articles | 16 January 2020 | EY Cyprus

EY: Non-financial risks remain significant for banks

Managing risk over the next decade could prove more challenging due to 10 key risk factors, according to the new EY and Institute of International Finance (IIF) bank risk management survey titled, An endurance course: surviving and thriving through 10 major risks over the next decade. The key risks, which started primarily as financial, have evolved into today’s nonfinancial risks, such as cybersecurity, geopolitics and climate change.

  • New study from Ernst & Young LLP and the Institute of International Finance tackles how banks can manage key risks in the next decade

10 key risk factors:

1. Weathering the likely financial downturn 2. Operating in an ever-expanding ecosystem 3. Protecting privacy to maintain trust 4. Fighting a cyber war in banks and across the system 5. Navigating the inevitable industry transition to cloud 6. Industrializing data analytics across the business in a controlled manner 7. Delivering services to customers, clients and markets without disruption 8. Adapting to the effects of fast-shifting geopolitics on banks and their customers 9. Addressing the impact of climate change on banks and society 10. Meeting emerging customer demands for customized, aggregated lifetime offerings

This year’s survey, the 10th, provides a window into what has changed in risk management globally over the past decade, and the major risks over the next decade. Participants included 115 financial institutions from 43 countries.

A decade of progress

Looking back over a decade of surveys, initially the primary objectives for banks managing financial risks focused on capital and liquidity. As governance and regulation models improved, banks have become healthier than they were pre-crisis and, in turn, have been able to de-risk and de-leverage their balance sheets. In the second half of the decade, nonfinancial risks, such as cybersecurity, data, and conduct and culture, came to the fore.

Major challenges over the next decade

According to the findings of the study, among the risks facing banks worldwide is the likelihood of a new economic downturn in the coming months or years. In addition to the challenge of securing and maintaining their financial soundness, banks will also have to deal with a number of complex and significant non-financial risks, such as climate change, the protection and ethical processing of personal data, cyber threats, etc.

Survey highlights:

• One in four banks (23%) rank privacy as a top risk in the next 12 months, and one in two (53%) view privacy as a key emerging risk over the next five years. • Over half (52%) of banks view environmental and climate change matters as a key emerging risk over the next five years, up from just over a third (37%) a year ago. • Four in five (79%) banks have incorporated climate change into their risk management approach. Most (59%) have built it into their scanning of emerging risks, while two in five (41%) have already adopted policies for impacted businesses. • Four in five banks now believe a system-wide, industry-level attack or material event is likely in the next five years — almost a third (29%) view that as very likely. • In general, risk professionals are most concerned about adapting their risk capabilities (60%) and culture (58%) to the industry-wide transition to the cloud. • Risk professionals, regulators and policymakers are very focused on the risks of scaling up artificial intelligence and machine learning technologies. Banks’ risk teams already see challenges in capturing new risks (64%) and getting the right talent to manage the risks (59%). They also see a lack of historical data showing how these models act under different market conditions (54%) and uncertain regulatory expectations (47%) as additional challenges. • Sixty percent of banks view geopolitical risks as a major risk over the next five years. The top geopolitical risks that will impact banks over the next decade are escalating cyber warfare and the China-US relationship (tied at 47%).

Commenting on the survey findings, Savvas Pentaris, Partner and Head of Financial Services Sector of EY Cyprus, said: “Over the past decade, banks throughout the world have worked hard to strengthen their risk management, and this effort has produced tangible results. However, as a financial downturn appears increasingly imminent, banks will be called upon to demonstrate their resilience in practice. This will constitute a major challenge for risk officers throughout the world”.

Charalambos Constantinou, Partner and Head of Advisory Services also mentioned: “Along with traditional risks, banks are now faced with a number of emerging non-financial risks, which will prove equally challenging for risk officers. These include, among others, climate change, privacy issues and cyber threats, as well as the ethical issues raised by new technologies such as AI. These new risks will demand new skills and capabilities on the part of risk managers and their teams and will test banks’ readiness to adapt to a new ecosystem.”

The complete report is available here.


Cooperation Partners
  • Logo for Love Cyprus Deputy Ministry of Tourism
  • Logo for CYFA Cyprus
  • Logo for Invest Cyprus
  • Logo for Cyprus International Businesses Association
  • Logo for Cyprus Chamber of Commerce and Industry
  • Logo for Association of Cyprus Banks
  • Logo for Ministry of Energy, Commerce, Industry and Tourism
  • Logo for Cyprus Shipping Chamber
  • Logo for Cyprus Investment Funds Association