Less than half of the financial institutions surveyed (49%) have incorporated risk-management responsibilities, either in whole or in part, into the performance goals and compensation decisions for senior management, according to a biennial global survey released by Deloitte.
“The past two years have demonstrated the need for enhanced risk management capabilities at financial institutions, and the challenging times that undoubtedly lie ahead make it an even greater priority,” said Edward Hida, the editor of the report and a partner with Deloitte & Touche’s banking & securities team. “It has also helped to reiterate a basic risk management principle: risk and return are generally correlated and should be evaluated together. One of the biggest areas in need of review is how to infuse risk management into performance objectives and business decisions.”
Among the survey’s other major findings:
- Only 36% of the institutions surveyed had an enterprise risk management (ERM) programme, although another 23% were in the process of creating one. Even among institutions with US$100bn or more in assets, a little more than half (58%) had an ERM programme already in place.
- Regulators have been encouraging financial institutions to independently validate their risk-related models to ensure they can reliably assess the likelihood and magnitude of potential risks. While 53% of the participating institutions indicated having an independent model validation function, over two-thirds of the remaining respondents reported having no plans to create such a function.
- Roughly 80% of the institutions employed stress tests for their banking and trading books, although 58% reported performing stress tests of their structured product exposures. Among institutions that conducted stress tests of their structured product exposures, only 17% conducted them daily, while two-thirds conducted these tests quarterly or less often.
- Roughly half of the executives were extremely or very satisfied with the capabilities of their risk systems to provide the information needed to manage market and credit risk. In other areas, such as liquidity risk and operational risk, only 40% or fewer provided ratings this high.