.png)
Risk analytics is the effort of researching an organization's data to identify trends and events within user activities that are impacting the company’s business or financial performance. Often the outcome of this research is criteria for which actions the company should take in relation to its users’ activity.
What is risk analytics?
Fintechs and financial institutions face all kinds of risks, from technology evolution to cybersecurity attacks, human resource complexities, market impact, and much more. All of these need mitigating in their own ways. But when we talk about risk analytics specifically, we mean something much more precise.
Risk analytics is the effort of researching an organization's data to identify trends and events within user activities that are impacting the company’s business or financial performance. Often the outcome of this research is criteria for which actions the company should take in relation to its users’ activity.
There’s a lot to unpack here. In this piece, we’ll ground the conversation by highlighting some key points that are fundamental, but not always well understood.
Risk analytics touches the entire user journey
It’s common for people to associate risk analytics strongly with the points in a user journey where funds are moving around. That is, of course, the most obviously risky part of the process, and the place where it’s most clearly important for the company to have protections in place.
In reality, risk analytics is relevant for every possible step in the user journey. Sign up, login, changing account information, completing multi-factor authentication, and so on, are all important touchpoints for both detecting risk - meaning, they’re good places to put flags in case something suspicious happens - and for gathering valuable data about your users’ habits and normal behaviors.
It’s equally important to note, in the same vein, that multiple types of risk may fall under the purview of a single risk department or leader. Fraud prevention, credit adjustment, transaction monitoring, and business enablement are all very different types of activity, when looked at from the user perspective. From the organizational perspective, however, all of these different types of activity carry risk which can be analyzed, understood and mitigated by the same kind of analytical investigation and resulting recommendations.
“The biggest risk is not taking any risk”
Risk management professionals do sometimes run the risk of being perceived as the naysayer in the room because it is, after all, their job to identify the potential dangers that are inherent to an idea being suggested.
It’s important to bear in mind, when we’re laying the groundwork for understanding risk analytics, that part of the point of analysis is to enable the company to make the right decisions that balance risk and benefit.
Ideally you would want to be able to identify every possible risk. But even in that ideal world, you wouldn’t want to act to prevent every single risk. Sometimes, on balance, you may decide that the risk is low enough to be worth taking. When that’s the case changes depending on the company’s situation and priorities, and may also be impacted in important ways by what type of action and user is involved.
Working with a spectrum of options
There’s a wide spectrum of options to employ when you have identified risk and do advise some form of action from the organization’s side.
You may, of course, choose to decline or block or freeze something outright. However, you may decide to hold funds temporarily, while you undertake further investigation. You may bring multi-factor authentication (MFA) into the picture to increase your confidence in the identity behind the clicks. (Bear in mind that MFA is itself a potential vector for risk, and as such must fit into your landscape of analysis.)
Moreover, it’s important to widen your scope beyond the immediate action and data of the moment. You can draw on past activities of this specific user to pattern match for normalcy, and you can draw on general patterns of behavior of your users, particularly those of a similar profile, to see if this current behavior appears relatively typical.
The systems you set up for risk analytics must reflect all of these factors, and be able to draw on all of this data and more not only in making in the moment decisions, but also in understanding the broader picture of the risk tapestry of your business.
Risk analytics is ultimately about recommendations
It’s easy to get lost down the rabbit hole of risk analytics. There always seems to be more to find out, more connections to make. That investigative fervor is a powerful force. At the end of the day, though, the idea of risk analytics is to enable the team or individual to provide recommendations for how the trends and events within user activities that are impacting the company’s performance can be improved, by adjusting the actions taken by the company at different points in the users interaction with the company.
In other words, it’s data insights that are not only well-grounded, but actionable.
There are three main categories of recommendation you or your team might be looking to make. We’ll explore these in depth in a future article, but for now, it’s important to understand the main categories:
- Action. This can be thought of as playing into your company’s decision strategy. Effectively, the focus is on creating logics that dictate which actions the company will take at different points in the user’s “journey.”
- These logics might be anywhere from very simple to very complex, but regardless the point is that they can be followed in a structured manner - either coded or turned into instructions for an operations team.
- Monitoring. This can be thought of as tracking what’s actually happening, both on the ground right now and in the context of more general unfolding or typical trends.
- The actionable aspect of monitoring is to flag the things that are worth further attention, and make sure that they are appropriately prioritized.
- Business research. This can be thought of as a way in which risk analytics is embedded into the work of the broader organization.
- For example, the risk management team might be collaborating with departments such as product, marketing, sales or business operations to help them identify new or impactful trends, give feedback on changes or new projects, find problems and so on.
Risk analytics: A holistic area
From this introductory outline, it’s already clear that risk analytics is not something that can be viewed through a narrow lens. It both draws on and potentially impacts the entire user journey, needs to take into account not only the information of the moment but also past activity, including that of other users, ties into both direct risk concerns and many other areas of the business, and is inherently enmeshed with broad company goals and priorities.
We’ll dive into specific areas of risk analytics in future articles. For now, if you’d like to see how we might be able to be of help to you, or just chat about anything in this piece and how it relates to your work - contact us.
We’d love to chat. We’d love to help.
