Digital transformation and cybersecurity are top concerns of CROs

Singapore, 19 October 2017

  • Share

Risk management functions within financial services organizations are primarily concerned with cybersecurity and data-related risks at their firms, according to the EY and Institute of International Finance (IIF) eighth annual global bank risk management survey of Chief Risk Officers (CROs): Restore, rationalize and reinvent: a fundamental shift in the way banks manage risk.

Cybersecurity has surged as a concern with respondents, with 77% claiming it is one of the most important risks over the next year, a 22% increase since the 2015 survey. In addition, a majority of the banks surveyed (86%) cited data-related risks (availability, integrity, etc.) as a top emerging risk over the next five years.

Tom Campanile, Partner, Financial Services Office, Ernst & Young LLP, says:

“Banks have reached an inflection point in risk management. How banks navigate emerging risks and opportunities presented by technological innovations will dictate their ability to thrive over the next decade. Risk leaders recognize that data is both a risk and a major opportunity. Being able to manage multiple challenges and changes simultaneously will distinguish leaders in the industry, especially as cyber threats and digital disruption continue to impact banks globally.”

Respondents noted that with ever-present cyber threats and digital disruption taking place, risk and compliance functions are prioritizing key tasks. The top critical roles within risk and compliance functions are: helping to identify risks and align strategic efforts with risk tolerance (71%), offering guidance on laws and regulations that could be interpreted as relevant to new technologies, products or services (49%) and providing review and approval prior to product launch (47%).

Andrés Portilla, Managing Director of the Regulatory Affairs Department at IIF, says:

“CROs and anyone who works in the risk function have to be much closer to the business lines with a more proactive mindset. Banks depend on people to implement, maintain and protect systems and data. Data will help identify and address emerging risks as well as inform strategic and everyday decisions. But data itself is also a source of risk, either from a data protection, integrity or fraud perspective, and risk managers have a key role to play in keeping a balance between leveraging the new technologies as much as possible within their organizations and keeping the associated risks within their risk appetite.”

Banks are embracing new technologies such as blockchain, robotic process automation (RPA), chatbots and more. Survey respondents expect new techniques and technologies will drive down costs in risk management, notably through the use of automation (87%), digitization (64%), machine learning (59%) and risk models using artificial intelligence (AI) (57%). When it comes to implementing new technologies to drive digital transformation, the top three concerns of respondents are cybersecurity and shortage of IT resources/talent (both 64%) and also, cost (52%).

Campanile says: “Over time, risk functions will have to leverage technology to improve risk management, and become technology innovators, rather than spectators. Banks will have to rethink how they manage risks, what risks need to be managed and what new types of talent will be required.”

For further information, view the report at and follow EY on Twitter: @EY_Banking.

- Ends -

Notes to Editors

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit

This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.

About the IIF

The Institute of International Finance is the global association of the financial industry, with close to 500 members from more than 70 countries. Its mission is to support the financial industry in the prudent management of risks; to develop sound industry practices; and to advocate for regulatory, financial and economic policies that are in the broad interests of its members and foster global financial stability and sustainable economic growth. IIF members include commercial and investment banks, asset managers, insurance companies, sovereign wealth funds, hedge funds, central banks and development banks. For more information visit

About the survey

This is the eighth annual risk management survey that EY and the IIF have conducted. From May through August 2017, in cooperation with the IIF, EY surveyed IIF member firms and other top banks from around the globe. Participating banks’ chief risk officers or other senior risk executives were interviewed by EY or completed an online survey, or both. A total of 77 banks across 35 countries participated in the study.