The threat of a cyber attack is now the top worry for bank risk managers, according to a new risk survey released jointly by EY and Institute of International Finance.
More than 77 per cent of chief risk managers see cyber security as one of the most important risks over the next year, up 22 per cent increase on 2015.
The global survey found that cybersecurity has surged as an area of concern, along with conduct risk. In addition, 86 per cent of the banks surveyed cited data-related risks as a top emerging risk over the next five years.
“Banks have reached an inflection point in risk management. How they navigate emerging risks and opportunities presented by technological innovations will dictate their ability to thrive over the next decade,” said Tom Campanile, an EY partner.
“Risk leaders recognise that data is both a risk and a major opportunity. Being able to manage multiple challenges and changes simultaneously will distinguish leaders in the industry, especially as cyber threats and digital disruption continue to impact banks globally.”
Threat and opportunity
“Data is a massive concern,” one survey respondent said. “The issue is not just implementing data-related regulations, but also how to use data optimally and protect the franchise.”
Given the importance of data, another said, ensuring its confidentiality, availability and integrity is of paramount importance, thus, the view that data risk is so important.
This partially explains the increased focus on cybersecurity.
Respondents noted that with ever-present cyber threats and digital disruption taking place, risk and compliance functions are prioritising key tasks.
The top critical roles within risk and compliance functions are: helping to identify risks and align strategic efforts with risk tolerance (71 per cent), offering guidance on laws and regulations that could be interpreted as relevant to new technologies, products or services (49 per cent) and providing review and approval prior to product launch (47 per cent).
CROs and anyone who works in the risk function have to be much closer to the business lines and be more proactive, added IIF’s Andrés Portilla.
The survey also found bank CROs expect new techniques and technologies will drive down costs in risk management, through the use of automation (87 per cent), digitisation (64 per cent), machine learning (59 per cent) and risk models using artificial intelligence (57 per cent).
When it comes to implementing new technologies to drive digital transformation, the top three concerns of respondents are cybersecurity and shortage of IT resources and talents (both 64 per cent) and also, cost (52 per cent).
“Over time, risk functions will have to leverage technology to improve risk management, and become technology innovators, rather than spectators.
“Banks will have to rethink how they manage risks, what risks need to be managed and what new types of talent will be required.” added Campanile.
Regulatory fragmentation is also rising on the CRO agenda. Differing flavors of the same global regulation are now being implemented by national authorities, creating inconsistencies across borders and, thus, implementation challenges for banks operating in multiple markets.
Over the next five years, banks expect regulatory fragmentation to be most likely as it relates to capital buffers (69 per cent), stress testing (61 per cent), models (52 per cent), liquidity buffers (40 per cent) and corporate structures (25 per cent),
The CROs surveyed particularly expressed concern over growing global fragmentation in areas such as privacy and cybersecurity regulation.
Digitisation, new consumer trends and competitive threats, together with elevated cost and income ratios have driven the degree to which banks’ business models have changed, and continue to do so.
As such, boards remain fixed on business model risk, although CROs do not rank this risk so highly.