The better the question. The better the answer. The better the world works. У вас есть вопрос? У нас есть ответ. Решая сложные задачи бизнеса, мы улучшаем мир. У вас є запитання? У нас є відповідь. Вирішуючи складні завдання бізнесу, ми змінюємо світ на краще. Meilleure la question, meilleure la réponse. Pour un monde meilleur. 問題越好。答案越好。商業世界越美好。 问题越好。答案越好。商业世界越美好。

Eighth annual EY/IIF bank risk management survey

Restore, rationalize and reinvent

A fundamental shift in the way banks manage risk

Risk management functions will have to reinvent themselves and become enablers and drivers of digital transformation. How banks navigate the risks and opportunities presented by technological innovations will dictate their ability to thrive.

The eighth annual global bank risk management survey, conducted by EY in collaboration with the Institute of International Finance (IIF), explores key focus areas and challenges for banks as they move through three distinct phases of a 15-year risk transformation journey.

Three key findings emerged from this year’s survey:

  • After fully streamlining structures and processes, banks have to drive digital transformation across the entire firm, from customer to operations.
  • Risk management functions must reinvent themselves to become enablers and drivers of innovation and growth, leveraging technology to do so.
  • Cybersecurity has overtaken regulatory matters as the top concern of boards and CROs.

A 15-year risk transformation journey is underway

EY - Risk transformation journey

Banks are embracing technology-driven change

As the industry’s digital transformation accelerates, banks will move from exploring to implementing firmwide uses of new technologies in the middle and back office. This will challenge risk functions to change how they monitor banks’ risk profiles and enable innovation, and how they leverage new techniques to be smarter, faster and more cost-effective.

  • From operational streamlining to technology-driven transformation, banks are taking action to cut costs, with 83% of banks focused on data analytics over the next three years.
  • Plans to leverage new technologies to manage costs are in various states of progression. Digital and mobile infrastructure initiatives are the most advanced, while banks are taking first steps to automation and machine learning.
  • As banks reinvent themselves using technology to drive digital change in the future, risk teams expect to do so, too.
EY - Status of initiative to cut costs
EY - Impact of technologies on risk function
EY - Actions being taken to cut costs

Five challenges for banks

As banks transition from the middle to the third phase of the transformation journey, they must navigate five broad challenges.

  1. Managing emerging risks and increased competition: Broader geopolitical, social and environmental concerns are looming larger, as regulatory fragmentation continues and competition intensifies. FinTechs and major technology companies seek traction in profitable parts of financial services, while banks’ strategic options to deliver 11-15% ROE narrow. Cybersecurity is now clearly the top risk for boards and CROs.

EY - Top-of-mind risks for CROs and boards


  1. Leading a digital transformation of risk management: Technology has reshaped customer interfaces, but banks still have to implement new technologies in the middle and back office to drive fundamental change. Risk functions must change how they monitor risk profiles and enable innovation, and become smarter, faster and more cost-effective. New talent in technology and risk will be necessary, but hard to attract.
EY - Use of technologies to interface with customers


  1. Operationalizing three-lines-of-defense models: Operationalization of the three-lines model is necessary to improve the effectiveness and cost-efficiency of risk management. Talent shortages are expected in advanced analytics, model risk and other key areas. Standardization and automation are accelerating, even if broader technology deployments are delayed.
EY - Talent shortages in risk and compliance


  1. Managing non-financial risks cost-effectively: Though conduct risk frameworks are in place, there is a long way to go to prove effectiveness and improve cost-efficiency. As risk appetite frameworks evolve, common challenges remain (e.g., expressing appetite for all risk types, cascading appetite to business units). Quantifying non-financial risks (e.g., reputational, strategic and cyber risks) remains difficult.
EY - Ways to manage conduct risk cost effectively


  1. Staying resilient and protecting against cyber risks: Banks are rethinking what constitutes operational resiliency. Beyond core competencies (business continuity and disaster recovery), data quality and process-flow mapping need enhancing. In managing cyber risks across the three lines of defense, quantification and reporting are a challenge, even as boards increase oversight. Managing critical vendors more effectively supports operational and cyber-resiliency.
EY - Expected talent gap in cyber in next two years
EY - Cyber metrics used in risk appetite statements

Contact us

Bill Schlich
EY Global Banking & Capital Markets Leader
Toronto
+1 416 943 4554

Dai Bedford
EY Global Banking & Capital Markets Advisory Leader
London
+44 20 7951 6189

Mark Watson
EY Financial Services, Executive Director
Boston
+1 617 305 2217

Henrik Axelsen
EY Financial Services, Risk, Partner
London
+44 207 7197 7317