Consultancy of the Year: EY
EY offers comprehensive approach to measuring and managing emerging risks
A global systemically important bank (G-Sib) recently called on EY’s operational risk team with a giant regulatory headache: how to route more than 35,000 regulatory obligations to the correct lines of business without exhausting its internal resources.
EY designed and implemented a machine-learning algorithm that executed the process based on the obligation’s text and metadata, allowing the client to complete the process in half the time as before. EY then helped it to develop a broader regulatory change-management operating model.
Its ability to pull together regulatory, information technology and compliance skills is an example of the interdisciplinary approach that led Risk.net’s judges to give EY the OpRisk Consultancy of the Year award. Judges cited the firm’s ability to work across operational risk silos, creating measures and policies that allow its clients to make effective decisions about increasingly interconnected but disparate risks.
EY’s Risk Practice covers compliance, reputational, vendor, information technology, security/privacy, cyber and business continuity/resiliency risks. From an operational risk perspective, it has excelled at helping clients who manage these things in different silos – for example, cyber in technology and vendor in procurement – to work across them, especially for new or rapidly evolving challenges, such as artificial intelligence’s (AI) increasing impact on compliance and model risks.
AI used in retail marketing efforts, for instance, needs to be monitored carefully to ensure it does not lead to unfair biases in retail business lines, which could involve huge reputational risks of the sort that are not easily quantifiable in dollar terms. Finding a way to integrate this meaningfully into a company-wide operational risk assessment requires developing appropriate metrics that can be compared across exposures.
There’s always a new risk, but the most pressing question for our clients is how to organise themselves to align their risk and compliance organisations
Daniel McKinney, EY
“The risk of being labelled an unfair lender is hard to put a figure on, but it can be devastating to the business,” says Daniel McKinney, partner in financial services at EY.
“There’s always a new risk, but the most pressing question for our clients is how to organise themselves to align their risk and compliance organisations,” he says. “Then you add in vendor, cyber, privacy, and other functions that might all measure and manage their risks in different ways.”
This manifests as a problem when these constituencies see different risks measured in different ways as senior management can find it difficult to prioritise and address them, McKinney observes. Finding a tractable common metric and strategy can be a challenge, especially when some of a client’s operational risk objectives or methods clash.
For example, poor collaboration between the fraud and cyber security groups can lead to control vulnerabilities and gaps that can be exploited by sophisticated attacks, he says. Uncovering fraud often requires information sharing, but that is inimical to comprehensive cyber security initiatives, which typically segregate data to minimise loss in the event of a breach.
Comprehensive approach
To achieve an integrated approach, EY offers strategy and operating model design, such as end-to-end risk strategy design integrated into business strategy, and process redesign and enhancement. The latter involves assessing risk management frameworks and standards, developing a target state and helping to implement it.
One judge said he was very impressed with EY’s comprehensive approach to evaluating and optimising operational resiliency. One example is the work EY did for a G-Sib that sought to understand its ability to recover and sustain key operations during an extended outage of key systems. Unlike standard stress tests, this exercise examined the client’s operational resiliency comprehensively regarding factors that affected clients, counterparties and internal processes.
EY arranged a two-day simulation that brought together more than 400 participants, including senior executive leadership, from all lines of businesses and corporate functions globally. EY’s subject-matter advisers across various disciplines reviewed and challenged the strategies and assumptions discussed during the exercise. The firm then evaluated the results against leading industry practices and regulatory expectations to identify potential areas of improvement.
The simulation considered a range of possibilities. For example, it ran a scenario where the client lost connectivity to its offshoring locations for several days, which could have a significant systemic impact due to the status of the bank.
McKinney notes: “We were challenging the whole firm’s resilience to an extreme event to see how the recovery strategy performed, down to the level of who would do what.”
Another hot-button issue is how to risk-manage the increasing use of cloud resources for data storage and, in some cases, processing. EY completed a project for a US insurance company that highlighted the challenges of cloud strategy development and risk management. It assessed technology risk, security, and third-party, legal and compliance issues.
Cloud risk analysis can start with a pre-existing model, but the area is still novel and evolving so quickly that these assessments have to be highly tailored. EY’s ability to draw on its cyber, technology, data and analytics expertise proved a strong differentiator, and allowed it to deliver an actionable evaluation and strategy.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Awards
Environmental products house of the year: ENGIE
ENGIE is driving change in energy transition, with a strong focus on renewable energy and the liberalisation of power markets in Apac, which presents significant long-term growth opportunities. In recognition of its efforts, ENGIE GEMS has been named…
Natural gas/LNG house of the year: ENGIE
ENGIE continues to expand its services to better serve firms in Apac dealing with the challenges of energy risk management and supply
FRTB management solution of the year: Bloomberg
Amid the diverging timeframes and complex requirements of FRTB, Bloomberg offers a consistent, comprehensive and customisable solution for Apac banks preparing for implementation
Newcomer of the year: Topaz Technology
Jon Fox and former colleagues formed Topaz Technology in 2015. Having seen many different systems and, in some cases, written and built a few themselves, there was always something missing, leading them to build a system that unifies risk reporting and…
Technology vendor of the year: Murex
As a technology vendor, Murex places adaptability front and centre of everything it does, constantly enriching its MX.3 platform to ensure institutions can respond to new market opportunities as soon as they spot them
Currency derivatives house of the year: Deutsche Bank
Asia Risk Awards 2024
Interest rate derivatives house of the year: Standard Chartered Bank
Asia Risk Awards 2024
Derivatives house of the year, Taiwan: CTBC Bank
Asia Risk Awards 2024