Collaboration across the industry will be key to tackling the risks we’ll be presented with over the next 50 years. Here, senior risk professionals consider the transformative opportunities that lie ahead, how to deal with the immediate risks of climate change, ways to maintain customer trust – and why companies must run two races simultaneously.
The risk landscape will alter unrecognisably over the next 50 years. Transformative opportunities and technological innovations will gather pace and present different types of risks. This means financial institutions and organisations will need the right tools, strategies and skills to continue to build and maintain operational resilience.
So, what’s coming next from a risk perspective, and what are the steps we should be taking sooner rather than later?
New technologies will be a game changer
The pace of technological change will only continue to accelerate in the next few decades. “The slowest day you'll ever have is today,” says Kerry Thomson, Head of Risk and Compliance for Thomson Reuters.
Artificial intelligence will continue to impact how we operate and build business efficiencies, as well as resilience.
“AI will be one of the big game changers in how we innovate and protect ourselves,” says Matt Burns, Technology, Cyber and Data Risk Director, Lloyds Banking Group. “AI will help scale problem solving, build trust into customer journeys, and manage risk to what will be an even more rapidly changing ecosystem. To realise this future there will be an ever-increasing need in people that understand, build, can communicate and reason with AI, to harness and protect these systems, and humanity.”
This includes simplified coding technology, such as low-code platforms, which offer ease of use to non-developers, “at high speed and accuracy with secure and ‘resilient by default’ guardrails, including automated testing,“ he says.
Sam Samaratunga, Global Head of Risk Services at PwC, also highlights the impact of AI. “The landscape of continued change and disruption will only increase,” he says.
“The biggest risk is that organisations are not able to keep pace with the rate of change. For example, Generative AI is already augmenting human decision making, most recently characterised by the rise of ChatGPT. Ensuring that AI can be used safely, reliably, and in a way that enables businesses to move forward will be important. Data privacy and concerns over inherent bias will be big challenges and central to the debate over the use of AI.”
These new technologies will also offer opportunities to analyse ever-growing volumes of data far more quickly.
So far, so positive – but what about the risks? Problem-solving through quantum computing, for example, presents huge possibilities, but there are cost, stability and usability hurdles, as well as data security risks.
According to Swift Chief Risk Officer David Woerndl, “Quantum computing has the theoretical ability to break any of the widely utilised encryption methods that we have today.” In the wrong hands, a brute force attack could compromise sensitive data, he suggests.
Thomson also believes that risk functions will be increasingly led by predictive analytics, though expects questions to be raised over trust and ethics. “It is a risk if we rely too much on data and lose that human judgment of what feels right.”
It is a risk if we rely too much on data and lose that human judgment of what feels right.
There will be broader risks across the value chain
For Burns, part of the ecosystem that supports payments and information will become decentralised, for both infrastructure and the players that make up the end-to-end value chain. It will become even more data-driven with capabilities to model potential scenarios and address new risks in real time.
This risk intelligence could help optimise businesses’ digital resilience, cost decisions and trade-offs. However, regulators will have to regularly test the ecosystem against systematic operational resilience scenarios – even on an international scale.
Burns also thinks that large-scale misinformation could lead to widespread questioning of the information we are accessing, and even distort society's view of reality.
“Imagine a world in which we can't trust the things that we read, or where cyberattacks render the internet mistrusted and unusable,” he adds. One solution could even be governments joining together to create secure and high-trust segments of the internet, reserved for transactions and supported by ‘zero-trust’ architecture principles.
In the meantime, though, we need to consider how interactions between new technologies, such as AI, quantum computing and machine learning, can be used in a responsible way. The increasingly sophisticated methods of cyber attackers could change the face of cyber risk. And with tech and devices increasingly connected, this will open up more potential entry points.
The role and risk of shadow banking
For Burns, accepting shadow banking as part of the ecosystem will enhance and even direct FI-customer relations.
“It’s about finding value between organisations, and how this can help the customer make the most of the money, time and interactions they have. And the banks that don't do that will fail, because customers will not transact through their value chain and find a better journey.”
Samaratunga also says these new players will continue to force and drive innovation, removing historic barriers, but believes they should be more strongly controlled.
“There may be more opportunity for unscrupulous organisations that are cutting corners, without the consumer being aware. This is one of the downsides of these platforms, of not knowing what is and isn’t reliable,” he says.
Woerndl agrees that without better regulation this sector could breed more systematic risk, where it may be difficult to make an assessment due to lack of transparency.
The customer will be in the data driving seat
Customers and organisations will have higher expectations when it comes to more choice, quicker decisions and speedier information – including always-on, 24/7 services and transactions.
For Burns, we can harness technology to build trust into customer transactions, so users feel confident and trusting of the customer journey. Organisations will continue to acquire data, but a balance will need to be struck with the increased risk of data misuse. This may lead to people taking back control of their data, with a growing focus on data ethics and keeping data safe.
“It will become a consumer priority that companies will compete on: ‘I don’t need as much of your data to do the same job’. Government intervention could act alongside regulators to give control back to the consumer,” he says. With that, improved user interfaces should shift the power balance to the consumer, who will make informed choices based on clear information that’s designed to be in their best interests.
“The biggest consideration over the next decade is helping your customers to trust you, that what you are doing will help them to make the best decisions,” says Thomson.
The biggest consideration over the next decade is helping your customers to trust you, so that what you are doing will help them to make the best decisions,
“Big data and powerful data analytics provide a whole raft of opportunities,” says Woerndl. “I've heard it said that data is ‘the new gold’.” But this new asset presents a significant risk for data security and privacy concerns, and we must look at how we protect those assets from targeted attacks, he adds.
I've heard it said that ‘data is the new gold’. Big data and powerful data analytics provide a whole raft of opportunities,
Regulation must adapt and work towards greater consistency
“These changes also affect the way regulation happens and what needs to be regulated,” says Samaratunga. For example, regulators can harness data analytics and new tools to highlight potential problem areas to act on.
We will also need to start working towards a uniformity and consistency of regulation across jurisdictions, where currently different nations take varying stances on how risk-averse they are. For Thomson, we should move towards global regulatory standards and frameworks. We will have global digital identities and interconnectedness; we can no longer work solely on a national level.
Without improved international cooperation to mitigate these risks, Burns predicts possible destabilising operational resilience events from malicious state actors. He says there may even need to be a tipping point such as damage to markets to force a united, global response.
The climate crisis: an existential risk
Climate change and its many associated risks will be impossible for any organisation or financial institution to ignore in the coming decades.
“In 50 years, climate change will have immediate impacts for the majority of the globe,” says Burns. “A fight for natural resources will affect our trade and our supply chains, which will lead to government strategies around diversification of how we acquire the things we need to survive,” he adds. As a result, we must find ways to optimise how resourceful we are.
Over half of the world’s GDP is moderately or highly dependent on nature and its services.1 This, says Woerndl, makes it imperative that companies are clear on how climate change affects their supply chain and business models.
“Thinking about those risks in advance and modelling how you take it forward is going to be important,” he adds. He also sees many opportunities for financial services transitioning to a low- carbon economy, such as running energy-intensive data centres in a more efficient way.
Confronting risk in a time of rapid change
Investing in people and processes will be key to managing risk in times of change. “People have to be at the centre of strategies, focusing on the purpose, the work/life deal, and the chance of continuous personal and professional skills growth.”
If we thought that keeping our workforce current with the trends and skills they needed in the last 20 years was hard, the next 50 years is going to be even more challenging,” says Burns.
If we thought that keeping our workforce current with the trends and skills they needed in the last 20 years was hard, the next 50 years is going to be even more challenging,
For Samaratunga, organisations must be more progressive in the way they look at risk, because adapting to change will be more important than ever. “Companies that don’t innovate or change to meet the demands of customers will simply cease to function anymore,” he remarks.
Companies that don’t innovate or change to meet the demands of customers will simply cease to function anymore,
This means running two races simultaneously, he says. “Looking after your customers and systems today, alongside planning for the changes and disruptions of the future.”
The views expressed on these pages are those of the authors and/or the institution they represent, and not necessarly those of Swift.
