Cybersecurity, geopolitical risks top financial institutions’ concerns
A Deloitte survey finds that risk managers aren’t confident of their firm’s ability to handle either risk.
A Deloitte survey finds that risk managers aren’t confident of their firm’s ability to handle either risk.
A Deloitte global survey of risk managers at banks and other financial institutions (FIs) finds most aren’t confident of their firms’ effectiveness in managing cybersecurity and geopolitics, two of the biggest risks now facing businesses worldwide.
Deloitte Global’s 10th survey of FIs’ risk management efforts has feedback from 77 financial institutions, representing a range of financial sectors, with aggregate assets of US$13.6 trillion.
The latest survey is issued as talk in the US centres around deregulation, banks being challenged to hold overall costs down, major cybersecurity breaches and a shift to using new technology tools like robotic process automation (RPA) to improve quality and efficiency by automating routine tasks. The report predicts that 2017 may be an inflection point for FIs’ risk management efforts.
“Risk management is becoming even more important today, as financial institutions confront a variety of trends that have introduced greater uncertainty into the future direction of the business and regulatory environment,” said Edward Hida, Deloitte Global risk and capital management leader.
“Risk management programmes will need to not only become more effective and efficient, but also acquire the agility to respond flexibly and nimbly to the next set of demands. This is where I believe the next era of risk management will need to evolve to.”
The survey found 80% or higher of those surveyed rated their institution as extremely or very effective in managing traditional risks like liquidity, underwriting/reserving, credit and investment risk. However, for newer risk types – which often present more challenges – respondents considered their institution to be less effective in areas like cybersecurity (42%), model (40%), third party (37%), data integrity (32%), and geopolitical risks (28%). In the geopolitical risk area, the percentage dropped roughly by half from Deloitte Global’s previous survey in 2014, indicating that this issue has rocketed up risk managers’ radar.
Increasing investment in risk management
While the financial services industry is under pressure to reduce costs as a whole, 44% of respondents expected their institution’s annual spending on risk management to increase by 10% or more over the next two years, including 13% who expected an increase of 25%-plus. These figures are an increase from 2014, when 37% of respondents expected an increase of 10% or more and 9% expected an increase of over 25%.
“I suspect that part of these budgets are being redirected to invest in new, emerging technologies,” said Hida. “Along with technologies like RPA, an emerging trend is for institutions to leverage technologies like cognitive and advanced analytics techniques to identify behavior patterns and predictive analytics to identify emerging risks.”
Additionally, given the pace of regulatory change, 52% of respondents were extremely or very concerned about the ability for risk technology to adapt to changing regulatory requirements.
Among other survey findings:
Even if the recent breakneck pace of new regulatory requirements does not continue, FIs will be well advised to not scale back their risk management programmes, the latest study concludes.
“Whether regulatory change will slow is far from certain,” said Bob Contri, Deloitte Global financial services industry leader. “Many institutions have also found that the new regulatory requirements have created a new normal and a new set of industry expectations. Many will not want to change from this norm.
“The higher capital requirements that have been put in place, for example, have had important implications for the lines of business that institutions choose to enter or exit in an effort to minimise their required capital.”