Risk management and digitisation

Sonjai Kumar investigates the role of digitisation in risk management, and the challenges the risk management space is addressing through digitisation.

Risk is inherent in every business, because future uncertainty may put objectives in jeopardy. A slight deviation from meeting business objectives may be acceptable, but a significant departure could be catastrophic to a business. Thus, it is essential to assess the expected deviation level and plan for mitigating actions, which is central to risk management. Risk management practices reduce earnings volatility and surprises, optimise capital efficiency, add shareholder value, help in better decision-making, and more.    

This article is about the role of digitisation in risk management. So first, let’s look at some of the challenges in risk management addressed through digitisation.

Challenges in risk management

For most business failures across the world, key drivers include the failure of risk identification when risk is approaching the business. A recent example is COVID 19, where many organisations did not react quickly enough when COVID-19 struck in early December 2019 and in January 2020. Also, during the 2008 Global Financial Crisis (GFC), businesses ignored initial signals of risks. However, in general, risk doesn’t appear suddenly, and early warning signals can inform decision makers. Therefore, to succeed in risk management, one must spot the risks and seek to identify their correlations.

For example, liquidity risk may arise in a bank due to an increase in credit risk. Similarly, under term insurance products, the portfolio’s mortality experience may worsen due to the rise in the lapse rate of healthy lives. It is also essential to keep an eye on emerging risks, as the signals of such risks are often quite weak and the speed of the risk emergence may catch the organisation on the back foot.

Risk identification is often a manual process in many organisations. The manual method requires a systematic thinking process to approach risk identification. Otherwise, risks may be missed. The challenge in the manual process is that the data is often analysed too late, resulting in risks crystallising.

In organisations where risk culture is not well developed, employees may be in denial mode when risks are highlighted to them; a common mindset is ‘it won’t affect us’, and many of the actual risks are left unattended and unmitigated. Such organisations can be considered to lack a ‘what if’ mindset.

Organisations also face challenges when data is scattered, lacking a unified and comprehensive view to assessing risks correctly and completely. For example, during COVID-19, some insurance companies depended on exclusion clauses in the policies that the pandemic would not be not covered. Different governments made decisions that affected these exclusions and there were also issues with the policy wording of some exclusions. This lead to unintended claims  exposures that had not been considered in the product pricing. priced.

The correlation of risks is another area that requires the risk function and the Chief Risk Officer’s (CRO) attention. A big shock in a system sends ripples in different economic areas along with non-financial risk areas that directly impact the financial institution.

The risk function needs to re-assess the company’s risk profile due to such events and raise the risks with management and the Board for corrective action. Such is possible when the risk function has an automated system that can re-assess the risks in the wake of such events. Therefore, the availability of an integrated risk information system in one place is critical to assess the risks, draw correlations and make real-time risk-based decisions and recommendations for action.

How digitisation can help in averting some of these challenges

Digitisation is a way forward in managing some of the key challenges that an organisation faces in the effective management of risks. Organisations require an integrated risk information system that can provide all risk information at the risk managers’ fingertips. This will help slice and dice the risks, understand the materiality of risk, and correlate between them. This also helps identify critical sources of risks which is a breeding ground for various threats.

For example, adverse economic activity is a source of interest rate risk; a sound information system monitors economic activity that help in advance spotting the interest rate risk. A new trend is observed where organisations have started integrating publicly available data from websites to their own databases, helping in more competitive pricing of products, early determination of risks, analysing market trends, taking competitive advantage, and making more informed and effective risk based decisions.

The availability of the digital tool helps in automating the collection of data from public websites to input into their data system. In this way, risk can be identified in an automatic way. Because of the automation of risk identification, some of the personal human biases in risk identification processes also can be reduced.

Organisations are integrating data science, data analytics, predictive modeling, big data, artificial intelligence (AI), the ‘internet of things’ (IoT), and cloud computing in making risk-based decisions. Such analysis helps in getting more knowledge about customers’ demands of products, pricing, analysing competitive trends, predicting risk, and so on. For example, big data is a collection of structured or unstructured data that exists in huge volumes. Many of  the traditional data management tools cannot store or process it efficiently. This helps in understanding the customer behaviours, more significant customer insights, identification of trends, quantification of risks and helps understanding correlation between risks.

Machine learning (ML) is the study of a computer program that improves automatically through experience and prediction based on an algorithm. AI refers to the simulation of human intelligence in machines programmed to think like humans and mimic their actions. Application is on an increasing trend in helping prediction and fore-warning of emerging risks. For example, in the aviation sector, ML and AI are being used to predict the possibility of accidents.

IoT is a system of interrelated devices, internet-connected objects, mechanical and digital machines, smartphones, wearables, etc., that can collect and transfer data over a wireless network without human-to-human or human-to-computer interaction. As a result, it can automate processes, reduce labor cost, reduce waste, and improve service delivery, thereby reducing the cost of the product. The possibilities for the application of IoT in the insurance industry is immense like data transfer for health insurance, motor insurance, and life insurance.

Cloud computing is external computing and storage capacities that enable flexible access to pooled computing resources such as networks, servers, storage capacities, or applications. Applications like data storage, servers, databases, networking, and software. Benefits include reduced fixed IT costs by eliminating the capital expenditure of buying hardware and software and setting up and running on-site datacenters, cost of electricity and cooling, the IT experts for managing the infrastructure, etc.


Many of the challenges raised above, such as risk identification which is the first step of risk management can be addressed through digitisation, where inferences can be drawn from the data analysis. For example, falling economic activity could indicate an increase in the inflation rate or a change in the interest rate that may impact the financial institution.  Emerging risks can be better identified and addressed through data analytics. ML and AI are used in many areas for predictive purposes. The challenges of correlation of risks can also be addressed through digital devices as the calculation of correlations would be easier with available data that can be plugged into predictive models for achieving better results. Human biases or human opinions can also be reduced by using digital technology, as comprehensive data should provide better evidence about the emergence of risks. However, it is essential to use human judgment to conclude the results because a blind trust in models can be dangerous, as seen during the GFC with some investment modelling.

Such data integration will also address the scattered data that the organisation may have. Overall, the adoption of digital technology will help organisation in the management of risk, save costs and increase the value of the organisation.

CPD: Actuaries Institute Members can claim two CPD points for every hour of reading articles on Actuaries Digital.