How to define a risk management strategy using big data
by Tommaso Motta
What is risk management
Every decision a company makes is directly or indirectly correlated to carrying risks that fall into two main categories: unpredictable events (reactions of the market to the introduction of a new product, reactions of competitors to a development of a new technology…) or predictable events (launch of a product prior to a customer poll on probability of them buying said product). The main difference between said categories is the amount of information of the event; in an unpredictable event we ignore the chances of it happening, while in a predictable one it is reasonable to assume it will happen with some degree of certainty (in that case we can identify a probability of happening). The ultimate goal of risk management is nonetheless to reduce or nullify costs and risks associated with decisions, which can imply a loss of money for the business or its permanently closure, depending on the grade of the risk involved.
Risk management process
The standard process of a risk management plan follows 5 steps plus a pre-stage, which is establishing the context the business is put in and so define the structure of the analysis and the criteria used to evaluate risks. After that we proceed with the:
- Risk identification. The company identifies and defines potential risks that may negatively influence a specific company process or project.
- Risk analysis. Once specific types of risk are identified, the company then determines the odds of them occurring, as well as their consequences. The goal of risk analysis is to further understand each specific instance of risk, and how it could influence the company’s projects and objectives.
- Risk assessment and evaluation. Where each risk is evaluated or ranked by determining the risk magnitude, which is the combination of likelihood and consequence. A decision is made if the risk is considered acceptable and if not, treatment is warranted.
- Risk mitigation. During this step, companies assess their highest-ranked risks and develop a plan to alleviate them using specific risk controls. These plans include risk mitigation processes, risk prevention tactics and contingency plans in the event the risk comes to fruition.
- Risk monitoring. Part of the mitigation plan includes following up on both the risks and the overall plan to continuously monitor and track new and existing risks. The overall risk management process should also be reviewed and updated accordingly.
Risk management approaches
Having identified the company’s specific risks and implemented a risk management process, the next step is identifying the type of approach the company can undertake, depending to the grade of risk it is willing to take, the options are:
- Risk avoidance, which does not mean eliminating all risks, which is impossible to do, but to reduce as much as possible its negative implications and effects, while still making decisions.
- Risk reduction, the more complex a certain process or project is, the more risks it carries, therefore this strategy aims at cutting unnecessary parts in order to lessen the grade of risk that specific process has, even by reducing its scope.
- Risk sharing, in some cases, the risks are distributed among several participants or business factions, which means that decisions are made not only by one person (i.e. project manager), but by a group or even by two different organizations
- Risk retaining, the last case is when after a cost-benefit analysis, taking the risk is considered worth from a business point of view, and so any potential consequence is studied in order to be prepared and, when it shows, it is tackled in time.
What is Big Data and types of Big Data
Big Data is a term used to describe a huge amount of data that during time grow exponentially; in other terms Big Data is a type of data that cannot be processed and managed with traditional data management tools. Characteristics that define Big Data are:
- Volume – as the name suggests, when we talk about Big Data we take in consideration only data with huge size (or volume), which therefore are more valuable since they carry more information
- Velocity – intended as the speed of generation of data and deliver to business processes, networks and social media
- Variety – referring to data being extremely variable in terms of nature (photos, videos, texts…)
Big Data can be found in three forms:
- Structured – is a type of data in which the format is well known in advance, so that it can be stored, accessed, and processed in one single format.
- Unstructured – is a type of data whose form or structure is unclear or diverse. A typical example is a pool of heterogeneous data source containing a combination of text files, video, photos, etc. This type of data poses more problems for the company trying to utilize them, since deriving value is harder, due to being obliged to standardize the format first, and then analyse the data.
- Semi-structured – is a type of data that can contain both the forms of data. Example of semi-structured data is a data represented in an XML file.
How Big Data can be assimilated into risk management
While evaluating risks, it is necessary to have the most information possible, hence being able to deal with Big Data and especially to extract systematically the right information from databases, results in a deeper understanding of the risk and thus having a better risk management. In the fintech industry, Big Data identifies opportunities for emerging technologies that can provide efficient and sustainable financial services. The major key to using big data in financial risk management is having a powerful risk prediction model, which grants faster response times, more extensive risk coverage and extensive cost savings.
Applications of Big Data in Risk Management
There are several ways that Big Data can be used to transform the security systems for an organization. The applications include:
- Credit management, credit is a high risk that has the potential to paralyze the operation of a business. As such, it is compliant to manage the risk by analysing Big Data to determine the previous economic history of the organization, in order to spot possible economic misuse within the organization. Recognising the importance of this field, FinScience has dedicated a lot of effort in creating practical tools that could be used in assessing credit scores. The results speak for themselves: when comparing the standard method of assessing a credit score, only 15-16 variables are extrapolated, and mainly from standard financial statements; the Datrix method, based on machine learning algorithms that are constantly reviewed on the other hand not only provides more than 1400 variables only from standard sources (balance sheets), but also integrates such variables with alternative data extracted daily, in order to give the customer the greater picture possible.
- Fraud prevention, the use of predictive analysis is an excellent way of detecting money laundering and other fraudulent activities, thanks to the large volume of data which is obtained from different sources which guarantee close monitoring of activities in different platforms. This increases the probability of detecting plans to engage in fraud before it happens.
- Detecting churn rate, intended as the metrics to measure the probability of losing your clients to a competitor. When monitoring the behaviour of your clients, through the use of social media among others, it is easy to notice discontentment and complaints which will directly influence the decision-making process, and, if all the issues are addressed correctly, it will lead to improved customer satisfaction, reduced churn rate, and enhanced overall productivity
- Adapt to change, a good business is one which can react to change and adjust its plans according to market conditions and one that can mitigate risks: being armed with information is crucial to evaluate adequate business program and react quickly to changing market conditions.
The basic difference between a standard risk management process, and one which is deeply influenced by Big Data is surely the different amount of data available and ready to be processed, but also the freshness of such data. Utilizing alternative scores, for example FinSciences’, grants that data are collected continuously, from very different sources, in a dynamic way, while on the other hand we only have data within a certain moment (that corresponds, mostly, to the day the financial statement has been drawn up). Moreover, having a better-quality information is essential in risk management processes, therefore FinScience has opted to divide the risk factors into three brackets:
- Digital risk factor, measure the digital presence of a company or sector on the basis of different variables such as distribution through e-commerce, update rate, analysis of customer reviews…
- Geographical risk factor, evaluates the demographic impact of the area in which the company is located (based for example on seismic risk or hydrogeological).
- Social vulnerability risk factor, measures the feelings of current crisis or inconvenience emerging of a geographical area or of a specific sector. It has been used during the Covid-19 outbreak to analyse the economic impact of the crisis.