Managing risk over the next decade could prove more challenging due to 10 key risk factors, according to the new Ernst & Young LLP (EY US) and Institute of International Finance (IIF) bank risk management survey titled, An endurance course: surviving and thriving through 10 major risks over the next decade. The risks (shown below), which started primarily as financial, have evolved into today’s nonfinancial risks, such as cybersecurity, geopolitics and climate change.
10 key risk factors:
- Weathering the likely financial downturn
- Operating in an ever-expanding ecosystem
- Protecting privacy to maintain trust
- Fighting a cyber war in banks and across the system
- Navigating the inevitable industry transition to cloud
- Industrialising data analytics across the business in a controlled manner
- Delivering services to customers, clients and markets without disruption
- Adapting to the effects of fast-shifting geopolitics on banks and their customers
- Addressing the impact of climate change on banks and society
- Meeting emerging customer demands for customised, aggregated lifetime offerings
- This year’s survey, the 10th, provides a window into what has changed in risk management globally over the past decade, and the major risks over the next decade. Participants included 115 financial institutions from 43 countries.
A decade of progress
Looking back over a decade of surveys, initially the primary objectives for banks managing financial risks focused on capital and liquidity. As governance and regulation models improved, banks have become healthier than they were pre-crisis and, in turn, have been able to de-risk and de-leverage their balance sheets. In the second half of the decade, nonfinancial risks, such as cybersecurity, data, and conduct and culture, came to the fore.
“Banks are in a far better position today than a decade ago in the management and governance of risks,” said Mark Watson, Managing Director, Ernst & Young LLP, and EY Americas Financial Services Organization Board Matters Deputy Leader. “Banks still have significant opportunities to simplify their risk management approach and get to a truly integrated view of risk across the firm. It is important for banks to become much more efficient in managing risks, using innovative new approaches and improved data analytics.”
10 major challenges over the next decade
“In the next decade, banks across the globe will face 10 major risks that test their ability to survive and thrive, and those in the Asia-Pacific region are not immune,” said EY Asia-Pacific Financial Services Regulatory Leader.
Chief among the risks impacting banks both globally and regionally is the intense growing conversation around a potential new economic downturn.
“The Asia-Pacific region is closely linked to the rest of the world by trade and financial flows. So, the risk of a financial downturn is as much a real stress test for Asia-Pacific financial institutions as it is for those in other parts of the world,” Mr Goyne said. “Additionally, as a fragmented regulatory market and the epicentre of the US-China trade dispute, there is a risk a downturn could hit even harder here – putting Asia-Pacific banks and their CROs under increasing pressure. Understanding and managing potential shifts in credit risk exposures across the region is high on CRO agendas.”
Aside from remaining financially strong, banks will have to manage a set of demanding, complicated and significant nonfinancial risks in the future. “Australian banks are facing an array of difficult issues and the top 10 global risks highlighted in the survey resonate strongly in our discussions with local CROs and regulators around the industry’s resilience. Additionally, there continues to be a sharpened focus on managing conduct risk and developing new approaches to influence culture and behaviours, as well as enhancing the quality of risk management and executive accountability for risk. In the Australian context, many institutions are undertaking significant changes to the management of nonfinancial risk, all while the external environment continues to evolve at a very rapid pace,” said Doug Nixon, EY Oceania Financial Services Risk Management Leader.
“Globally, banks have greatly strengthened their risk management over the past decade, and that has made the industry safer and more resilient,” said Andres Portilla, Managing Director for Regulatory Affairs at the IIF. “Banks now have to focus on a number of major risks that, if anything, will become even more important over the next decade, including cybersecurity, operational resilience, and ethical use and privacy of data.”
- One in four banks (23%) rank privacy as a top risk in the next 12 months, and one in two (53%) view privacy as a key emerging risk over the next five years.
- Over half (52%) of banks view environmental and climate change matters as a key emerging risk over the next five years, up from just over a third (37%) a year ago.
- Four in five (79%) banks have incorporated climate change into their risk management approach. Most (59%) have built it into their scanning of emerging risks, while two in five (41%) have already adopted policies for impacted businesses.
- Four in five banks now believe a system-wide, industry-level attack or material event is likely in the next five years — almost a third (29%) view that as very likely.
- In general, risk professionals are most concerned about adapting their risk capabilities (60%) and culture (58%) to the industry-wide transition to the cloud.
- Risk professionals, regulators and policymakers are very focused on the risks of scaling up artificial intelligence and machine learning technologies. Banks’ risk teams already see challenges in capturing new risks (64%) and getting the right talent to manage the risks (59%). They also see a lack of historical data showing how these models act under different market conditions (54%) and uncertain regulatory expectations (47%) as additional challenges.
- Sixty percent of banks view geopolitical risks as a major risk over the next five years. The top geopolitical risks that will impact banks over the next decade are escalating cyber warfare and the China-US relationship (tied at 47%).
The complete report is available at ey.com/bankingrisk.
EY US, in collaboration with the IIF, surveyed IIF members and other top banks in each region globally (including a small number of material subsidiaries that are top-five banks in their home countries) from June 2019 through September 2019. Participating banks’ chief risk officers or other senior risk executive were interviewed, completed a survey, or both. Ninety-four banks across 43 countries (up from 71 banks in 2018) were reflected in the survey results. Regionally those banks were headquartered in Asia-Pacific (21), Europe (26), the Middle East and Africa (14), Latin America (10) and North America (23.) Of these, 19 are considered globally systemically important banks, as designated by the Financial Stability, and 49 have been designated as systemically important domestically by their home country regulators. Quantitative data in this report relates to the top 92 banks that completed surveys and the narrative includes insights gleaned from qualitative interviews with some of those and other banks. Participating banks were fairly diverse in terms of asset size, geographic reach and type of bank. An additional 21 financial institutions participating informally by responding to the survey. Their responses informed the narrative.
EY Asia-Pacific Media Relations
+852 9666 3489
– ENDS –
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. For more information about our organization, please visit ey.com.
This news release has been issued by Ernst & Young Australia, a member firm of Ernst & Young Global Limited.
Liability limited by a scheme approved under Professional Standards Legislation.
About the Institute of International Finance (IIF)
The Institute of International Finance is the global association of the financial industry, with more than 450 members from more than 70 countries. Its mission is to support the financial industry in the prudent management of risks; to develop sound industry practices; and to advocate for regulatory, financial and economic policies that are in the broad interests of its members and foster global financial stability and sustainable economic growth. IIF members include commercial and investment banks, asset managers, insurance companies, sovereign wealth funds, hedge funds, central banks and development banks.