Press release

16 Jan 2020 Nicosia, CY

EY: Non-financial risks remain significant for banks

Managing risk over the next decade could prove more challenging due to 10 key risk factors, according to the new EY and Institute of International Finance (IIF) bank risk management survey titled, An endurance course:

Press contact
EY Cyprus

Multidisciplinary professional services organization

  • New study from Ernst & Young LLP and the Institute of International Finance tackles how banks can manage key risks in the next decade

Managing risk over the next decade could prove more challenging due to 10 key risk factors, according to the new EY and Institute of International Finance (IIF) bank risk management survey titled, An endurance course: surviving and thriving through 10 major risks over the next decade. The key risks, which started primarily as financial, have evolved into today’s nonfinancial risks, such as cybersecurity, geopolitics and climate change

10 key risk factors:

  1. Weathering the likely financial downturn
  2. Operating in an ever-expanding ecosystem
  3. Protecting privacy to maintain trust
  4. Fighting a cyber war in banks and across the system
  5. Navigating the inevitable industry transition to cloud
  6. Industrializing data analytics across the business in a controlled manner
  7. Delivering services to customers, clients and markets without disruption
  8. Adapting to the effects of fast-shifting geopolitics on banks and their customers
  9. Addressing the impact of climate change on banks and society
  10. Meeting emerging customer demands for customized, aggregated lifetime offerings

This year’s survey, the 10th, provides a window into what has changed in risk management globally over the past decade, and the major risks over the next decade. Participants included 115 financial institutions from 43 countries.

A decade of progress

Looking back over a decade of surveys, initially the primary objectives for banks managing financial risks focused on capital and liquidity. As governance and regulation models improved, banks have become healthier than they were pre-crisis and, in turn, have been able to de-risk and de-leverage their balance sheets. In the second half of the decade, nonfinancial risks, such as cybersecurity, data, and conduct and culture, came to the fore.

Major challenges over the next decade

According to the findings of the study, among the risks facing banks worldwide is the likelihood of a new economic downturn in the coming months or years. In addition to the challenge of securing and maintaining their financial soundness, banks will also have to deal with a number of complex and significant non-financial risks, such as climate change, the protection and ethical processing of personal data, cyber threats, etc.

Survey highlights:

  • One in four banks (23%) rank privacy as a top risk in the next 12 months, and one in two (53%) view privacy as a key emerging risk over the next five years.
  • Over half (52%) of banks view environmental and climate change matters as a key emerging risk over the next five years, up from just over a third (37%) a year ago.
  • Four in five (79%) banks have incorporated climate change into their risk management approach. Most (59%) have built it into their scanning of emerging risks, while two in five (41%) have already adopted policies for impacted businesses.
  • Four in five banks now believe a system-wide, industry-level attack or material event is likely in the next five years — almost a third (29%) view that as very likely.
  • In general, risk professionals are most concerned about adapting their risk capabilities (60%) and culture (58%) to the industry-wide transition to the cloud.
  • Risk professionals, regulators and policymakers are very focused on the risks of scaling up artificial intelligence and machine learning technologies. Banks’ risk teams already see challenges in capturing new risks (64%) and getting the right talent to manage the risks (59%). They also see a lack of historical data showing how these models act under different market conditions (54%) and uncertain regulatory expectations (47%) as additional challenges.
  • Sixty percent of banks view geopolitical risks as a major risk over the next five years. The top geopolitical risks that will impact banks over the next decade are escalating cyber warfare and the China-US relationship (tied at 47%).

Commenting on the survey findings, Savvas Pentaris, Partner and Head of Financial Services Sector of EY Cyprus, said: “Over the past decade, banks throughout the world have worked hard to strengthen their risk management, and this effort has produced tangible results. However, as a financial downturn appears increasingly imminent, banks will be called upon to demonstrate their resilience in practice. This will constitute a major challenge for risk officers throughout the world”.

Charalambos Constantinou, Partner and Head of Advisory Services also mentioned:  “Along with traditional risks, banks are now faced with a number of emerging non-financial risks, which will prove equally challenging for risk officers. These include, among others, climate change, privacy issues and cyber threats, as well as the ethical issues raised by new technologies such as AI. These new risks will demand new skills and capabilities on the part of risk managers and their teams and will test banks’ readiness to adapt to a new ecosystem.”

The complete report is available at


EY Release Non-financial risks remain significant for banks (in Greek)

For more information, please contact the EY Cyprus

Email: Irene

Contact number: +357 22209999

Notes to Editors

About EY

EY | Assurance | Tax | Transactions | Advisory

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via For more information about our organization, please visit