Risk management functions will have to reinvent themselves and become enablers and drivers of digital transformation. How banks navigate the risks and opportunities presented by technological innovations will dictate their ability to thrive.
The eighth annual global bank risk management survey, conducted by EY in collaboration with the Institute of International Finance (IIF), explores key focus areas and challenges for banks as they move through three distinct phases of a 15-year risk transformation journey.
Three key findings emerged from this year’s survey:
- After fully streamlining structures and processes, banks have to drive digital transformation across the entire firm, from customer to operations.
- Risk management functions must reinvent themselves to become enablers and drivers of innovation and growth, leveraging technology to do so.
- Cybersecurity has overtaken regulatory matters as the top concern of boards and CROs.
A 15-year risk transformation journey is underway
Banks are embracing technology-driven change
As the industry’s digital transformation accelerates, banks will move from exploring to implementing firmwide uses of new technologies in the middle and back office. This will challenge risk functions to change how they monitor banks’ risk profiles and enable innovation, and how they leverage new techniques to be smarter, faster and more cost-effective.
- From operational streamlining to technology-driven transformation, banks are taking action to cut costs, with 83% of banks focused on data analytics over the next three years.
- Plans to leverage new technologies to manage costs are in various states of progression. Digital and mobile infrastructure initiatives are the most advanced, while banks are taking first steps to automation and machine learning.
- As banks reinvent themselves using technology to drive digital change in the future, risk teams expect to do so, too.
Five challenges for banks
As banks transition from the middle to the third phase of the transformation journey, they must navigate five broad challenges.
- Managing emerging risks and increased competition: Broader geopolitical, social and environmental concerns are looming larger, as regulatory fragmentation continues and competition intensifies. FinTechs and major technology companies seek traction in profitable parts of financial services, while banks’ strategic options to deliver 11-15% ROE narrow. Cybersecurity is now clearly the top risk for boards and CROs.
- Leading a digital transformation of risk management: Technology has reshaped customer interfaces, but banks still have to implement new technologies in the middle and back office to drive fundamental change. Risk functions must change how they monitor risk profiles and enable innovation, and become smarter, faster and more cost-effective. New talent in technology and risk will be necessary, but hard to attract.
- Operationalizing three-lines-of-defense models: Operationalization of the three-lines model is necessary to improve the effectiveness and cost-efficiency of risk management. Talent shortages are expected in advanced analytics, model risk and other key areas. Standardization and automation are accelerating, even if broader technology deployments are delayed.
- Managing non-financial risks cost-effectively: Though conduct risk frameworks are in place, there is a long way to go to prove effectiveness and improve cost-efficiency. As risk appetite frameworks evolve, common challenges remain (e.g., expressing appetite for all risk types, cascading appetite to business units). Quantifying non-financial risks (e.g., reputational, strategic and cyber risks) remains difficult.
- Staying resilient and protecting against cyber risks: Banks are rethinking what constitutes operational resiliency. Beyond core competencies (business continuity and disaster recovery), data quality and process-flow mapping need enhancing. In managing cyber risks across the three lines of defense, quantification and reporting are a challenge, even as boards increase oversight. Managing critical vendors more effectively supports operational and cyber-resiliency.
Download the report
EY's Mark Watson on 2018 Global bank risk management survey findings.
2016 bank risk management survey
Banks are halfway into a 15-year risk transformation.
Webcast: risk transformation for banks
We present findings from our eighth annual EY/IIF global bank risk management survey.
An integrated vision to manage cyber risk
Get a close look at the current cyber risk landscape and learn how to best protect your business.
EY Global Banking & Capital Markets Leader
+1 416 943 4554
EY Global Banking & Capital Markets Advisory Leader
+44 20 7951 6189
EY Financial Services, Executive Director
+1 617 305 2217
EY Financial Services, Risk, Partner
+44 207 7197 7317