"[Risk appetite] has become pervasive in the board dialogue." – Summit participant
Since the crisis hit, improving risk management and oversight in financial institutions has been a priority for regulators and banks.
Summit participants agreed that the renewed focus on a more formalized risk discussion has yielded significant benefits. They pointed to tangible improvements in the way management and the board thinks and communicates about risk. But regulators continue to push for improvements, and while progress has been made, success is a moving target.
Is the investment in risk management capabilities enough?
Banks continue to adapt risk appetite statements, refine the mandate and agenda for board and management risk companies, and build out risk management capabilities, including risk teams and information systems.
All of this requires significant investments, and though most bank directors cite marked improvement, questions remain as to how best to focus resources. In the meantime, the economic and market environment continues to challenge risk organizations to identify emerging risks and challenge management and the board to respond accordingly.
Effectively implementing risk appetite frameworks
There are still a number of issues that bank risk organizations are addressing as they implement risk appetite frameworks across huge organizations. For example, despite signs of progress, many banks still struggle to track and report on adherence to risk appetite.
In a recent EY survey 37% of respondents reported a strong ability to do so.
Summit and Bank Governance Leadership Network (BGLN) participants highlighted the following areas of focus regarding the evolution and implementation of risk appetite:
|1 || |
Integrating operational risk issues
|2 || |
Embedding risk appetite in the business
|3 || |
Correlating and aggregating risks across businesses
|4 || |
Linking risk appetite to dynamic capital planning
Bank risk reporting improved, but IT issues prevail
Banks have given significant attention to improving their ability to aggregate and report risk data to management, the board and regulators. Increasingly, however, banks acknowledge the need to address the broader underlying IT investment to better drive information management actions across their organizations.
The demand for companies to quickly produce aggregated risk information, respond to regulatory requests, or better understand risk exposures internally has underscored the need to improve IT systems. For example, some question how banks can make their systems better for the business and meet regulatory needs when the information regulators seek doesn't always align with business priorities.
Summit participants reported that meeting the challenge may require more than piecemeal improvements to risk systems. Banks may need to consider front-to-back, multiyear risk and finance data system improvements to quickly produce aggregated data to effectively serve multiple objectives.
Identify better ways to respond to merging risks
Significant progress has been made in changing the way banks manage and discuss risk issues among management and the board. Risk appetite statements have facilitated more integrated risk and strategy discussions, and provided a platform for communicating about risk throughout the organization. Still, regulators and boards see room for improvement.
As banks are forced to better manage and allocate capital, respond to regulators, and look for opportunities to better manage risk and financial data, boards need to consider the strategic investments required to build competitive advantage. Boards and risk committees must decide how far to invest in risk management and governance and how to determine the right balance between a useful investment in risk management and the costs involved.
Given the work completed and the work ahead, how do directors know how much progress their institutions have really made to better identify, monitor, mitigate and react to risks?
<< Previous | Next >>