What Skills Will Risk Managers Need in 2028?


s risk managers reflect on the industry’s evolutionary development and contemplate the fundamental questions of “where did we come from” and “where are we going,” it is prudent to consider historical industry dynamics and anticipate future industry trends to compose the skill profile of the next decade’s agile risk manager.

  • 1988
  • 1998
  • 2008
  • 2018
  • 2028
A risk manager in 1988 was likely to have attended a general training program in order to provide a strong background of an institution’s departments. The talent management focus was likely to be developing “Jacks and Jills of all trades” with expertise across a myriad of areas such as (but not limited to) consultative selling, legal documentation, credit underwriting, negotiations, financial accounting, etc. The use of rudimentary spreadsheet technology was increasingly expected with information technology skills starting to emerge as a career differentiator. Lines of defense were often less established and, in many cases, the role of origination and underwriting in financial institutions may have fallen under the purview of the same person.
By 1998, risk managers were forced to become increasingly adept with leveraging information technology. Complex spreadsheets significantly increased the analytical power of bankers. The use of spreadsheet macro tools represented the first foray into light automation and concepts such as Monte Carlo Simulations became mainstream. Data interpretation became an increasingly important skill. General management programs were either discontinued or reduced to 6–12 week rapid indoctrination programs as a result of cost cutting. Risk roles started to become more specialized. Having a global understanding of markets and trade became critical, even for domestic risk managers, given the increased globalization of trade and impacts of the Mexican peso, Russian ruble, and Thai baht crises.
Approaching 2008, risk managers had to increase their technical sophistication in order to provide oversight of burgeoning products as the financialization of the economy rapidly increased. The crossover of historically consumer products into wholesale packaging (residential mortgage-backed securities) required increasingly broader product knowledge. Risk managers were forced to develop better early warning indicators; however, many of these were ignored or were based on too-rosy assumptions (housing prices can never decline 50%). Risk managers developed more robust concentration limit frameworks and top-of-company hedging tools, but those investments were typically isolated to larger institutions. Sarbanes-Oxley (SOX) requirements placed a heavy emphasis on risk managers migrating from spreadsheet tools to enterprise applications. Enterprise-wide stress testing was a growing domain, but had yet to accelerate across the industry until the publication of the Dodd-Frank requirements.

By 2018, the lessons of the financial crisis still remain in the memories of many risk managers who have expanded their risk awareness beyond the classic domains, and rapidly growing coverage areas for technology/cyber, reputational, third party, counterparty, and strategic risks have become the norm. The role of the risk manager in overseeing stress testing processes is now a widespread and critical element of the post-recession landscape. The development and use of early warning indicators is easier with technological advancements, and risk managers need to have increased comfort with bot-based algorithms and light automation. The enhanced focus on data quality and governance requires risk managers to be a key influencer of related teams like information technology. Risk managers are also becoming increasingly comfortable with behavioral-based scoring models and using their own data to provide better predictive rates for certain portfolios. Similarly, the “RegTech” automation of compliance and other related processes continue to accelerate, allowing risk managers to focus on interpreting data versus inputting rote information in areas such as BSA/AML. Expectations for risk management’s challenge of business practices has also expanded the mindset and requirements of risk teammates beyond the typical expectations.

With this historical context in mind, let’s look ahead to the challenges, opportunities, and desired skillsets of the risk manager in the next decade.

Looking ahead to 2028, expect artificial intelligence to come of age. Over the next several years, risk managers will have to navigate A.I’s toddler years to ensure processes are working correctly and there is no adverse customer impact from a rogue algorithm. The ability to provide effective challenge and oversight on A.I.-based systems will require risk managers to develop more comfort with skills such as software coding (risk managers may not be expected to write code, but understanding the risks and opportunities relative to coding will be important). Similarly, behavioral-based scoring and decisioning will become the new normal with risk managers needing to identify micro risks (and opportunities) in massive data pools. Commercial loan origination is likely to be significantly automated—a human may or may not be a part of the final decision.

For regulated platforms, expectations of rapid responses to regulatory change management will increase, requiring hyper-agile operational processes. Cyber threats will hasten, and it is not practical for a bank to assume it will go unscathed. Cyber criminals will eventually have access to quantum computing power, requiring risk managers to ensure technology risk oversight is as strong as possible. Instead of picking specific virtual currency winners and losers, assume that the concept of a digital currency is one that will be more mainstream (with the appropriate regulatory oversight) and factoring that adoption into operational processes will be a key consideration.

As block chain technology sweeps through the industry, risk managers will need to be facile with the technology from both a user and oversight perspective (for example, could car titles exchange digitally via block chain?). With a large number of baby boomer risk managers retired from the industry by 2028, partially digital Generation Xers will represent the bank elders, but will need to coach the fully digital millennials and Generation Z/post-millennial teammates in new and innovative ways.

Artificial intelligence will bring a paradigm shift to the way humans and businesses operate and interact in the next decade. The field of risk management will be no exception. The successful risk manager of the future must be equipped to manage this rapid change and increased automation, while continuing to add value to the human elements within our control.