Why risk management functions should cut costs now rather than face increased risk later

By Mark Flinders


In the wake of the financial crisis, the cost of complying with new regulations has risen dramatically for financial services organisations. Delivering regulatory change is an expensive business – so much so that, according to the Confederation of British Industry, banks now say that reducing regulatory costs should be the top priority for the UK government.

The rise in regulatory costs is tied, in part, to the expansion of the risk management function. Increasingly, however, the function is under the same pressure as other parts of the organisation to reduce costs. Shareholders concerned about falling margins want to see all functions – including the risk management function – play their part in delivering costs savings.

The danger is that indiscriminate cuts to the risk function could stop it performing its vital role effectively. If you are a Chief Risk Officer or Risk Operating Officer, you’ll know that the challenge is to identify areas where costs can be reduced without damaging the quality of the function’s performance.

By taking action now – and targeting areas for savings yourself – you are in a better position to protect the risk management function from less selective cost-cutting zeal that may eventually engulf the whole organisation. Managed in the right way, a review of costs can be an opportunity for the risk function to strengthen its operations and invest in areas that mirror the growth strategy of the business.

Where to begin?

No aspect of the function should be immune from scrutiny. But we know from our analysis that there are several areas where overspending is common. By making sure these are included as part a wider review of cost-efficiency, you can start to build a programme with the potential for significant cost savings. Here are three of the areas where we have seen significant opportunities.

Optimising staff location and workforce utilisation

The recent expansion of the risk management function has typically been fast, organic and locally managed. As a result, many risk teams are sub-optimally utilised, exhibiting duplication of roles and inefficient allocation of tasks. Our experience is that implementing a successful location and workforce strategy can reduce staff costs by as much as 25%. This can be done by pushing work closer to the end-user, aggregating work to gain economies of scale or redesigning roles to remove waste and enhance value-added steps.

Any new strategy must of course ensure that risk staff are where possible co-located with the businesses, branches and teams that they supervise, and that a strong knowledge of local regulations is maintained. Nonetheless, we often find untapped opportunities for reducing costs and maintaining performance.

Automating processes

Financial services companies have often found it difficult to automate risk processes. The complexity of the processes, the cost of automation tools and an aversion to the risk of system failure have all contributed to this reluctance. Today, however, the cost of automation has fallen and the intelligence of automation tools has increased – making automation a much more viable and attractive option.

Tools can now be ’attended’ (by staff) or ‘unattended' (running in the background using complex algorithms). Exceptions can be handled easily, with tools pushing certain steps for staff approval before resuming automation. In addition, user-friendliness has increased, making these tools easier to set up and maintain.

Automation not only has the potential to reduce staff costs, but to lead to improvements in quality and turnaround time for customers. Automation works particularly well for teams managing back-office, high-volume transactions but can also be applied to customer-facing processes. Our experience with large banks and insurance companies is that, in some cases, as much as 75% of a process can be automated leading to a commensurate decrease in staff and associated cost.

Harmonising policies and procedures

To reflect regulatory change, risk policies and procedures have changed rapidly and often reactively in recent years, becoming more and more prescriptive in a process referred to as ‘gold plating’. This can be driven by an over-cautious interpretation of regulation, and by a tendency to add new elements but not reconsider older ones. Examples we have seen include staff vetting requirements that are not commensurate with the role, customer identification procedures that are often repetitive and difficult for genuine customers to get right, or redundant levels of internal approval.

Although advanced analytics and machine learning provide exciting new tools, it is important to remain focused on outcomes, and to simplify policies and procedures, rather than make processes more obscure or complex for staff. Simplification, which nevertheless always ensures required standards are adhered to, will help reduce internal costs and sometimes even improve customer satisfaction and increase revenues.

For example, a small revision to the policies that determine whether a loan application or an insurance claim requires a fraud review or is suitable for ‘one-touch’ approval can have a dramatic effect. Fraud referrals (and workload for risk staff) usually fall drastically as a result, and companies can increase the percentage of instant approvals from low single-digit to high double-digit figures.

This process also applies to risk and regulatory models where their number, manual intensiveness and the frequency at which they are updated adds an often unnecessary expenditure of time and resources. In these cases, eliminating models should often be considered ahead of simplifying them or reducing their frequency.

How to protect performance

Like any area considered for cost reduction, the three we suggest above need careful analysis to ensure that any proposed cuts or change of approach do not have a detrimental effect on performance. And once implementation is underway, it is vital to continue to monitor quality and performance through a strong and effective reporting mechanism.

Good examples we have seen include simple but relevant project-level key performance indicators reflecting the cost and the quality of change; senior management participation with focus on delivery, rather than just upward-reporting; and more generally an agile approach focused on rapid identification, prioritisation and implementation of vetted opportunities.

There’s much to be gained from taking a proactive stance in shaping an effective cost-reduction programme. You can find yourself freeing up the financial and human resources that are critical to invest in innovation, new technology and growth areas, helping you position yourself for a stronger and safer future.

On the other hand, failing to act strongly now leaves you open to heavier, more indiscriminate cost-reduction demands further down the line that could undermine the function’s ability to perform and the organisation’s future well-being. At worst, you can actually end up increasing the organisational risk and creating further work for yourself down the line.

About the authors

Mark Flinders PA financial services expert

Explore more

Contact the team

We look forward to hearing from you.

Get actionable insight straight to your inbox via our monthly newsletter.