Cybersecurity, geopolitical risks top financial institutions’ concerns

A Deloitte global survey of risk managers at banks and other financial institutions (FIs) finds most aren’t confident of their firms’ effectiveness in managing cybersecurity and geopolitics, two of the biggest risks now facing businesses worldwide.

Deloitte Global’s 10^th survey of FIs’ risk management efforts has feedback from 77 financial institutions, representing a range of financial sectors, with aggregate assets of US$13.6 trillion.

The latest survey is issued as talk in the US centres around deregulation, banks being challenged to hold overall costs down, major cybersecurity breaches and a shift to using new technology tools like robotic process automation (RPA) to improve quality and efficiency by automating routine tasks. The report predicts that 2017 may be an inflection point for FIs’ risk management efforts.

“Risk management is becoming even more important today, as financial institutions confront a variety of trends that have introduced greater uncertainty into the future direction of the business and regulatory environment,” said Edward Hida, Deloitte Global risk and capital management leader.

“Risk management programmes will need to not only become more effective and efficient, but also acquire the agility to respond flexibly and nimbly to the next set of demands. This is where I believe the next era of risk management will need to evolve to.”

The survey found 80% or higher of those surveyed rated their institution as extremely or very effective in managing traditional risks like liquidity, underwriting/reserving, credit and investment risk. However, for newer risk types – which often present more challenges – respondents considered their institution to be less effective in areas like cybersecurity (42%), model (40%), third party (37%), data integrity (32%), and geopolitical risks (28%). In the geopolitical risk area, the percentage dropped roughly by half from Deloitte Global’s previous survey in 2014, indicating that this issue has rocketed up risk managers’ radar.

Increasing investment in risk management

While the financial services industry is under pressure to reduce costs as a whole, 44% of respondents expected their institution’s annual spending on risk management to increase by 10% or more over the next two years, including 13% who expected an increase of 25%-plus. These figures are an increase from 2014, when 37% of respondents expected an increase of 10% or more and 9% expected an increase of over 25%.

“I suspect that part of these budgets are being redirected to invest in new, emerging technologies,” said Hida. “Along with technologies like RPA, an emerging trend is for institutions to leverage technologies like cognitive and advanced analytics techniques to identify behavior patterns and predictive analytics to identify emerging risks.”

Additionally, given the pace of regulatory change, 52% of respondents were extremely or very concerned about the ability for risk technology to adapt to changing regulatory requirements.

Among other survey findings:

• Geopolitical risk: Risk managers were asked about how proposals in some countries to renegotiate trade agreements (which can be an influencer to that country’s economic prospects) were likely to impact the risks facing their institutions. Respondents were divided, with 48% expecting that the risks facing their institution would increase, while 49% thought these proposals would have no impact. Executives in Europe were most likely to expect increased risk: 68% expected that risks would increase, including 16% who thought they would increase significantly.

• The two biggest issues in stress tests: Several qualitative issues in capital stress testing were rated as being extremely or very challenging, including capital stress-testing IT platforms (66%) and data quality and management for capital stress-testing calculations (52%).

• The battle for risk management talent: Seventy percent of respondents said attracting and retaining risk management professionals with required skillswould be an extremely or very high priority for their institution over the next two years, while 54% said the same about attracting and retaining business unit professionals with required risk management skills. Since cybersecurity is a growing concern across all industries, the competition is especially intense for professionals with expertise in this area.

• Time for IT systems modernisation?: Roughly half of respondents were either extremely or very concerned about several issues related to IT systems including legacy systems and antiquated architecture or end-of-life systems (51%), inability to respond to time sensitive and ad-hoc requests (49%),lack of flexibility to extend the current systems (48%), and lack of integration among systems (44%).

• Culture challenges remain: While regulators around the world have recently placed greater focus on the important role that culture plays in effective risk management, work remains to be done on this front. According to those surveyed, board oversight activities at many financial institutions did not include helping establish and embed the risk culture of the enterprise (67%) or review incentive compensation plans to consider alignment of risks with rewards(55%).

• Credit risk gets harder to gauge: With relatively weak economic conditions in many markets around the world, managing credit risk is a significant challenge for FIs. When asked how challenging it would be to manage credit risk over the next two years, the areas most often considered to be extremely or very challenging were collateral valuation (38%), commercial real estate (33%), unsecured credit (33%), and mortgages/home equity lines of credit (30%)

Even if the recent breakneck pace of new regulatory requirements does not continue, FIs will be well advised to not scale back their risk management programmes, the latest study concludes.

“Whether regulatory change will slow is far from certain,” said Bob Contri, Deloitte Global financial services industry leader. “Many institutions have also found that the new regulatory requirements have created a new normal and a new set of industry expectations. Many will not want to change from this norm.

“The higher capital requirements that have been put in place, for example, have had important implications for the lines of business that institutions choose to enter or exit in an effort to minimise their required capital.”

Comments are closed.