The FINANCIAL — Bank boards and management are increasing their focus on risk management and are holding front-office staff more responsible as they address regulatory pressure, investor demands and the high cost of past misconduct. This is according to EY’s 2015 risk management survey of major financial institutions, Rethinking risk management: banks focus on non-financial risks and accountability.
The sixth annual survey of banks carried out by EY and the Institute of International Finance (IIF) reveals ongoing effort and investment aimed at building more effective and resilient risk management. Chief risk officers and other senior executives at 51 banks in 29 countries participated in the survey.
Reinforcing accountability for non-financial risks and conduct risks among the front office – desk heads and business line heads – is the primary focus for most banks, with 77% (compared to 68% in 2014) listing it as their top initiative to strengthen risk culture.
The high cost of non-financial risks, which include regulatory, conduct, money laundering, compliance, systems and reputation, among others, has added pressure on banks. Sixty-nine percent of global systemically important banks (G-SIBs) surveyed reported losses from non-financial risks (including regulatory fines and penalties) of more than US$1b during the past three years. Eighty-nine percent of this year’s survey respondents have placed an increased focus on non-financial risks.
Patricia Jackson, EY Head of Financial Regulatory Advice for EMEIA Financial Services, says:
“Banks are under considerable pressure from investors to improve return on equity and reduce costs. The first wave of change we saw from banks in light of conduct losses was appointing thousands more compliance staff, but the second wave has turned the spotlight on the risks intrinsic to different bank activities.
“Having a strong firmwide risk culture is one of the key components of successful risk management. Banks recognize this, but both regulators and boards are demanding more robust governance, structures and controls to improve risk behavior. Making risk everyone’s business, from the top ranks to the front-line staff, is a significant shift in mindset and policies and requires long-term commitment and investment.”
Defined roles and responsibilities strengthens culture
Clearly articulating to employees that bad behavior will be penalized and enforcing the rules of risk management are the two key elements of risk accountability throughout the organization. Eighty-five percent report that a breach in risk conduct is immediately elevated to the risk department (an increase from 76% in 2014), while 69% report business-line or desk leaders handle a breach.
Most banks report that severe breaches in risk policies result in disciplinary actions (94%), yet less than half (44%) say individual behavior is significantly reflected in career progression.
Banks shift focus to proactively managing non-financial risks
Fifty-seven percent of banks are developing more forward-looking risk assessments instead of waiting to conduct post-risk event reviews. Other proactive steps banks are taking include more detailed loss reporting and forensic investigations after an event has occurred (72%), conducting in-depth reviews of individual operational processes (70%) and evaluating near-miss events (64%).
Boards also are paying close attention to the impact of rising litigation costs, steep fines and reputational damage, as well as the pressures from investors to improve returns, the survey finds. Fifty-seven percent of respondents list compliance risks as the top area of increased focus for boards over the past 12 months, and 50% (compared to 40% in 2014) report making changes to the board to increase risk expertise.
Basel III adds pressure to business models
In addition, banks are evaluating their business models to address investor demands for better return on equity, which has come under pressure because of the higher capital and liquid assets buffers required under Basel III. Changes banks are making in response to this need include exiting lines of business at 43% and exiting countries at 22% (compared to 11% in 2014).
Focus on risk governance and embedding risk appetite continues
Many banks are still working to integrate the business-wide risk appetite — the amount and type of risk an organization is willing to accept — into daily business decisions, despite the fact that risk appetite has been a top area of focus for boards and chief risk officers for the past several years. Only 43% of banks report they have successfully integrated risk appetite into the business, though 53% report strong progress in their ability to track and enforce it.
The majority (70%) of executives surveyed agree that successfully executing business-wide risk appetite must be a collaborative, top-down, bottom-up approach involving the board, CEO, chief risk officer and chief financial officer in discussion with business leaders.
David Schraa, Regulatory Counsel at the Institute of International Finance, says: “It’s clear that nobody is resting on their laurels. Here is a story of an industry that has come a long way in turning itself around and is now much stronger, an industry that is much less tolerant of failings, but also one that is rigorously changing itself to get back to the profitability that investors demand.”