The constant changes in the banking sector and in the wider world heightened traditional risks, but also created new ones that are not yet understood - or quantified, for that matter! The FutureRiskMinds - tomorrow's risk leaders - evaluate the various challenges the risk function is facing in the future, including cybersecurity, fraud, digitalisation, regulations, and geopolitical risks.
The emerging risks to watch are forms of cyber warfare and terrorism. Right now, cyber warfare is a huge threat. Over the years, we have heard of the compromised security of major corporations, elections, and even the UK's National Health Service.
Governments and individual terrorists acting alone or in their groups are finding weak spots in cyber securities and taking advantage. This proposes a risk to data, money and opens up industries to an increase in operational risk.
Terrorism alone was a whole new game after 9/11. Once leading experts mastered and understood terrorism in the 21st century, it has changed again. Governments, for better or worse, are following suit in this type of attack. The banking industry needs to become proactive to increase security and building models to prevent these kinds of attacks.
"Every breach happens because somebody in their company did something they weren't supposed to do", Frank Abagnale, renowned cybersecurity and fraud prevention expert, said.
Watch Frank Abagnale's keynote from RiskMinds International
Whilst fraud isn’t by any means a new risk to banking, it continues to evolve in many ways. As new technologies such as biometrics and various other increasingly sophisticated methods emerge to authenticate genuine customers, criminals will continue to find new ways to take advantage the financial system.
This leads to emerging risks in a few areas. Firstly, scams. Authorised Push Payment scams are becoming very convincing and they can fool anyone if they are targeted in the right way. Banks are already coming under increased scrutiny when dealing with cases where no one is at fault. If nothing is done at industry level, losses will only continue to increase. More joined up thinking is required.
Furthermore, money is at the heart of all organised crime. Terrorist financing, human trafficking, and modern slavery are all problems that society is facing. Much more vigilance in these areas will be required. Being able to proactively identify and close abused accounts will be key to preventing crime in one area... only for it to emerge in another.
The emerging risk to watch is how the risk management function itself is managed.
Over the next few years, financial institutions will face the challenge of balancing strong risk management against the increasing pressure of a low net interest margin environment, competition, and technological change. There is the risk that in managing these challenges, financial institutions may struggle to successfully transition from the traditional, hierarchical risk function model to a modern iteration of the Second Line of Defence (2LoD). Here, a greater focus will be placed upon partnering with the First Line of Defence (1LoD) to fully embed a generative risk culture.
When the margin is challenged, the industry typically tends towards two methods to support profits. The first is to chase risk and place pressure on sales to bolster income across both existing products and a range of new, creative lines. Risk appetite must remain robust and standards upheld against the desire to increase the lending book, which itself is increasingly difficult task amidst innovative competitor offerings.
The second is to cut costs, particularly from non-income generating areas such as the risk management function. Reducing headcount is often an obvious choice. This choice to reduce headcount is compounded where decision making is now expected at an ever-faster rate, and to facilitate, institutions increasingly look to integrate risk management into robotic solutions, augmenting and replacing staff with technology. This, too, poses risk, including that of ensuring experience and knowledge is maintained throughout the institution, as well as the ability to manage the digital infrastructure. You may note that this knowledge is often spread over different age generations, making the choice of staff demographics difficult.
The way risk management functions operate is changing. Whilst the ownership of risk has always sat with the 1LoD, the 2LoD has had a large role in building up the capability of the former over the last ten years. The next challenge many institutions face is that of reducing the support from the 2LoD in a controlled manner, ensuring lessons remain learnt and risk effectively managed. The 2LoD now needs to adapt from its role as a control function to that of a business partner, reorganising itself to operate in an agile manner, predominantly as specialists across a flatter hierarchy. How it does this safely in light of the desire to increase revenue and reduce head count is a question that is yet to be answered.
JF Bureau, Senior Vice President and Chief Risk Officer, PSP Investments, shares how to strengthen the relationship between the 1LoD and 2LoD while improving the risk management framework.
Read more >>
We live in an era in which digitalisation plays an important role. Over the past two years, more data have been generated than in all previous recorded history. The transformation to a digitalised world also influences the (traditional) banking model and paves the way for Fintech companies. Fintech describes the companies that provides financial services through software or other technology. This includes anything from mobile payment apps to cryptocurrency. Due to the gathering of relevant data (which enhances decision making), minimised overhead expenses, and the automation of processes, Fintech companies are highly profitable. Therefore, they can offer savings products with higher interest rates compared to traditional banks.
Today’s customers are used to personalisation through social media and to rapid fulfilment through e-commerce. They expect the same kind of service and customised products from their banks. In addition, the upcoming competition of Fintechs places banks at the next strategic crossroad: should banks beat, join, or ignore the Fintech companies? Banks are trying to catch up in the digitalised era because of the following benefits:
The digitalisation within banks is also associated with an increase in risk. Therefore, the term ‘digital risk’ is introduced. Digital risk is a term that covers all digital entablements that improve effectiveness and efficiency. The risk is a result of the adjustment of processes, data, analytics and IT, and the overall organisational setup of the first line.
In order to catch up with the new innovations, the risk departments should also look into technologies that enhance a more digitalised work environment. A digitised risk function provides better monitoring and control and makes it easier to comply with relevant regulation. However, within banks, there is less interest in making a second line function more digitalised and efficient. The second line is seen as a costly function, because it does not bring economical benefits right away. Therefore, most banks are digitising their risk functions at a relatively slow pace, taking modular approaches to targeted areas.
Actions to reduce cost requires cutting through the complexity and therefore can be hazardous, given the nature of risk and the expectations of regulators. So how do you transform at all?
Find out >>
An effective digital risk programme begins with Chief Risk Officers asking the right questions — those that point the institution towards specific initiatives for digital innovation. How can we increase straight-through processing rates? How can we improve the efficiency and streamlining of KYC activities to reduce pain points in the account-opening process? The answers will help shape initiatives, which will be prioritised according to current resource-allocation levels, losses and regulatory fines, and implementation considerations, such as investment and time.
The journey to digital risk will take multiple years, but financial institutions can begin to capture significant value within a few months. This can be done by launching tailored initiatives for high-value targets. As the risk function becomes progressively digitised, it will be able to achieve higher levels of efficiency, effectiveness, and accuracy. In the future, risk management will be a lean and agile discipline, relieving cost pressures, improving regulatory compliance, and contributing to the bank’s ability to meet escalating competitive challenges.
The emerging risk to watch is the Central Counterparty Clearing House (CCP) risk stemming from different angles. Through capital incentives for cleared trades (low risk weights for Counterparty Credit Risk RWA, Credit Valuation Adjustment (CVA) RWA exemptions…), and increasing margining requirements on Over-The-Counter (OTCs) derivatives (introduction of bilateral Initial Margin (IM) via the uncleared margin rules of the EMIR regulation), the share of derivatives cleared vs OTCs has increased tenfolds in the recent years. Financial institutions have piled up gigantic volumes of trades with a few large CCPs, and it is now about time to challenge the axiom that CCP are risk-free before while CCPs continue to offer a broader range of products available for clearing.
Subsequent to the recent default of a Nasdaq member trading on the commodity market, other clearing members experienced a common loss of $107m through the default fund mechanism. Shortly after, the Fed has reportedly called for major banks to monitor their CVA risk on CCP, to encourage dealers to quantify their counterparty credit risk exposure to large CCP through Comprehensive Capital Analysis and Review (CCAR). Although a few recent proposals have been put forward to quantify the loss of an institution linked to its CCP membership, opacity of other members portfolios and complexity of default waterfall introduce a very large model risk and associated uncertainty.
CCPs are also not immune to operational risk. One of the largest CCP has reported 7 operational failures, causing disruption in its trading capabilities for over 7 hours cumulatively over the past year. Increasing volumes, trades complexity, but as well as the push for the CCP to be at the fore-front of the new interest rate benchmarks will inevitably increase the associated operational risk.
Finally, there is growing concern of the impact of Brexit on the London based CCP and its implication on the equivalence principle. Such risk needs to be managed by the concerned CCPs but also its clearing members – the 1st of November will certainly be a challenge in the clearing world as well. The lack of a consistent regulation for CCPs across Europe and the US might equally open up a race to the bottom as participants will seek to arbitrage these regulatory discrepancies, fostering CCP default risk.
The emerging risk to watch is how rapidly changing consumer expectations continue to disrupt established business models in a hyper competitive environment. Although not new in some industries, for banking it remains a significant threat and is being exacerbated by an unusually uncertain external environment.
Retail banks have provided broadly the same products through traditional sales channels for a long time with little market disruption. Previously high barriers to entry have recently softened and new entrants, less encumbered with legacy IT systems and regulatory costs have emerged. Smaller, more agile institutions can deliver change faster and at a lower cost due to the smaller scale and lack of legacy issues. These institutions are already building a customer base, for example Monzo has 2 million current accounts in the UK (>2% market share) mostly built in the last two years. These new entrants have no reputational “baggage” and are viewed by many customers as the future.
Customer behaviours and expectations are already changing rapidly as technology facilitates a different way to engage with your personal finances. UK Finance found branch visits fell 26% from 2012 to 2017, whilst 71% of the UK population accessed their bank through a digital or online channel and 40% regularly used a mobile app – more than doubling over four years.
Open banking facilitates the disintermediation of banking services, where relationship providers could avoid the regulatory burden of the balance sheet by aggregating and distributing other firms’ products. It further reduces friction to switching and will reduce inertia. This raises a question for incumbents over whether synergy remains between the relationship and balance sheet components of the banking business model. If not, banks could move in two directions:
Incumbents are reacting to these changes, maintaining or growing strategic investment spend whilst making significant cuts to BAU costs. In the UK, for example, Lloyds Banking Group has more than doubled its strategic investment from £0.9bn in 2011 to £2.2bn in 2018 and simultaneously cut its BAU costs from £8.5bn to £6.0bn. This pattern is likely to be key to remaining competitive – but it may not be enough.
These market changes are taking place against a backdrop of an increasingly uncertain macroeconomic and political landscape. Whilst banks have survived many recessions and periods of weak growth, any immediate downturn could come before the sector has truly recovered and weaned itself off the support of central banks.
It is this combination of changing consumer expectations, growing competition and potentially weak economic outlook which presents the key risk to watch – ‘business model’. Firms need to act quickly and decisively to maintain market position or risk their business model and strategy becoming out dated. For most large institutions, failure won’t come in the form of an overnight collapse, but a slow lingering death as their customers slip away.
Inga Beale on the cultural and digital transformation of Lloyd's of London
The emerging risk to watch is the regulatory pressure from central banks. Tightening regulation regarding capital have an especially enormous impact on the performance of banks, pressuring to achieve desired return targets. This mostly relates to the Basel accords, but regulations for non-performing exposures have an impact on the capital position of the bank, too. On the one hand these regulations should make banks more safe, but on the other hand this is also a large burden to remain competitive in a market that is already under pressure from new unregulated competition.
My thesis tries to investigate whether investors react significantly towards the announcement of new Basel regulations over the years. It was found that the regulations initiated by the BCBS have had a compelling influence on the banking environment. Due to continuously changing regulations, the banking sector have to deal with very dynamic risk management. Moreover the BCBS' capital adequacy standards have had large impact on banks’ business models and performance. This also directly impacted the banks’ ability to pay out dividends to their shareholders. This makes the investors direct stakeholders in the changing regulatory environment.
Based on the empirical results, it can be concluded that overall, investors react negatively towards announcements about new Basel regulations. The market reacts heterogeneously over time, especially to the announcements regarding Basel III which were published during the crisis and were received negatively.
In my opinion, this market reaction is a big risk for banks and could increase the cost of equity for banks significantly. It has a large pressure on the returns banks have to make, especially since banks are probably unable to price in all this impact. This regulatory pressure is very bank specific and competitors from different industries as Big Techs could benefit from this advantage which could harm banks even more.
Emerging risks are thought of as “risks that are known to some degree but are not likely to materialise or have an impact for several years”. More than a decade since the financial crisis, a lot of trends have started to gain momentum and have since changed the landscape of risk management. From climate change, to fast shifting geopolitics, cyber risks, and unpredictable financial instability, the modern-day risk manager needs to develop a multifaceted skillset to solve complicated, and often unconventional, problems.
While all of the above are risks that need to be closely monitored and understood, one key emerging risk to watch is how geopolitical risks are shaping markets. According to the World Economic Forum’s Global Report for 2019 the top global risk in terms of impact has been “weapons of mass destruction” for three consecutive years (2017-19), while at the same time, political frictions and loss of confidence in alliances were quoted as two of the top risks expected to increase in 2019.
Initially, one may be tempted to consider the US-China Trade War, Brexit and Gulf Tensions as prime examples of emerging geopolitical risk. However it is worth noting that in this context, as these events are unfolding and materialising, they can no longer be considered emerging, at least in the medium to long term. The real threat of emerging geopolitical risk lies in their pivotal relationship and interconnectedness with all other types of emerging risk.
Find out more >>
Political relationships worldwide seem to be the most fragmented and polarised they have been in the last few decades. Consequently, there seems to be a lack of coordination in dealing with climate change issues. The US is widely expected to withdraw from the Paris Agreement, a framework designed to combat climate change. The 2019 Amazon fires highlighted further cracks in international cooperation to tackle climate change. According to a 2018 AXA Survey, climate change is the biggest emerging risk with 63% of respondents placing it in their top 5.
Another effect of geopolitical tension is the rise in cyber risk. While data breaches have long been a concern, non-traditional cyber risks have been gaining momentum. Allegations of interference in the US elections by Russia as well as the United States ban of Huawei has produced an undertone of a more severe type of cyber risk emerging. Cyber propaganda through fake news has provided a new platform to accelerate and develop new cyber threats. Furthermore, the Cambridge Analytica scandal, while not geopolitical at its core, has highlighted the importance of regulating data and has reopened the debate about how data is used.
Emerging risks are now posing a greater threat than ever – globalisation and interconnectedness, together with technological advancements have increased the correlation between risks and have accelerated their materialisation. Risk management is now entering a new phase, and the challenges we face revolve around developing the tools to identify and quantify these risks.
Emerging risks are newly developing or changing risks that organisations have not yet recognised or those which are known to exist, but are not well understood, quantified, or measured.
If we take into consideration the banking industry exclusively, the most significant and underestimated risk in my opinion is the risk of legislative changes, especially in part of regulatory requirements.
Since the beginning of 21st century we've seen the increasing role of Basel and its work on revisions to supervisory regulations governing the capital adequacy of internationally active banks. Being a central element of the response to the global financial crisis, Basel addresses shortcomings of the previously existing regulatory framework and provides a regulatory foundation for a resilient banking system that supports the real economy.
Every year we see the growth of complexity of legislation as well as regulatory burden on banking system.
On the one hand, capital adequacy rules proposed by the Basel Committee provide enhancement to the international financial stability and soundness. But there are always two sides of the coin and the payback time has already come which results in the epic fall of net interest margin and economic attractiveness of banking sector as a whole.
The European banking sector with its slightly above zero ROEs is already in deep depression while the US is approaching. If we keep on underestimating the risks and consequences of changes in prudential requirements, there very soon will be no banking industry at all, just cashboxes.
How can supervisors and banks promote a strong governance and ethical behaviour? Stefan Walter, Director General, European Central Bank, addresses this question while exploring the connection between governance, culture, and ethics.
