Heightened regulatory scrutiny and greater concerns overDeloitte, risk governance, financial institutions, Featured, risk management to elevate their focus on risk management, according to a new study from Deloitte.
In response, banks and other financial services firms are increasing their risk management budgets and enhancing their governance programs.
Deloitte’s eighth biennial survey on risk management practices, titled ‘Setting a Higher Bar,’ reveals that 65 per cent of financial institutions reported a significant increase in spending on risk management and compliance – up from 55 per cent in 2010.
A closer look at the figures reveal that there is a divergence when it comes to the spending patterns of different-sized firms. The largest and the most systemically important firms have had several years of regulatory scrutiny and have continued their focus on distinct areas like risk governance, risk reporting, capital adequacy and liquidity.
In contrast, firms with assets of less than $10bn are now concentrating on building capabilities to address a number of new regulatory requirements, which were applied first to the largest institutions and are now cascading further down the ladder.
Joe El Fadl, Financial Services industry leader at Deloitte Middle East, says: “The financial crisis has led to major, far-reaching changes of doing business in financial institutions’ risk management practises, with stricter and rule-based regulatory requirements demanding more attention from management and increasing their overall risk management and compliance efforts.
That said, risk management shouldn’t be viewed as either a regulatory burden or a report destined to gather dust on a shelf. Instead, it should be embedded in an institution’s framework, philosophy and culture for managing risk exposures across the organization.”
El Fadl adds: “Knowing that a number of regulatory requirements remain in the queue, financial institutions have to be able to plan for future hurdles while enhancing their risk governance, enhancing management capabilities with better risk awareness using data analytics and improving in data quality. Those that do will be well placed to steer a steady course though the ever-shifting risk management landscape.”
The majority of the institutions participating in the survey (58 per cent) plan to increase their risk management budgets over the next three years, with 17 per cent anticipating annual increases of 25 per cent or more. This is not a trivial matter as 39 per cent of large institutions – particularly those based in North America – reported having more than 250 full-time employees in their risk management function.
Alongside increased spending, risk management has also significantly risen up the agenda in the boardroom. According to the survey’s results, 94 per cent of company boards now devote more time to risk management oversight than five years ago and 80 per cent of chief risk officers report directly to either the board or to the CEO. Additionally, 98 per cent of company boards or board-level risk committees regularly review risk management reports – an increase from 85 per cent in 2010.
Fadi Sidani, partner in charge, Enterprise Risk Services at Deloitte Middle East says: “Regulators have been focusing more on the role of the board of directors in risk governance, engaging them to approve the institution’s risk appetite and risk policies, overseeing their implementation by management and increasingly looking to understand the challenge that the board makes in its oversight of the financial institution’s risk management of key issues.”
Sidani explains: “Financial institutions are becoming increasingly confident in their risk management abilities, but they also recognize where there are gaps. Where concerns linger particularly is around operational risk, with a number of recent headlines – such as management breakdowns and large-scale cyber-attacks – underscoring the important impacts this area can have on an institution’s reputation. This is a gap that may trigger significant operational risk combined with reputational risk that needs to be properly addressed.”
According to the report, operational risk, which is a key component of Basel II, has been a continuing challenge for institutions. The lack of ability to measure operational risk and the complexity of many operational processes are key causes of this. Only 45 per cent of firms rated themselves as extremely or very effective in this area, which is a slight decrease from 2010.
Deloitte’s survey assesses the risk management programs, planned improvements and continuing challenges among global financial institutions. The eighth edition surveyed chief risk officers – and their equivalents – at 86 financial institutions.
It represents a range of financial services sectors, including banks, insurers and asset managers, with aggregate assets of more than $18 trillion. The survey was conducted from September to December 2012.