7 Key Actions for the Data-Driven Chief Risk Officer

Leadership StrategiesSustainabilityLegal, Risk, and Compliance OfficersExecutive Search
Article Icon Article
Ellen Yaffe
October 26, 2020
7 min read
Leadership StrategiesSustainabilityLegal, Risk, and Compliance OfficersExecutive Search
Data-driven chief risk officers can take 7 key actions to create significant impact across their organization and the wider risk ecosystem.

Data is increasingly important to the risk function

COVID-19 has accelerated the need to ensure that risk functions are flexible, agile, and adaptable. While this trend was well under way before the crisis began, the need to understand how we use data and analytics to inform decision making is, in a rapidly evolving environment, an operational imperative. Digital and data analytics are fundamental in allowing organizations to react in uncertain circumstances and more stringent regulatory environments. Chief risk officers need to be sufficiently “digitally fluent” to understand the options available to them and provide the necessary insights and advice to their organizations.

However, data and analytics are not “silver bullets.” Their application requires careful thought and planning: asking the right questions is often harder than getting the right answers. As is the case for many senior leaders, knowing where to start when approaching the topic of data and analytics in the risk function can be daunting, especially with COVID-19 placing more constraints on time and resources.

Through many conversations with senior leaders across risk and data, Russell Reynolds Associates has created a set of seven key actions for chief risk officers who are considering their organization’s use of data. These actions are by no means exhaustive, but they form a solid platform from which a chief risk officer can build a more rigorous data strategy—creating significant impact across their organization and the wider risk ecosystem.

Actions for data-driven chief risk officers

01. Understanding data challenges – “sweating the small stuff”

02. Challenge data sources – look beyond the model

03. Metadata – uncover its many uses in risk

04. Data standards – get to grips with the challenges

05. Boardroom – manage data expectations in decision making

06. Risk ecosystem – take the lead in data convergence

07. Regulatory factors – engage with the regulator on risk data

Understanding data challenges – “sweating the small stuff”

For senior executives with broad and complex portfolios, it is important to understand how their organization deals with simple data tasks. This allows them to learn where biases may arise during work, or how incorrect data interpretation can negatively influence decision making.

Something as straightforward as quantifying a customer base comes with several questions. For instance, it’s easy to assume that deceased clients should not be counted, but for some purposes (e.g., KYC) their estates will continue to be materially important. The reason behind a query can have a significant impact on the final answer.

Internally, basic questions like company headcount highlight major challenges. For example - does an organization count contractors? How are temporary staff accounted for?

Understanding the “simple” data challenges provides the foundation for a chief risk officer looking to tackle more complex issues. Data capability and risk data strategy need to be constantly reviewed, taking a back-to-basics approach rather than getting caught up solely in sophisticated or exciting new modelling techniques.

CRO action - understand the ways in which your organization deals with basic data challenges, and use this to develop a data strategy for the complex issues

Challenge data sources - look beyond the model

As digital acceleration increases and the world continues to move to online channels, businesses have been inundated with additional data, creating new opportunities. However, this also comes with added risk as more complex models are built.

This is compounded when novel, often un-validated data sources are used. During the COVID-19 crisis, businesses have sought additional information such as R-numbers per country or hospital bed vacancy rates. The blending of new and old methodologies in these cases can result in serious distortions, which—left unchecked—can critically damage modelling efforts and the advice management receives.

It is therefore critical to constantly challenge data sources—to ask the tough questions about data’s provenance, including the assumptions made when cleaning, refining, and augmenting the data. This is especially the case where data has been provided by an external partner and is not immediately available in a raw format.

Stripping back convoluted models to understand the data behind output reports can reveal “hidden simplicity”: ways in which redundant or untrustworthy data can be eliminated, leaving fewer, more manageable sources.

CRO action - commit to looking beyond "impressive" models and dig into where the data has been sourced: take nothing for granted

Metadata – uncover its many uses in risk

One of the most often-overlooked sources of information is metadata—that is, the information sitting on top of data which records its origin, including for example author notes and timestamps.

In the fields of risk, compliance and financial crime, elements as simple as timestamps on accounting software entries can be critical in determining trustworthiness. This is true even for sets of data that might not be used as primary sources. Credit decisions can be greatly augmented by, for example, the longevity of a business’s social media presence versus its claimed pedigree—even if data from the social media presence itself is not used.

CRO action - explore the additional axis of metadata and develop its deployment - even where the primary data source might not be directly used.

Data standards – get to grips with the challenges

Significant portions of the data ecosystem, including the applications of advanced data techniques—such as AI/ML— are severely hampered in many areas by a lack of clear standards.

In some fields, this problem has been exacerbated in recent years. There are now, for example, thousands of separate ESG indices, many giving wildly different views on the same businesses. Without clear data standards, consistent definitions, metadata taxonomy and validation rules organizations will have to exercise caution in how they use and interpret this data.

In many cases, the absence of this standardization can lead to accidental inaccuracy or even deliberate manipulation. In credit decisioning, for example, a lack of clarity around the definition of key indicators—such as marital status— can lead to inaccuracy or “gaming of the system”.

This issue is further complicated by the increased deployment of AI and ML, where the use of badly standardized data can jeopardize the validity and application of these techniques in decision making.

There is light at the end of the tunnel, though—we may only be a few years away from the end of the “wild west era of data.” As bodies such as (in ESG) the Sustainability Accounting Standards Board create more rigorous methodologies, we will begin to see a more systematic approach to the way in which emerging data sources are generated and classified.

CRO action - exercise caution with the definitions assigned to data, continuously improve internal standards and be an advocate for ongoing reviews.

Boardroom – manage data expectations in decision making

Boards are increasingly engaged in the ways in which organizations collect and use data—particularly as it relates to risk management and the uncertainty of the environment.

This can lead to potential confusion, frustration and in some cases misunderstanding with regards to novel data sources: this has been heightened during COVID-19 when methodologies are constantly evaluated and re-evaluated, and generated data can appear to fluctuate significantly on an almost daily basis.

Familiarizing boards with these challenges—helping them understand how data is gathered and used—is critical to allowing them to cut through the noise and fulfil their oversight and governance function.

As a key executive in the long-term growth and stability of the business, the chief risk officer has a critical part to play in ensuring that boards understand the ways in which threats are mitigated and informed decisions are taken; this is even more critical in the often-misunderstood area of data strategy.

CRO action - play a key role in managing board expectations of the risk function's sources/uses of data and emerging technology. Be clear on limitations.

Risk ecosystem – take the lead in data convergence

Data is the bedrock from which decisions are made. Creating a single source of truth is essential for effective decision making, while minimizing the creation of inconsistent data sets.

It is entirely plausible, for instance, that an organization’s risk, compliance and financial crime functions might use overlapping sources of data—and yet generate, refine and use them independently from each other, with different outcomes for business units.

This is not only inefficient, but it can create varying views of reality across a business that can lead to inconsistent decision-making. It is therefore imperative that this work is unified as far as possible, allowing functions to add value to one another’s data sets and take consistent action based on the same inputs. As a general rule, data sources should be centralized, allowing different business units and functions to conduct their own analytics using consistent information.

As a business owner of the “risk ecosystem”, the chief risk officer can be a decisive force for unifying company-wide efforts and creating better, more efficient outcomes.

CRO action - see data cross-functionally: take the lead in looking for efficiencies and synergies with processes in all areas that overlap with risk.

Regulatory factors – engage with the regulator on risk data

As with any method by which companies make decisions, regulators take a deep interest in data collected, stored and used by businesses.

Tensions can be created when the data that regulators seek do not align with the data used by businesses in a practical sense. For example, many financial regulators require firms to provide historical data on recovery costs, sometimes stretching back multiple decades, into territory where data may be recorded in completely different formats and with different metrics.

This apparently unnecessary burden creates multiple frustrations, not least of which is the difficulty in convincing commercial business units of the need to provide seemingly useless data to regulatory bodies. Worse still, these frustrations can bleed over into other areas of data strategy.

As a key element of any company’s engagement with relevant regulatory bodies, the chief risk officer should be a powerful advocate for advising and lobbying regulators on a more productive approach - a role which also plays a critical part in aligning “data-skeptical” internal functions with the value of a consistent commercial data strategy.

CRO action - engage with regulators over what data is meaningful to the health of an organization. Help them understand the provision of risk data, maintaining open dialogue on the ways in which data is used. 

The chief risk officer has the potential to be a key data strategy asset

As data becomes more and more fundamental to the role of the risk function, the pressure on the chief risk officer to play their part will only increase.

By taking the decisive steps outlined above, chief risk officers can be better prepared to add more value to the protective, mitigating and reputational aspects of their role, as well as to the commercial growth of their firm, as we continue to navigate the uncertainties of a global pandemic, emerging recession and high unemployment.

As with any change in the way that businesses operate, the proliferation of data into risk presents a myriad of dangers as well as opportunities. A chief risk officer that can adeptly grasp both will be an invaluable asset to any organization for the foreseeable future.