been helping financial services leaders in the Nordics, and beyond, grapple with these changes. For example, exploring the future of financial services, unlocking the potential of AI, and understanding risk management in a world of conscious consumers.

To build on this work, we spoke with leaders in this space to understand approaches to non-financial risks, and the challenges to progress. We know that Nordic financial institutions have invested heavily in this area over the past decade. And the good news is that they’re seeing the results, with stronger governance and much more awareness.

These efforts, supported by regulatory requirements and supervision, are now reflected in an improved risk management focus. This is developing into the maturity level needed to meet both national and international standards. But there are still plenty of challenges, and financial institutions need to prepare.

Key areas of focus

Our sample survey of Nordic FS professionals working in and around risk management identified a number of trends and key challenges. We found that:

  • People are seen as the greatest enabler of effective risk management (by 73 percent of respondents)
  • Risk culture is the top obstacle to effective risk management – cited by 63 percent of respondents
  • Data is seen as both the next biggest obstacle (by 55 percent of respondents); and also as the greatest enabler of risk management over the next 4-5 years.

These challenges are significant. And the above only hints at their depth. From our interviews, we know it’s hard to recruit and retain people with the right experience. Demand for talent outstrips supply. One business we spoke to needed to recruit 220 people in one quarter. And as new challenges come along, especially around cyber and data, organisations will need to recruit people who can handle evolving risk management challenges now, and in the future.

Interviewees told us that their risk culture often prioritises processes and execution rather than outcomes. Risk management is currently seen as something that has to be done – at large cost and expense – rather than a value-add activity that brings business benefits. For many institutions it becomes a numbers game. When risk is seen in this way, financial institutions miss the valuable content that comes from a more proactive approach.

Data is already core to risk reporting, and is only going to become more important. Yet many institutions have yet to tackle a full cleaning and storing data process. Without access to quality, relevant data, it’s hard to progress. And it’s difficult for many institutions to find the right technical solution for data gathering in the future – especially finding something that works for the customer, the organisation, and regulators.

How can leaders prepare?

Getting your organisation ready for future risks isn’t just a box to tick, it’s a business opportunity to grab. The right foundations are in place, but Nordic financial institutions will need to make significant investment in the next four to five years to prepare for the changing risks.

In our view, there are three truths that leaders can lean on to elevate their risks management approach. Behind each of these are steps that merit careful consideration. So, while we touch on the actions here, we’ll be further exploring them in a series of upcoming articles:

People are your greatest power

In an age of technological leaps, it’s tempting for many to be distracted from the perennial truth that people will largely remain both your greatest vulnerability – but also your greatest opportunity.

That’s not to deny that tech advancements will be able to remove some of the more manual and procedural aspects of risk management. But when it comes to complex decision-making, weighing up nuance, and applying wider situational awareness, humans remain at the centre of strong risk management.

As such, retention and competency development will continue to be key to keeping qualified and experienced colleagues. The two are inter-linked, with investment in development demonstrating commitment to continued growth. For example, investment in both new technologies and training to use them will demonstrate that you see technology as a way to augment – not replace – human talent.

Culture should be a positive enabler; not a blocker

The renewed and matured focus on governance and processes isn’t going away. We see this as an indication that embedding risk culture is also going to be crucial in the coming years, not just in second- and third-line roles but across the whole organisation.

We expect significant investment on risk culture initiatives. With the right approach, culture could switch from a blocker to an enabler. A more positive and open culture around risk management could also make it easier to attract and retain the right people. Moreover, open dialogue can help create a common understanding and taxonomy around risk management.

Tone from the top plays a major role – if leaders can talk about risk in the right way, it changes the attitude and outlook for the whole business. And the success of both governance and processes will be linked to available data and reporting.

Data is core to risk reporting

Data is perceived as a key obstacle both for now and the future. This could reflect a lack of confidence among institutions that they’ll be able to improve their data capture and analysis in the future.

The quality of data correlates directly with the quality of risk reporting. Bad data makes it increasingly difficult to do risk reporting well, creating functional conflicts, potentially draining the organisation of energy and resources. With bad data in the centre, technology can’t perform at its best, creating an additional cost, an additional process, and an additional obstacle to risk management.

As a result, any technology risk strategy must ensure designated data governance, including who’s responsible for data management and keeping processes coherent through the whole organisation.

Coming next

This article is part of a series that delves into the future landscape of risk and regulation in financial services. In our ongoing exploration of this critical domain, we aim to empower leaders with insights and strategies to navigate the evolving landscape of risk management.

About the authors

Alexander McGill PA financial services expert Alex works with clients across the Nordics, Europe and UK to optimise their approach to non-financial risk management and financial crime prevention. He brings extensive experience working with global banking groups and financial services regulators across the region.

Explore more

Contact the team

We look forward to hearing from you.

Get actionable insight straight to your inbox via our monthly newsletter.