4 minute read 15 Jun 2018
building hands blocks together

Five challenges for banks as they evolve risk management

Jan Bellens
By Jan Bellens

EY Global Banking & Capital Markets Sector Leader

Passionate leader on innovation in financial services, especially in emerging markets. Global citizen. Keen traveler.

4 minute read 15 Jun 2018
Related topics Banking and capital markets Financial Services Digital Risk and regulation in banking
Upvote

Show resources

  • Eighth annual global bank risk management survey (pdf)

    Download 9 MB

Our eighth annual global bank risk management survey finds banks at the midpoint of a 15-year risk transformation journey.

Risk management functions will have to reinvent themselves and become enablers and drivers of digital transformation. How banks navigate the risks and opportunities presented by technological innovations will dictate their ability to thrive.

The eighth annual global bank risk management survey, conducted by EY in collaboration with the Institute of International Finance (IIF), explores key focus areas and challenges for banks as they move through three distinct phases of a 15-year risk transformation journey.

Three key findings emerged from this year’s survey:

  • After fully streamlining structures and processes, banks have to drive digital transformation across the entire firm, from customer to operations.
  • Risk management functions must reinvent themselves to become enablers and drivers of innovation and growth, leveraging technology to do so.
  • Cybersecurity has overtaken regulatory matters as the top concern of boards and CROs.

A 15-year risk transformation journey is underway

The first phase of the risk management journey occurred during the five to six years after the financial crisis — a stage we call Restore. The second phase is happening now: Rationalize. And the final phase looms in coming years: Reinvent. We highlight below key elements from each stage, in four categories:

  • Regulatory context
  • Technology focus
  • Risk focus
  • Three-lines-of-defense

  • Restore

    • Regulatory context: Coordinated global regulatory response, primarily prudential in nature
    • Technology focus: Sustaining legacy systems, and addressing identity access-management inadequacies
    • Risk focus: Focus on financial risks; includes building foundational elements and curtailing risk-taking and product development
    • Three-lines-of-defense: Building overall framework; expanding headcount in first and second lines; attention to controls effectiveness

  • Rationalize

    • Regulatory context: Ongoing implementation, increasingly conduct related; signs of global fragmentation; taking stock of impact in totality
    • Technology focus: Digitizing customer experience and interface; implementing three-lines-of-defense cyber risk management
    • Risk focus: Embedding risk discipline into the business; focus is on primarily nonfinancial risks; enabling risk-taking
    • Three-lines-of-defense: Implementing operating model; stabilizing and reversing people growth; balancing effectiveness and efficiency

  • Reinvent

    • Regulatory context: Revisions to reforms with more local variation; new modes of regulation or supervision to accommodate innovation and FinTech
    • Technology focus: Digitizing middle and back office, plus risk function; embedding cybersecurity across the firm (M&A, due diligence, new product development)
    • Risk focus: Enabling and driving innovation; balancing risk-taking and risk discipline
    • Three-lines-of-defense: Enabling risk management through automation, machine learning and AI

Banks are embracing technology-driven change

As the industry’s digital transformation accelerates, banks will move from exploring to implementing firm-wide uses of new technologies in the middle and back office. This will challenge risk functions to change how they monitor banks’ risk profiles and enable innovation, and how they leverage new techniques to be smarter, faster and more cost-effective.

From operational streamlining to technology-driven transformation, banks are taking action to cut costs, with 83% of banks focused on data analytics over the next three years.

Plans to leverage new technologies to manage costs are in various states of progression. Digital and mobile infrastructure initiatives are the most advanced, while banks are taking first steps to automation and machine learning.

Data analytics

83%

From operational streamlining to technology-driven transformation, banks are taking action to cut costs, with 83% of banks focused on data analytics over the next three years.

As banks reinvent themselves using technology to drive digital change in the future, risk teams expect to do so, too.

Five challenges for banks

As banks transition from the middle to the third phase of the transformation journey, they must navigate five broad challenges.

1. Managing emerging risks and increased competition: Broader geopolitical, social and environmental concerns are looming larger, as regulatory fragmentation continues and competition intensifies. FinTechs and major technology companies seek traction in profitable parts of financial services, while banks’ strategic options to deliver 11% to 15% ROE narrow. Cybersecurity is now clearly the top risk for boards and CROs.

2. Leading a digital transformation of risk management: Technology has reshaped customer interfaces, but banks still have to implement new technologies in the middle and back office to drive fundamental change. Risk functions must change how they monitor risk profiles and enable innovation, and become smarter, faster and more cost-effective. New talent in technology and risk will be necessary, but hard to attract.

3. Operationalizing three-lines-of-defense models: Operationalization of the three-lines model is necessary to improve the effectiveness and cost-efficiency of risk management. Talent shortages are expected in advanced analytics, model risk and other key areas. Standardization and automation are accelerating, even if broader technology deployments are delayed.

4. Managing nonfinancial risks cost-effectively: Though conduct risk frameworks are in place, there is a long way to go to prove effectiveness and improve cost-efficiency. As risk appetite frameworks evolve, common challenges remain (e.g., expressing appetite for all risk types, cascading appetite to business units). Quantifying nonfinancial risks (e.g., reputational, strategic and cyber risks) remains difficult.

5. Staying resilient and protecting against cyber risks: Banks are rethinking what constitutes operational resiliency. Beyond core competencies (business continuity and disaster recovery), data quality and process-flow mapping need enhancing. In managing cyber risks across the three lines of defense, quantification and reporting are a challenge, even as boards increase oversight. Managing critical vendors more effectively supports operational and cyber-resiliency.

Summary

As banks transition from the middle to the third phase of the risk transformation journey, they will move from exploring to implementing firm-wide uses of new technologies. This will challenge risk functions to change how they monitor banks’ risk profiles and enable innovation, and how they leverage new techniques to be smarter, faster and more cost-effective.

About this article

Jan Bellens
By Jan Bellens

EY Global Banking & Capital Markets Sector Leader

Passionate leader on innovation in financial services, especially in emerging markets. Global citizen. Keen traveler.

Related topics Banking and capital markets Financial Services Digital Risk and regulation in banking
Upvote