Regulatory risk tops risk management agenda

  • Share
  • Regulatory risk is now the top priority for risk managers
  • Reputational concerns have put conduct risk in the spotlight this year
  • Tax risk and cybercrime are the new horizon risks

Singapore, 27 August 2013Regulatory risk is now the top priority for risk managers at major organizations and they expect regulatory scrutiny to become even more intense over the next three years, according to EY’s Risk Management for Asset Management survey.

Gillian Lofts, Head of UK Asset Management at EY, comments: “Risk management is being taken more seriously than ever before, especially the management of regulatory risk. This is not being driven by the regulator alone; in the last year there has been a notable increase in focus on risk management from the leadership, non-executive directors, and the client as well. Non-execs in particular are driving more risk reviews as they look for comfort that the internal and external risk profiles are appropriate.”

Regulatory risk is now the top issue keeping risk managers awake at night …

Seventy-six percent of respondents cited regulatory risk as the top issue keeping them awake at night, up from 67% in 2012. Managers have seen heightened regulatory focus on governance controls and frameworks, especially front office governance controls, as well as investor protection and outsourcing risks. Fifty–six percent of respondents were concerned about managing regulatory expectations around outsourcing risk.

Anthony Kirby, Director of Risk and Regulatory Reform at EY, says: “The front office has been identified as an area which needs more focus and where all stakeholders, be that clients, the board or the regulator, are expecting to see improvements in controls.”

… and the regulatory burden only looks set to increase

Managers expect the regulatory burden of regulation to grow over the next three years – 82% expect cross-jurisdictional complexities to increase; 80% feel that regulatory scrutiny will become more intense and 76% said there would be increased overlap from new regulatory directives.

Anthony says: “Different regulators have different rules and managers need to make some important risk management decisions even although many of the pieces are still moving. For example, managers are will need to decide if they can realistically operate one global governance framework, or if they should employ elements of risk management at a local level as required by the national regulators.”

2013 is the year that conduct risk has come of age

Sixty-three percent of respondents are concerned about the lack of generally agreed frameworks and the reputational consequences of miss-selling.

Anthony comments: “Conduct risk is higher up the agenda than ever before, driven in a large part by the impact getting conduct issues wrong has on managers’ reputations.”

The top threats to a company’s reputation were identified as miss-selling, loss of mandates, or breach of client mandates/regulatory censure or fines. Nine out of ten respondents said their firm was aware of the risks posed by reputational damage and 8 out of 10 said the desire to avoid reputation issues was a key driver for their risk teams. However, while 49% of firms consider that they actively measure reputational risk, just 24% are proactively looking at reputational risk as a separate line and only 19% have methodologies for measuring the likely impact of reputational risk.

Tax risk and cyber-risk are now firmly on the horizon

Tax was cited as a current risk by 38% of firms, and as a key horizon risk by 64% of firms. 2013 also saw a shift away from IT systems and towards data security and cyber-risk, with 49% of respondents now focusing on the cyber threat from a risk function perspective, up from 19% last year.

Some managers see commercial advantage in pushing the boundaries of best practice

Gill concludes: “The stakeholder community for risk management is increasingly demanding and is also now much wider than it used to be. In response a small group of managers are starting to push the boundaries of best practice. They have recognized the commercial and reputational benefits of being seen to have exceptional risk management and are looking at the regulatory regime being brought in for the banks to see if there is anything they can adopt.” 


About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit

This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.