According to a new survey by Deloitte, financial institutions around the globe are seeking to increase focus on risk management owing to heightened regulatory scrutiny and greater concerns over risk governance. In response, banks and other financial services firms are increasing their risk management budgets and enhancing their governance programs.
Titled “Setting a Higher Bar” Deloitte’s eighth biennial survey on risk management practices reveals that about two-thirds of financial institutions (65%) reported an increase in spending on risk management and compliance, up from 55 percent in 2010.
The survey also reveals that the spending patterns differ with different-sized firms. The largest and the most systemically important firms have had several years of regulatory scrutiny and have continued their focus on distinct areas like risk governance, risk reporting, capital adequacy and liquidity.
But firms with assets of less than USD 10 billion are now concentrating on building capabilities to address new regulatory requirements, which were applied first to the largest institutions and are now cascading down the ladder.
Joe El Fadl; “The financial crisis has led to far-reaching major changes of doing business in financial institutions’ risk management practices, with stricter and ruled based regulatory requirements demanding more attention from management and increasing their overall risk management and compliance efforts. That said, risk management shouldn’t be viewed as either a regulatory burden or a report destined to gather dust on a shelf. Instead, it should be embedded in an institution’s framework, philosophy and culture for managing risk exposures across the organisation.
Knowing that a number of regulatory requirements remain in the queue, financial institutions have to be able to plan for future hurdles while enhancing their risk governance, enhancing management capabilities with better risk awareness using data analytics, and improving in data quality. Those that do will be well placed to steer a steady course though the ever-shifting risk management landscape.” — Joe El Fadl, Financial Services Industry Leader at Deloitte Middle East
Of the insttutions that participated in the survey, 58% said they plan to increase their risk management budgets over the next three years, with 17 percent anticipating annual increases of 25 percent or more. The decision is of critical importance as 39 percent of large institutions (particularly those based in North America) reported having more than 250 full-time employees in their risk management function.
The survey further found that risk management has climbed up on the boardroom agenda as 94 percent of company boards now devote more time to risk management oversight than five years ago, and 80 percent of chief risk officers report directly to either the board or the chief executive officer (CEO). Additionally, 98 percent of company boards or board-level risk committees regularly review risk management reports, an increase from 85 percent in 2010.
Fadi Sidani; “Regulators have been focusing more and more on the role of the board of directors in risk governance, engaging them to approve the institution’s risk appetite and risk policies, overseeing their implementation by management and increasingly looking to understand the challenge that the board makes in its oversight of the financial institution’s risk management of key issues.” — Fadi Sidani, partner in charge, Enterprise Risk Services at Deloitte Middle East.
The survey also yielded the following major findings:
- Almost three out of four risk managers rated their institution to be either extremely or very effective in risk management overall, an increase from 66% in 2010’s survey results
- The impact of increased regulation is having a significant effect on business strategy and the bottom line, with 48% of firms confirming that they have had to adjust product lines and/or business activities, a percentage that doubled from 24% in 2010
- The use of institution-wide enterprise risk management (ERM) programs is continuing to grow. Today, 62% of financial institutions have an ERM strategy in place, up from 52% in 2010, while a further 21% are currently building a program. The total of 82% of firms either with or building an ERM program is significantly up from 59% in 2008
- Institutions are increasingly confident about their effectiveness in managing liquidity risk (85 percent rate themselves as extremely or very effective vs. 77% in 2010); credit risk (83% against 71% in 2010); and country/sovereign risk (78% vs. 54 percent in 2010)
- Stress testing has become a central plank in many institutions’ risk management efforts. Eighty percent of the institutions surveyed stated that stress-testing enables a forward-looking assessment of risk, and 70% said that it informs the setting of their risk tolerances
- Technology used to monitor and manage risk is a particular concern and, according to the report, significant improvements in risk technology are needed. Less than 25% of institutions rate their technology systems as extremely or very effective while 40% of institutions are concerned about their capabilities in the management of risk data
- Progress in linking risk management with compensation has changed only incrementally since 2010’s survey results. Currently, 55% of institutions incorporate risk management into performance goals and compensation for senior management, which is little changed from 2010. The use of “clawback” provisions in executive compensation, however, has increased (41% vs. 26% of institutions in 2010)
Fadi Sidani; “Financial institutions are becoming increasingly confident in their risk management abilities, but they also recognize where there are gaps. Where concerns linger particularly is around operational risk, with a number of recent headlines – like management breakdowns and large-scale cyber-attacks – underscoring the important impacts this area can have on an institution’s reputation. This is a gap that may trigger significant operational risk combined with reputational risk that needs to be properly addressed.”
According to the report, operational risk, which is a key component of Basel II, has been a continuing challenge for institutions. The lack of ability to measure operational risk and the complexity of many operational processes are key causes of this. Only 45 percent of firms rated themselves as extremely or very effective in this area, down slightly from 2010.