Restoring, rationalising and reinventing risk

The industry has responded with more-conservative business plans, more-focused domestic strategies, the shedding of non-core business and new investments to compete in the digital era.

As a result, risk priorities are also continuing to evolve and the industry has now reached an inflection point in risk management.

Both locally and globally banks are facing a new set of challenges as they move towards the third phase of a 15-year transformation in risk management.

The first is focused on compliance with the global regulatory agenda and the second - and current - phase has focused on compliance, restoring trust in the sector, and the rationalisation of processes as banks migrate towards a more digital environment. The third phase calls for a total reinvention of risk management.

Emerging risk

Risks facing the banking industry in both the short and long terms are changing materially.

Banks are facing risk challenges on a number of fronts – from new regulation, geo-political uncertainty, evolving consumer expectations, intensifying competition and advances in technology.

In this environment, banks will need to prioritise more than ever. An institution’s ability to stay the course with their business strategy, create management bandwidth, embrace digital change, manage regulatory priorities and prepare for a host of emerging risks will be essential.

How effectively banks are able to navigate these risks and opportunities will dictate their ability to continue to compete, grow and thrive in the coming years.

Globally, implementation of new regulatory and supervisory requirements remains a key industry focus. But, other priorities have also started to come to the fore.

According to the eighth annual global bank risk management survey conducted by EY and the Institute of International Finance (IIF), cybersecurity now tops the list of immediate risk concerns for both CROs and Boards.

Three-quarters (77 per cent) of CROs surveyed as part of the study cited cybersecurity as one of the most important risks for the year ahead, an increase of 26 per cent from the 2016 survey.

Also of note this year is the entrance of Risk-technology architecture onto the CRO list, a 23 per cent increase from last year’s survey results.

Locally EY observes increasing focus on ensuring the architecture supporting the risk function is not only compliant with the litany of regulatory requirements, but also enhances risk management across the three lines of defense and enables the business to successfully compete in the digital era.  

The survey also polled participants on emerging risks. Participants identified data-related risks, such as data integrity and availability, as a key area of concern, with the majority of banks (86 per cent) citing it as their top emerging risk over the next five years.

Data could well prove to be a critical success factor both for incumbent banks and non-traditional technology players moving into the industry. Risk leaders recognise data is both a risk and a major opportunity.

Ensuring the confidentiality and integrity of data is paramount and, as more and more data becomes available from a range of sources, risk management functions will need to be able to manage, understand and use it optimally to inform key decisions.

Digital transformation

Both globally and across the Asia-Pacific EY continues to see advancements born out of the technology sector driving change within the banking industry.

Developments in the FinTech arena and changes to the industry construct, such as Open Banking, are fundamentally changing the way the industry operates. Digital transformation of middle and back office functions is accelerating, with many banks either exploring or implementing new capabilities, including the use of new workforce methodologies (such as agile), workforce automation utilising robotics and AI, enhanced data and analytics capabilities and a suite of other new technology capabilities.

There are few banks in the Asia-Pacific region which do not already have substantial active programs exploring and implementing these new capabilities.

These transformations will challenge risk functions to change how they monitor changing risk profiles against the institution’s risk appetite; enabling innovation without compromising regulatory compliance and oversight of the institution’s risk profile.

They will also need to look at how they can leverage new techniques to become faster, smarter and more cost-effective. This evolution will call for different operating models, governance and talent profiles within the risk function.

More than ever, the banking industry needs risk executives who can balance the digital agenda against prudent risk management.

Survey respondents expect new techniques and technologies will drive down costs in risk management, most notably through the use of automation (87 per cent), digitisation (64 per cent), machine learning (59 per cent) and risk models using artificial intelligence (57 per cent).

Respondents also noted concerns relating to the implementation of new technologies to drive digital transformation with cybersecurity (64 per cent), a shortage of IT resources and talent (64 per cent) and cost (52 per cent) topping the list.

Over time risk functions will have to leverage technology to improve risk management and become a leading source of technology innovation in the organisation.

Banks will have to rethink how they manage risks, what risks need to be managed, and what new types of talent will be required.

Doug Nixon is a Financial Services Partner with Ernst & Young Australia. Will De Vere Gould is a Director with Ernst & Young Australia

The views expressed in this article are the views of the author, not Ernst & Young. The article provides general information, does not constitute advice and should not be relied on as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Liability limited by a scheme approved under Professional Standards Legislation.