Risk management functions within financial services organizations are primarily concerned with cybersecurity and data-related risks at their firms, according to the EY and Institute of International Finance (IIF) eighth annual global bank risk management survey of Chief Risk Officers (CROs): Restore, rationalize and reinvent: a fundamental shift in the way banks manage risk.
Cybersecurity has surged as a concern with respondents, with 77% claiming it is one of the most important risks over the next year, a 22% increase since the 2015 survey. In addition, a majority of the banks surveyed (86%) cited data-related risks (availability, integrity, etc.) as a top emerging risk over the next five years.
Tom Campanile, Partner, Financial Services Office, Ernst & Young LLP, says:
“Banks have reached an inflection point in risk management. How banks navigate emerging risks and opportunities presented by technological innovations will dictate their ability to thrive over the next decade. Risk leaders recognize that data is both a risk and a major opportunity. Being able to manage multiple challenges and changes simultaneously will distinguish leaders in the industry, especially as cyber threats and digital disruption continue to impact banks globally.”
Respondents noted that with ever-present cyber threats and digital disruption taking place, risk and compliance functions are prioritizing key tasks. The top critical roles within risk and compliance functions are: helping to identify risks and align strategic efforts with risk tolerance (71%), offering guidance on laws and regulations that could be interpreted as relevant to new technologies, products or services (49%) and providing review and approval prior to product launch (47%).
Andrés Portilla, Managing Director of the Regulatory Affairs Department at IIF, says:
“CROs and anyone who works in the risk function have to be much closer to the business lines with a more proactive mindset. Banks depend on people to implement, maintain and protect systems and data. Data will help identify and address emerging risks as well as inform strategic and everyday decisions. But data itself is also a source of risk, either from a data protection, integrity or fraud perspective, and risk managers have a key role to play in keeping a balance between leveraging the new technologies as much as possible within their organizations and keeping the associated risks within their risk appetite.”
Banks are embracing new technologies such as blockchain, robotic process automation (RPA), chatbots and more. Survey respondents expect new techniques and technologies will drive down costs in risk management, notably through the use of automation (87%), digitization (64%), machine learning (59%) and risk models using artificial intelligence (AI) (57%). When it comes to implementing new technologies to drive digital transformation, the top three concerns of respondents are cybersecurity and shortage of IT resources/talent (both 64%) and also, cost (52%).
Savvas Pentaris, Head of Financial Services, EY Cyprus, says:
“Cybersecurity and data-related risks are at the top of the CRO’s agenda. These risks have become omnipresent and complex in nature requiring significant time and resources. Risk leaders must quickly identify emerging risks, leverage technology to improve risk management, and focus on generating new opportunities for innovation through these disruptions and data vulnerabilities. Banks able to exploit these challenges and successfully manage risks will thrive over the coming decades.”
For further information, view the report at ey.com/bankingrisk and follow EY on Twitter: @EY_Banking.