6 minute read 5 Jul 2021
Man building rock cairns

How COVID-19 has changed the role of the chief risk officer

Authors
Mark Watson

EY Americas Financial Services Managing Director and Board Matters Deputy Leader

Transformational leader. Advisor on matters delivering global impact and strong governance. Passionate about sound public policy. Avid moviegoer. Electronic dance music fan. Proud Anglo-American.

Federico Guerreri

EY Global Financial Services Risk Leader

Risk transformation leader in financial services. Speaker at external and internal events. Passionate about meeting people; everyone can learn a lot from the others. Globetrotter. Husband and father.

6 minute read 5 Jul 2021

The 11th annual EY/IIF global bank risk management survey shows that COVID-19 has given CROs an opportunity to change how they operate.

In brief
  • CROs are now managing emerging risks in a world reshaped by COVID-19 when changing customer needs and digital technology play increasingly central roles.
  • CROs ability to adapt quickly to a changing environment is more important than ever before.
  • There is a huge opportunity for CROs to reshape their roles to successfully accelerate change across the banking environment. 

The role of chief risk officer (CRO), once considered a background function in banking operations, has changed significantly since the global financial crisis. The fallout from the crisis propelled CROs into the spotlight, to act as effective business communicators with bank boards on what was happening and what to expect around the corner.

Now, as we begin to emerge from another crisis that has upended the global economy, the CRO has yet another new role to play. This time, the job not only demands better communication on how financial institutions can manage emerging risks in a world reshaped by COVID-19, but also doing so in a period in which changing customer needs and expectations and digital technology play increasingly central roles in bank decision-making.

CROs must also take note of broader social movements and public perception relating to the transition to a low-carbon economy, as well as new challenges such as the surge in activity in digital currencies.

The 11th annual EY/IIF global bank risk management survey shows that as banks continue their transformation journeys and contend with persistent and dynamic disruption and change not just today, but tomorrow and into the future, the CRO will play an ever-larger role in their growth and success.

Risk leaders are realizing they can do more and do better if they use data and technology and embrace innovation in how they operate.

The cost of doing good

The economic upheaval of the pandemic necessitated banks having a crucial part to play in distributing governments’ fiscal packages and offering customers greater access to loans. In facilitating these payments and offering much-needed support to customers, most banks are emerging from the crisis with their reputations intact. However, many CROs are concerned with the final cost of these support measures and the broader impact on economic growth, citing credit risk as their number one risk over the next 12 months. If economies experience uneven recoveries and prolonged, adverse conditions prevail, banks’ credit issues are likely to grow, and some banks are concerned how well they will cope.

In terms of loss mitigation and forbearance decisions that need to be made over the next 12 to 24 months, as banks transition customers back to a more stable financial footing, 69% of CROs are most concerned about future regulatory inquiry and action about how government stimulus programs were administered by banks. Other concerns relate to the practicalities of carrying out loss mitigation for large swathes (read millions) of customers in a manner that aligns with banks’ risk appetite and policies and procedures while providing a good outcome for all types of borrowers.

A better road to recovery

Small and medium-sized enterprises (SMEs) are of particular concern, but bank risk assessments vary country by country. In the US, bankruptcy filings hit a 35-year low in 20201 due to government stimulus measures. However, in Southern European countries, the rate of SME insolvencies will likely increase,2 impacting banks’ return on equity. The EY/IIF survey shows that, in general, European banks expect returns within a range of 5% to 10% over the next three years. Conversely, over a third of banks in the US expect returns of above 16%.

Offering better support to SMEs is one of the main talking points among CROs as the crisis subsides. One of the main sticking points lies in identifying which SMEs have been hit hard by the pandemic, but still have viable business models, and distinguishing those from so-called “zombie” companies (i.e., firms that can’t be self-sustaining).

Given the need for many to evolve in a post-pandemic world, SMEs will increasingly look to embedding an environmental, social and governance (ESG) framework into their business models, in line with larger firms. In doing so, SMEs can initiate a fresh conversation with their bank on how to work towards a zero-carbon economy – ultimately CROs will play an important role in helping manage and price the associated risks as part of the bank’s overall sustainability strategy. 

The ESG factor

48%

of CROs say ESG is embedded in their loan decisioning processes.

Data protection: staying safe

Many banking employees made a success of working from home during lockdown, with technology sustaining critical business activities from trading through to financial advice services. However, with most people working from their kitchens, living rooms and basements, the question of data security and protection became paramount and has remained so.

Prior to the pandemic, some banks were further along their digital transformation journeys than others, making the transition to remote working much more safe and secure. Others had to catch up quickly. But ultimately, giving thousands of employees access to data in a remote environment raised serious risks, according to CROs. A large majority of CROs in our survey acknowledge that data management and privacy were not that well integrated into their operational resilience frameworks, and neither were IT change management or third-party risk management.

Moreover, the pandemic raised an inevitable question mark over the technological capabilities of employees – both within banks’ risk teams and the broader organization. It emphasized the growing need for more agility among banks’ risk professionals and a greater predisposition to faster, more incremental change. The survey indicates that 70% of CROs consider the ability to adapt to a changing environment as the most important risk management skill to develop over the next three years. For many banks, this is less a technology issue, but rather a cultural, governance and organizational one. To succeed, CROs need a strong change management perspective and style to help their teams quickly adapt and cope with this change.

The rise of the new CRO

The breadth of risks CROs must contend with today extend to areas that are rapidly changing, from climate-change risk to the obscure risks associated with cryptocurrencies. In many cases, greater data and analytics talent will be needed to successfully navigate these looming challenges, as well as others.

How central banks and governments decide to manage the demand for, and interest in, cryptocurrencies in the marketplace will result in all financial institutions having to adopt clear governance and controls regarding digital assets, as well as integrate technology to deal in cryptocurrencies. Similarly, the speed with which firms transition to a zero-carbon economy may tax the innovativeness and agility of banks to design, price and distribute new types of financial products and services.

The speed of change in public opinion and greater societal pressure on banks’ policies will only increase over the years ahead. The pandemic quickly showed how interconnected the global economy is, and both the benefits and risks of this interconnection. For CROs, the way forward will be challenging, with many grappling with what the changing risk landscape really means for their banks. However, there is a major opportunity for CROs to accelerate change across their organizations, to ensure they are really ready for the next big test coming their way.

EY leaders and the IIF discuss key findings of the 11th annual EY/IIF global bank risk management survey.

The webcast replay and podcast explore the top priorities – including climate change, credit risk, cybersecurity and the impact of technology – and what that means for risk management.

Webcast replay    Listen now

Summary

The 11th annual EY/IIF global bank risk management survey demonstrates that to cope with continuous change, the CRO will need to play a leading role in banks’ ability to compete successfully and thrive in a post-pandemic world.

About this article

Authors
Mark Watson

EY Americas Financial Services Managing Director and Board Matters Deputy Leader

Transformational leader. Advisor on matters delivering global impact and strong governance. Passionate about sound public policy. Avid moviegoer. Electronic dance music fan. Proud Anglo-American.

Federico Guerreri

EY Global Financial Services Risk Leader

Risk transformation leader in financial services. Speaker at external and internal events. Passionate about meeting people; everyone can learn a lot from the others. Globetrotter. Husband and father.