Cybersecurity and data-related risks are the primary concerns of Chief Risk Officers (CROs) in banks, according to a survey conducted by EY and the Institute of International Finance (IIF).
Their eighth annual global bank risk management survey of CROs, Restore, rationalize and reinvent: a fundamental shift in the way banks manage risk, showed that 77% cited cybersecurity as one of the most important risks over the next year, a 22% increase since the 2015 survey. Meanwhile, 86% of the banks surveyed cited data-related risks (availability, integrity, etc.) as a top emerging risk over the next five years.
An inflection point in risk management
Mr Tom Campanile, Partner, Financial Services Office, EY, said: “Banks have reached an inflection point in risk management. How banks navigate emerging risks and opportunities presented by technological innovations will dictate their ability to thrive over the next decade. Risk leaders recognize that data is both a risk and a major opportunity. Being able to manage multiple challenges and changes simultaneously will distinguish leaders in the industry, especially as cyber threats and digital disruption continue to impact banks globally.”
Respondents noted that with ever-present cyber threats and digital disruption taking place, risk and compliance functions are prioritising key tasks. The top critical roles within risk and compliance functions are: helping to identify risks and align strategic efforts with risk tolerance (71%), offering guidance on laws and regulations that could be interpreted as relevant to new technologies, products or services (49%) and providing review and approval prior to product launch (47%).
Risk managers to balance new tech and data risks
Mr Andrés Portilla, Managing Director of the Regulatory Affairs Department at IIF, said: “CROs and anyone who works in the risk function have to be much closer to the business lines with a more proactive mindset. Banks depend on people to implement, maintain and protect systems and data. Data will help identify and address emerging risks as well as inform strategic and everyday decisions.
“But data itself is also a source of risk, either from a data protection, integrity or fraud perspective, and risk managers have a key role to play in keeping a balance between leveraging the new technologies as much as possible within their organizations and keeping the associated risks within their risk appetite.”
New tech to drive down costs of risk management
Banks are embracing new technologies such as blockchain, robotic process automation (RPA), chatbots and more. Survey respondents expect new techniques and technologies will drive down costs in risk management, notably through the use of automation (87%), digitisation (64%), machine learning (59%) and risk models using artificial intelligence (AI) (57%).
When it comes to implementing new technologies to drive digital transformation, the top three concerns of respondents are cybersecurity and shortage of IT resources/talent (both 64%) and also, cost (52%).
Mr Campanile said: “Over time, risk functions will have to leverage technology to improve risk management, and become technology innovators, rather than spectators. Banks will have to rethink how they manage risks, what risks need to be managed and what new types of talent will be required.”
In total, 77 firms across 35 countries participated in the survey, up from 67 firms in 29 countries in 2016. Asia-Pacific banks involved include the likes of Agricultural Bank of China, ICBC, National Australia Bank and Sumitomo Mitsui Banking Corp. The survey report can be found here.