New York – Managing risk over the next decade could prove more challenging due to 10 key risk factors, according to the new Ernst & Young LLP (EY US) and Institute of International Finance (IIF) bank risk management survey, “An endurance course: Surviving and thriving through 10 major risks over the next decade.” The risks (shown below), which started primarily as financial, have evolved into today’s nonfinancial risks such as cybersecurity, geopolitics and climate change.
10 key risk factors
- Weathering the likely financial downturn
- Operating in an ever-expanding ecosystem
- Protecting privacy to maintain trust
- Fighting a cyber war in banks and across the system
- Navigating the inevitable industry transition to cloud
- Industrializing data analytics across the business in a controlled manner
- Delivering services to customers, clients and markets without disruption
- Adapting to the effects of fast-shifting (geo)politics on banks and their customers
- Addressing the impact of climate change on banks and society
- Meeting emerging customer demands for customized, aggregated lifetime offerings
This year’s survey, the tenth, provides a window into what has changed in risk management globally over the past decade, and the major risks over the next decade. Participants included 115 financial institutions from 43 countries.
A decade of progress
Looking back over a decade of surveys, initially the primary objectives for banks managing financial risks focused on capital and liquidity. As governance and regulation models improved, banks have become healthier than they were pre-crisis and, in turn, have been able to de-risk and de-leverage their balance sheets. In the second half of the decade, nonfinancial risks, such as cybersecurity, data, and conduct and culture, came to the fore. “Banks are in a far better position today than a decade ago in the management and governance of risks,” said Mark Watson, Managing Director, Ernst & Young LLP, and EY Americas Financial Services Organization Board Matters Deputy Leader. “Banks still have significant opportunities to simplify their risk management approach and get to a truly integrated view of risk across the firm. It is important for banks to become much more efficient in managing risks, using innovative new approaches and improved data analytics.”
10 major challenges over the next decade
“In the next decade, banks will face 10 major risks that test the ability to survive and thrive,” said Mr. Watson. Chief among the risks impacting banks globally is the intense growing conversation around a potential new economic downturn.
“A financial downturn of some kind seems likely to occur in the next few months or years,” said Mr. Watson. “Chief risk officers and their teams will have to demonstrate they can guide the bank in the management of risks and exposures well before banks have to access their capital and liquidity backstops. This will test the stature and influence of risk professionals across all banks.”
Aside from remaining financially strong, banks will have to manage a set of demanding, complicated and significant nonfinancial risks in the future. “Banks now face an array of difficult issues – climate change, privacy, systemic cyber threats, and more. Each risk by itself will be challenging, but together they will test banks’ long-term viability,” said Watson.
“Globally, banks have greatly strengthened their risk management over the past decade, and that has made the industry safer and more resilient,” said Andres Portilla, Managing Director for Regulatory Affairs, at the IIF. “Banks now have to focus on a number of major risks that, if anything, will become even more important over the next decade, including cybersecurity, operational resilience, and ethical use and privacy of data.”
- One in four banks (23%) rank privacy as a top risk in the next 12 months, and one in two (53%) view privacy as a key emerging risk over the next five years.
- Over half (52%) of banks view environmental and climate change matters as a key emerging risk over the next five years, up from just over a third (37%) a year ago.
- Four in five (79%) banks have incorporated climate change into their risk management approach. Most (59%) have built it into their scanning of emerging risks, while two in five (41%) have already adopted policies for impacted businesses.
- Four in five banks now believe a systemwide industry-level attack or material event is likely in the next five years - almost a third (29%) view that as very likely.
- In general, risk professionals are most concerned about adapting their risk capabilities (60%) and culture (58%) to the industrywide transition to cloud.
- Risk professionals, regulators and policymakers are very focused on the risks of scaling up AI and ML technologies. Banks’ risk teams already see challenges in capturing new risks (64%) and getting the right talent to manage the risks (59%). They also see the lack of historical data in how these models act under different market conditions (54%) and uncertain regulatory expectations (47%) as additional challenges.
- 60% of banks view geopolitical risks as a major risk over the next five years. The top geopolitical risks that will impact banks over the next decade are escalating cyber warfare and the China-US relationship (tied at 47%).
The complete report is available at https://www.iif.com/Publications/ID/3638/10th-Annual-IIFEY-Global-Risk-Management-Survey.
EY, in conjunction with the IIF, surveyed IIF member firms and other top banks in each region globally (including a small number of material subsidiaries that are top-five banks in their home countries) from June 2019 through September 2019. Participating banks’ CROs or other senior risk executives were interviewed, completed a survey, or both.
In total, 94 firms across 43 countries participated (up from 74 banks in 2018). Regionally, those banks were headquartered in Asia-Pacific (21), Europe (26), the Middle East and Africa (14), Latin America (10) and North America (23). Of those, 19 are globally systemically important banks and 49 have been designated as systemically important domestically. Data in this report relates to the 92 banks that completed the quantitative survey, and the narrative includes insights gleaned from qualitative interviews with some of those and other banks. As shown in Figure 30, participating banks were fairly diverse in terms of asset size, geographic reach and type of bank. An additional 21 financial institutions participated informally by responding to the survey. Their data is not included in this survey report, but directionally it informed the narrative.
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. For more information about our organization, please visit ey.com.
This news release has been issued by Ernst & Young LLP, a member firm of EY serving clients in the US, with support of EYGM, a member of the global EY organization that also does not provide any services to clients.
About the Institute of International Finance (IIF)
The Institute of International Finance is the global association of the financial industry, with more than 450 members from more than 70 countries. Its mission is to support the financial industry in the prudent management of risks; to develop sound industry practices; and to advocate for regulatory, financial and economic policies that are in the broad interests of its members and foster global financial stability and sustainable economic growth. IIF members include commercial and investment banks, asset managers, insurance companies, sovereign wealth funds, hedge funds, central banks and development banks.