Managing risk over the next decade could prove more challenging due to 10 key risk factors, according to the new Ernst & Young LLP (EY US) and Institute of International Finance (IIF) bank risk management survey titled, An endurance course: surviving and thriving through 10 major risks over the next decade.
The risks (shown below), which started primarily as financial, have evolved into today’s nonfinancial risks, such as cybersecurity, geopolitics and climate change.
10 key risk factors:
1. Weathering the likely financial downturn
2. Operating in an ever-expanding ecosystem
3. Protecting privacy to maintain trust
4. Fighting a cyber war in banks and across the system
5. Navigating the inevitable industry transition to cloud
6. Industrializing data analytics across the business in a controlled manner
7. Delivering services to customers, clients and markets without disruption
8. Adapting to the effects of fast-shifting geopolitics on banks and their customers
9. Addressing the impact of climate change on banks and society
10. Meeting emerging customer demands for customized, aggregated lifetime offerings
This year’s survey, the 10th, provides a window into what has changed in risk management globally over the past decade, and the major risks over the next decade. Participants included 115 financial institutions from 43 countries.
A decade of progress
Looking back over a decade of surveys, initially the primary objectives for banks managing financial risks focused on capital and liquidity. As governance and regulation models improved, banks have become healthier than they were pre-crisis and, in turn, have been able to de-risk and de-leverage their balance sheets.
In the second half of the decade, nonfinancial risks, such as cybersecurity, data, and conduct and culture, came to the fore. “Banks are in a far better position today than a decade ago in the management and governance of risks,” said Mark Watson, Managing Director, Ernst & Young LLP, and EY Americas Financial Services Organization Board Matters Deputy Leader.
“Banks still have significant opportunities to simplify their risk management approach and get to a truly integrated view of risk across the firm. It is important for banks to become much more efficient in managing risks, using innovative new approaches and improved data analytics.”
10 major challenges over the next decade
“In the next decade, banks will face 10 major risks that test the ability to survive and thrive,” said Watson. Chief among the risks impacting banks globally is the intense growing conversation around a potential new economic downturn.
“A financial downturn of some kind seems likely to occur in the next few months or years,” Watson said. “Chief risk officers and their teams will have to demonstrate they can guide the bank in the management of risks and exposures well before banks have to access their capital and liquidity backstops. This will test the stature and influence of risk professionals across all banks.”
Aside from remaining financially strong, banks will have to manage a set of demanding, complicated and significant nonfinancial risks in the future.
“Banks now face an array of difficult issues — climate change, privacy, systemic cyber threats and more. Each risk by itself will be challenging, but together they will test banks’ long-term viability,” said Watson.
“Globally, banks have greatly strengthened their risk management over the past decade, and that has made the industry safer and more resilient,” said Andres Portilla, Managing Director for Regulatory Affairs at the IFF.
“Banks now have to focus on a number of major risks that, if anything, will become even more important over the next decade, including cybersecurity, operational resilience, and ethical use and privacy of data.”
- One in four banks (23%) rank privacy as a top risk in the next 12 months, and one in two (53%) view privacy as a key emerging risk over the next five years.
- Over half (52%) of banks view environmental and climate change matters as a key emerging risk over the next five years, up from just over a third (37%) a year ago.
- Four in five (79%) banks have incorporated climate change into their risk management approach. Most (59%) have built it into their scanning of emerging risks, while two in five (41%) have already adopted policies for impacted businesses.
- Four in five banks now believe a system-wide, industry-level attack or material event is likely in the next five years — almost a third (29%) view that as very likely.
- In general, risk professionals are most concerned about adapting their risk capabilities (60%) and culture (58%) to the industry-wide transition to the cloud.
- Risk professionals, regulators and policymakers are very focused on the risks of scaling up artificial intelligence and machine learning technologies. Banks’ risk teams already see challenges in capturing new risks (64%) and getting the right talent to manage the risks (59%). They also see a lack of historical data showing how these models act under different market conditions (54%) and uncertain regulatory expectations (47%) as additional challenges.
- Sixty percent of banks view geopolitical risks as a major risk over the next five years. The top geopolitical risks that will impact banks over the next decade are escalating cyber warfare and the China-US relationship (tied at 47%).
The complete report is available at ey.com/bankingrisk.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/