Banks must undergo a revolution in risk management professionals balancing their roles and operating models, a new report jointly published by EY and the Institute of International Finance (IIF) has revealed.
The ninth annual global bank risk management survey, Accelerating digital transformation: four imperatives for risk management, suggests that boards, senior management, chief risk officers (CROs) and other key executives will have to address four imperatives to stay competitive, maintain trust and successfully achieve their digital transformation ambitions. These include: adapting to a risk environment and risk profile that is changing faster and more intensively than ever, leveraging risk management to enable business transformation and sustained growth, delivering risk management effectively and efficiently, and managing through and recovering from disruptions.
“Risk management will always have a critical role in protecting the franchise,” EY Americas Financial Services Center for Board Matters deputy leader Mark Watson said. “However, now it must take on a trusted advisor role to help enable sustainable growth and inform banks’ digital and technological transformations.
“Risk management has to deploy new technologies across its own activities, which inevitably will necessitate new operating and talent models. Otherwise, risk management will be left behind,” he explained.
Additionally, the study revealed that top resilience concerns of respondents include: overall cyber risks (80%), prolonged IT outages inside the bank’s environment (64%), critical-third-party outages (64%), data availability (41%), IT obsolescence (39%), critical data being destroyed (39%) and financial resilience (32%).
It also highlighted that risk management functions can leverage new technologies much more than they are doing currently. Identified areas for improvement include: fraud surveillance (72%), financial crime (68%), modeling (57%), credit analysis (57%), cybersecurity (57%) and know-your-customer activities (57%).
“Technology enables the risk function to transform but it also raises new challenges around cybersecurity, the use and accessibility of data and operational resilience, on top of broader concerns such as the implementation of new regulatory rules and supervisory expectations,” IIF managing director of regulatory affairs Andrés Portilla noted.
Additionally, the survey showed regional trends including that North American banks place more importance on protecting the firm’s reputation than banks in other regions. African and Middle Eastern banks are more concerned about third-party outages and ransomware, while those in Asia-Pacific are more concerned about business-model viability than others, but less concerned than North American banks about cyber risks, third-party outages and data destruction. Latin American banks most fear cyber risks and IT obsolescence.
Beyond cybersecurity, each region has different top priorities among CROs: credit and liquidity risks in Asia-Pacific (both 58%); risk appetite in Latin America (62%); implementation of new regulations and supervisory expectations in Africa and the Middle East (86%); business-model risk and implementation of new regulations and supervisory expectations in Europe (both 56%) and operational risk (excluding cybersecurity) and risk technology architecture in North America (both 65%).