Transforming banking for resilience and growth


Immediate and long-term threats demand changes in strategy


The confluence of continuously emerging competitive threats from lending institutions large and small — coupled with increased cyber threats, recent market disruption, and lingering economic and regulatory pressures — is forcing banking institutions to reconsider where they fit in the commercial and consumer banking market.


Additionally, the confluence of these stressors forces an inward look at what must be done to ensure a resilient future — one that delivers improved awareness around governance and all-around elimination of blind spots and unwanted risk. All together, these external forces are increasingly making banks and other regulated lending institutions choose between adapting their strategy for long-term success or maintaining the status quo and having their future dictated by external events and internal dynamics, both known and unknown.


If the choice is to adapt, institutions must shift away from their conventional thinking, replacing the unsustainable processes that identify and address threats reactively as they emerge.  


Instead, we suggest a shift in focus to a transformation journey with a lens on maturing the business to improve resilience, serve customers, protect capital and reduce unwanted surprises. This pivot in strategic focus requires a fit-for-purpose “transformation playbook” aligned with strategic planning and able to dynamically pivot at critical points. The playbook also needs to offer a dynamic and agile means to help the organization maintain near real-time monitoring without losing the 360-degree view of all the other priorities that also matter in times of crisis.


“A well-structured transformation operating model can help to combat the ‘tyranny of the urgent’ within an organization, particularly driven by regulatory compliance matters,” said Graham Tasman, Principal and Banking Industry Practice Leader for Grant Thornton LLP. “Considering the accountable constituencies in a banking institution — the risk function under the chief risk officer, the chief credit officer, the chief compliance officer, the CFO, chief information security officer and others — everybody has something they’re focused on, but each of those stakeholders isn’t accountable for the totality of desired outcomes. Even with internal audit’s role to call out sufficiency at a comprehensive level, that is different from the determination of ‘how’ on response. There needs to be one overarching, command-and-control view of what matters at all times.”


For example, when Silicon Valley Bank (SVB) failed and was placed into receivership by the FDIC back in March, the bank was certainly dealing with many external and internal pressures. In the end, SVB may not have had the right focus on what absolutely mattered in that moment, which was not just the shoring up of the balance sheet, but in acknowledging and managing the real possibility that had never before occurred in this digital age of banking — that there could be a social media-fueled run on deposits leading to an outflow of $42 billion in just a few hours. 


We’ve seen other financial distress cycles and crises going back decades, each with added controls and structures meant to address the issues and once-and-for-all fix systemic problems, only to find out in the next crisis that something was still missed.


How do we build stability in the system to prevent the next disruption?


We believe that the answer lies with the “How,” and not with the “What.” Specifically, ”How” an institution manages its transformational journey to become a leader (in any dimension one chooses to define it) determines its future resilience given current stressors and future unknowns.


“Banking institutions have more internal complexities than ever, and naturally, the more processes any one person or entity has to manage, the more likely a failure point could occur along the way,” said Yvette Connor, Principal for Strategic Risk Advisory for Grant Thornton.


For the purposes of this discussion, we have summarized an idealized transformational journey. This journey addresses the steps by which banks and other regulated lending institutions must elevate the key dimensions of risk as part of their strategy. This elevation is important to structure the ever-increasing complexity and requires taking a hard, introspective look at the business in terms of how to mitigate identifiable risks today and build resilience for the long term.


Beginning with the overarching challenges banks and other lenders face, we create an inventory of the main sources of notable transformation risks. The idea is to logically group risks into a workable structure that can be aggregated and monitored — and synchronized with integrated views allowing for ease of understanding, assessment, and monitoring for both leaders and boards alike.


A typical list of risks areas might include the following:

  • Shifting customer demand. Customers continue to demand more mobile, untethered services. Left unaddressed, this will adversely affect growth.
  • Customer segmentation. Segmenting of customer behaviors is becoming more complex. Without a clear understanding of customer nuances, there is undue risk across the loan book.
  • Digital competition. Challenger competition in the form of digital services is outmoding conventional thinking on platforms and operating models, creating market positioning risk.
  • Organizational agility. Speed to execution, lessons learned, and overall differentiation are essential to maintain relevance in the market with customers, without which the top line is at risk.
  • Innovation and development. Use cases to design and deploy a stickier client experience are key to avoid deposit flight.
  • Network spread. The expansion of a lender's business network creates exponential new risks to manage around cyberrisk and brand risk related to network business failure.
  • Compliance. Ever-increasing regulation is driving up the cost of compliance, requiring innovative options to reduce operational compliance risks.
  • IT infrastructure. The cost of IT infrastructure and the resource requirements to support it is driving more services into the cloud to achieve efficiencies but doing so presents new operational risks.
  • Confidentiality, integrity and availability of data. The threat of cyberrisk and related operating risks no longer seems a matter of “if” but “when,” so not having a plan for resilience leaves the institution always in jeopardy of an adverse event.
  • Macro-economic stressors. Market risks are forcing a renewed focus on effective balance sheet planning, capital adequacy, liquidity and improved asset liability management, as we saw in the most recent disruption cycle.



Achieving a sustainable advantage


With an inventory of known risk sources, institutions still need a way to structure and catalogue them to effectively guide their execution strategy. We propose doing so by determining outcome levers — essentially knowing all the levers affecting a business so blind spots don’t emerge. Institutions also need a reliable way to achieve change in a deliberate fashion. We see this second requirement as an ongoing “transformation” journey. Let’s explore each of these in more detail:


Ensuring a 360-degree command-and-control framework exists. Banking executives and supporting leadership must have confidence that even unforeseen future risks are covered by a framework that enables the right attention to all aspects of their business. The banking sector disruption that occurred in March 2023 suggests a plausible root cause around an insufficient focus on a key source of risk that historically would have been known, but perhaps was underemphasized due to greater attention placed on other critical areas.


Having an execution roadmap to ensure continuous improvement. Transformation and change on any measurable dimension is not a one-time or point-in-time effort, but something to be actively managed with structured inputs and dynamic control of resources, investments, and priorities. The roadmap must easily reveal status and progress in all aspects of the business.


In a conventional way of thinking, these two critical requirements offer lending institutions a sustainable advantage. However, it is notable that these two requirements are not generally encapsulated in any one specific function or role. Rather these requirements are customarily federated, i.e., they are spread across a number of key internal governance and stakeholder groups. “We sacrifice our ‘single pane of glass’ for overly federated governance frameworks and operating models, and often let our governance, risk, and compliance technology dictate our risk lenses and perspective, versus leveraging our technology to gain intrinsic efficiencies and aggregated truths,” Connor said.


As such, we see the result is an overly siloed governance construct, with no clear unifying locus of command and control on execution. We argue this dysfunction can be traced to many of the problems we see in financial services institutions today. Saying this another way — there is too much complexity, and we are complex in the wrong ways.


Instead, we believe that with dedicated focus and governance around these interests, including a new role and structure whose sole purpose is to address this perceived governance and execution gap, banks and other regulated lending institutions can better achieve desired outcomes.


“The key here is to be able to have the intestinal fortitude, good hygiene and fitness to be able to weather the next challenge and continue along with the right execution approach with a reliable transformation operating model and roadmap that projects out into the future,” Tasman said.




Transformation approach

Before we explore what this transformation role looks like, let us circle back on the identification of the key and actionable outcomes enabling a comprehensive, complete framework — including structuring a transformational journey to achieve resilience and market leadership.


The graphic below depicts the model that outlines our six key sources of risk (and desired outcomes) for achieving a resilient advantage. At the center of the model is the seventh source of risk — execution risk — with the desired outcome being the successful transformation journey captured in a transformation roadmap.

Show image description -->

This graphic shows how six key sources of risk and desired outcomes can affect achievement of a resilient advantage. At the center of the model is the seventh source of risk, which is execution risk, with a desired outcome of a successful transformation journey captured in a transformation roadmap. The six other key sources of risk are: Drive to a minimal risk profile; maximally hedge market risk; minimize operations risk; elevate culture journey; neutralize conduct risk; and build and strengthen sustainable customer experience.


Again, reinforcing the interest to simplify complexity with more structure — the goal of segmenting desired risk areas by groups — enables comprehensive coverage on the outcomes that matter most to the organization. We also have mapped each source of risk to the uniform interagency CAMELS rating system so we can be certain that the way we focus on transforming an institution will conform to how a bank regulator will review an institution’s fitness and compliance. (The numbering scheme provides a reference to how a regulator would progress through an assessment.) 


While each of these seven sources of risk and desired outcomes can be expanded to show their related capabilities, enablers, differentiators, and risk and control factors, we show here in the following graphic the one that is central to effective execution — managing execution risk with a transformation roadmap. We believe this is the overarching source of risk that customarily is missed when we see trouble within institutions and when market shocks create broader disruption. The outcome desired in managing execution risk is success in building and having the operating structure to manage the transformation roadmap (the transformation journey). Even more broadly, the effort to manage execution risk is what links all other desired outcomes, and thus requires an effective target operating model that includes a Transformation Management Office (TMO) dedicated to leading the transformation roadmap efforts.


“A successful transformation program will position leadership to take deliberate action and maintain thoughtful control of their destiny,” Tasman said. “Institutions will be able to absorb the pressures that inevitably come from future events and be better equipped to react in a way that’s strategic.”

Show image description -->

This graphic shows how the three pillars of a transformation roadmap (capabilities, enablers, and risk and control) help an organization manage execution risk.





Executing the transformation roadmap


How does one embark on a transformational journey and what are the steps involved? While there is no one right way, we believe the graphic and order outlined here represent leading practices, namely:

  1. Finding your starting point
  2. Blueprinting the future
  3. Identifying the right-fit transformation model
  4. Identifying leverageable assets that will optimize a program launch
  5. Drafting the initial transformation roadmap
  6. Incorporating the roadmap into a fully realized TMO to drive continuous updates

Show image description -->

This graphic shows how to embark on a transformation journey by 1. Finding your starting point; 2. blueprinting the future; 3. identifying the right-fit transformation model; 4. identifying leverageable assets that will optimize a program launch; 5. Drafting the initial transformation roadmap; and 6. incorporating the roadmap into a fully realized TMO to drive continuous updates.


Steps 1 and 2 are part of traditional transformation programs typically led by internal teams with additional support from advisory and consulting service firms to obtain a clear understanding of the current state and establish an institution’s future-state aspirations. Steps 3, 4 and 5 are then conducted with varying degrees of focus and success, often executed in a perfunctory manner without sufficient planning and focus to ensure the right execution launch. We believe the most important outcomes emerge in Step 6, which is key to enabling sustainability, but this is often the step that is deprioritized after launch, or worse, simply ignored.


The next article in this series will delve deeper into each of these steps to uncover more insights on building a transformation roadmap and positioning for success. For now, we encourage institutions grappling with the “tyranny of the urgent” to spend some time thinking about their own key sources of risk and the desired outcomes they would hope to achieve without being constrained at this stage by resources and time. We believe our model here suffices in most cases. Additionally, institutions should look introspectively to see what rudiments of a TMO structure may exist, or if not at all, to begin thinking about building a TMO structure into their target operating model.   




Our banking featured industry insights