The pandemic has forced organizations to adapt and even to abide by a new playbook when it comes to risk management. Appian’s Jay Cherrie discusses what businesses can do to recalibrate their management of risk now with ease and speed.
We do so many things differently today versus a year ago: How we work, how we shop, how we get groceries, how we will inevitably vote. All this change is a nightmare for actuaries. Decades of experience assessing risks based on known behavior has gone out the window, requiring them to radically rethink how they assess risk.
It is the same for enterprise risk management (ERM) in the financial services world. COVID-19 and its impacts have demonstrated that change can be rapid, disruptive and nonnegotiable. Data-driven models that have correctly assessed risk over the past several decades need to be recalibrated for new realities and conditions.
Unfortunately, most financial institutions do not have the developer expertise or infrastructure to adapt their existing models. They require a new way of managing risk — one that enables business agility without adding cost, complexity and risk to their own processes.
The Pandemic Presents New Risk Assessment Challenges
Scan the latest headlines and you will undoubtedly uncover a number of new risks that are drawing the attention of regulators and auditors. COVID-19 has resulted in rising unemployment, small business failures and widening economic disparity, changing both short- and long-term outlooks. Moving in-person interactions to digital experiences has increased opportunities for fraud. Stimulus lending has raised many questions about how loans should be granted and who qualifies. And new social distancing and work-from-home policies make something as routine as onboarding a new employee or client a risky proposition.
Fortunately, financial institutions are already well-versed in the basics of ERM; they are able to identify risks, determine controls for mitigation, document approvals and periodically review and revise risk-related policies. However, the current economic outlook and simultaneous shift to new ways of working are pushing auditors and regulators to greater levels of scrutiny — particularly in the areas of credit risk, liquidity management (including stress testing) and security against data breaches. Withstanding shocks and emerging stronger in the post COVID-19 world will require a sharper focus on high-risk areas and regulatory audits.
Existing ERM Solutions Fall Short
Commercial off-the-shelf (COTS) solutions have become a necessary part of the ERM ecosystem. Yet, for risk managers, many lack adequate workflow capabilities and integration with other systems, while control owners often find them difficult to use. Financial institutions tend to fill in the gaps with spreadsheets and email, but using unstructured data to prove compliance can be problematic when it is time for an audit or regulatory exam.
Traditional ERM solutions also lack the agility needed to take advantage of emerging opportunities as a result of shifting socioeconomic and political trends — such as government stimulus programs or the opening up of an emerging market — laying bare the new risks and controls associated with them.
Even financial institutions with robust risk management programs are being challenged by the pace of change. COVID-19 showed that an unanticipated worldwide emergency can upend pre-existing norms within a matter of weeks. As we continue to adapt to the new normal, we need to acknowledge the likelihood of another unknown disruption and the impact it may have on risk assessment and management. If anything, COVID-19 has taught us that we can never get comfortable with the status quo. Things can change on a dime with little or no warning.
Enterprise Low-Code Platforms for ERM
Enterprise low-code automation platforms give financial services the agility they need to shift and adapt the way they assess, manage and control risk without adding cost and complexity. Front-line workers with little to no coding experience can use low-code to quickly build, test and roll out simple applications that help the business manage dynamic risk. This gives the organization the flexibility they need to respond to changing risk factors and take advantage of emerging opportunities. This ensures code stability and security while reducing tech debt.
For example, a group of major banks used an enterprise low-code automation platform to quickly build a customer-facing app that took in small business loan applications for stimulus programs in the U.S. and U.K. In another example, other companies leveraged low-code to roll out a workplace safety app that helped companies assess the risk of returning to in-person work. Both applications were built, tested and launched in a matter of days (as opposed to months for a traditional development platform), quickly assessed changing risk factors that resulted from the global pandemic and enabled the organizations to move quickly to take advantage of new opportunities.
However, not all enterprise low-code automation platforms are created equal. Here are five factors to look at when considering an enterprise low-code development platform for assessing and managing risk:
Moves at the Speed of Risk
As we know from COVID-19, events and trends that impact risk move fast. It is essential that your low-code automation platform give you the development velocity you need to keep up. Business users need to assess a situation, develop an app, iterate on the fly and show true value quickly. In a world where things can change with little or no warning, speed matters.
A True Enterprise Low-Code Development Platform
Simplicity does not have to mean dumb. Financial institutions need a low-code development platform that increases velocity without sacrificing enterprise-like capabilities, testing, security, reliability and scalability. It should also be future-built — able to embrace advanced automation technologies such as robotic process automation (RPA), artificial intelligence (AI), machine learning (ML) and whatever new technologies evolve.
Cross-System Integration
True agility requires the ability to connect data across systems to automate workflows and streamline processes. Financial institutions need to embrace an enterprise low-code automation platform that allows users to build simple connectors that pull data from siloed systems and data storage and serve it up so users can take meaningful action.
Gorgeous UI
Business users are not developers and likely do not know how to code. With the right low-code automation platform, that should not matter. Users should be able to create applications without requiring CSS, HTML or Java. The developer interface should be intuitive and graphics-based, giving non-coders everything they need to build robust, clean applications.
Handles Data Without Adding Risk
The big debate among developers today is between those who want to build a central, consolidated Golden Record versus those that just want to build connections that pull data between datasets. Your enterprise low-code automation platform should support both methods without adding complexity, cost or risk. Can it copy data and move it elsewhere? Can it reduce out-of-date data? How is data governed? Your enterprise low-code automation platform needs to provide all the benefits of development velocity without all the risks.
The world is changing, and the way financial institutions assess and manage risk needs to evolve with it. Unfortunately, traditional off-the-shelf ERM solutions are ill-equipped to provide organizations with the agility they need to adapt quickly to new risk factors. Enterprise low-code automation platforms can fill that gap by giving business users with little or no coding experience intuitive tools to build simple, single-purpose applications that automate workflows and streamline ERM processes. Building, updating and scaling these applications with little IT overhead enables business agility for financial institutions — making it easier to keep up with dynamic risk factors.
Jay Cherrie is a Global Industry Leader at 
