Risk management function must evolve to become trusted advisors as banks reinvent themselves

Singapore, 18 December 2018

  • Share
  • Cyber threats are now the biggest risk for boards and chief risk officers
  • Data destruction and disruption from technology are the top emerging risks

SINGAPORE, 18 DECEMBER 2018 – As technology and ongoing competitive disruption force banks to reinvent themselves, the risk management function must undergo a revolution in risk management professionals balancing their roles and operating models, according to the ninth annual global bank risk management survey, Accelerating digital transformation: four imperatives for risk management.

The survey finds that risk groups link strategy and risk appetite (67%), identify forward-looking or emerging risks (53%), assess strategy and business models from a risk appetite perspective (36%), help influence firm risk culture and behaviors (34%), and implement effective risk management structures (31%).

The survey, a collaboration between EY and the Institute of International Finance (IIF), highlights four imperatives that boards, senior management, chief risk officers (CROs) and other key executives will have to address to stay competitive, maintain trust, and successfully achieve their digital transformation ambitions. The four imperatives include: adapting to a risk environment and risk profile that is changing faster and more intensively than ever, leveraging risk management to enable business transformation and sustained growth, delivering risk management effectively and efficiently, and managing through and recovering from disruptions.

Keith Pogson, Senior Partner, Ernst & Young, Financial Services and EY Global Assurance Leader, Banking and Capital Markets, says:
"CROs across Asia-Pacific are increasingly focused on how to transition their organizations to help them remain fit for purpose in the current business and digital landscape – with new risks to focus on, and new tools and methods to use in managing and mitigating those risks. While banks across the region continue to deal with the rollout of legacy policy initiatives, they are also increasingly focused on new risks created by business model evolution, such as reliance on third parties, data management and data disposition."

Additionally, risk management has a central role to play in helping navigate the evolving risk profile of banks, and preparing for, managing through, and recovering from disruptions such as cyber-attacks and weather-related disasters, which are commonplace. Top resilience concerns of respondents include: overall cyber risks (80%), prolonged IT outages inside the bank’s environment (64%), critical-third-party outages (64%), data availability (41%), IT obsolescence (39%), critical data being destroyed (39%), and financial resilience (32%).

Pogson says: “As Asia-Pacific financial institutions continue their digital transformation, the risks and opportunities posed by new technology are front of mind for CROs across the region – whether in the form of cyber-risks, competitive disruption, or as a potential solution to help manage risks and reduce the costs of compliance.”

The survey suggests that risk management functions can leverage new technologies much more than they are doing currently. Respondents identify a range of areas where new technologies will have a material impact: fraud surveillance (72%), financial crime (68%), modeling (57%), credit analysis (57%), cybersecurity (57%), and know-your-customer activities (57%).

Andrés Portilla, Managing Director of Regulatory Affairs, Institute of International Finance, says:
“Working closely with CROs at our member firms it is clear that the transformation of the risk management function is accelerating, influenced by new digital and technological innovations. Risk managers play a unique role within institutions to not only identify, manage and prepare for risks but also to work closely with the board and the business to identify new opportunities. Technology enables the risk function to transform but it also raises new challenges around cybersecurity, the use and accessibility of data and operational resilience, on top of broader concerns such as the implementation of new regulatory rules and supervisory expectations.”

Regional differences exist
The survey findings reveal regional trends including that North American banks place more importance on protecting the firm’s reputation than banks in other regions. African and Middle Eastern banks are more concerned about third-party outages and ransomware, while those in Asia-Pacific are more concerned about business-model viability than others, but less concerned than North American banks about cyber risks, third-party outages and data destruction. Latin American banks most fear cyber risks and IT obsolescence.


Beyond cybersecurity, each region has different CRO top priorities: credit and liquidity risks in Asia-Pacific (both 58%); risk appetite in Latin America (62%); implementation of new regulations and supervisory expectations in Africa and the Middle East (86%); business-model risk and implementation of new regulations and supervisory expectations in Europe (both 56%); and operational risk (excluding cybersecurity) and risk technology architecture in North America (both 65%).

For further information, view the report at ey.com/bankingrisk.


Notes to Editors

About EY
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.

About the IIF
The Institute of International Finance is the global association of the financial industry, with close to 450 members from more than 70 countries. Its mission is to support the financial industry in the prudent management of risks; to develop sound industry practices; and to advocate for regulatory, financial and economic policies that are in the broad interests of its members and foster global financial stability and sustainable economic growth. IIF members include commercial and