About a-team Marketing Services

A-Team Insight Blogs

Financial Institutions are Moving Towards Re-engineering Their Risk Management Systems – But at What Cost?

Subscribe to our newsletter

In a volatile market environment and with the edict to “do more with less,” many financial institutions are finally launching new efforts to reengineer their risk management programs, according to a new survey by Deloitte Global – with emerging technologies firmly in the driver’s seat.

The report represents the 11th biennial edition of Global Risk Management Survey, and covers 94 financial institutions around the world representing a total of US$29.1 trillion in aggregate assets.

Seventy percent of the financial services executives surveyed said their institutions have either recently completed an update of their risk management program or have one in progress, while an additional 12% said they are planning to undertake such a renewal effort.

A big part of this revitalization will be leveraging emerging technologies, with 48% planning to modernize their risk infrastructure by employing new technologies such as robotic process automation (RPA), cognitive analytics, and cloud computing.

“Financial institutions face a formidable set of challenges posed by today’s more complex and uncertain risk environment,” says Hani Khoury, Partner and Risk Advisory Leader, Deloitte Middle East. “With budget cuts common—and a big focus on effectiveness and efficiency as the torrent of regulatory change has slowed—this will require institutions to rethink their traditional assumptions and employ fundamentally new approaches.”

“Digital technologies have the potential to fundamentally reengineer virtually every aspect of risk management,” adds Khoury. “Financial institutions are now at the early stages of this transformation of their risk management functions.”

Only a minority of institutions are employing these types of technology currently, and often in small doses within their organization. The technologies that institutions surveyed most often reported using were cloud computing (48%), big data and analytics (40%), and business process modeling tools (38%). Most surprisingly, given the attention paid to the potential of RPA to reduce costs and improve accuracy by automating repetitive manual tasks without human involvement, only 29% of respondents said their institutions are currently using it.

Other tools are being used by even fewer institutions such as machine learning (25%), business decision modeling tools (24%), and cognitive analytics (including natural language processing/natural language generation) (19%).

“These tools can reduce costs by automating manual tasks such as developing risk reports or reviewing transactions,” notes Khoury. “They can also automatically scan a wide variety of data in the internal and external environments to identify and respond to new risks, emerging threats, and bad actors. Some banks have developed real leading-edge platforms for identifying potential conduct risk situations, for example.”

Growing Importance of Cybersecurity

Financial services executives were also asked which three risk types they believed would increase the most in importance for their institution over the next two years. The broad consensus was that cybersecurity is the number-one challenge.

Two-thirds of respondents (67%) named cybersecurity as one of the three risks that would increase the most in importance for their business over the next two years, far more than for any other risk. Yet, only about half of the respondents felt their institutions were extremely or very effective in managing this risk.

Although cybersecurity also held the pole position in the survey’s 2016 edition, there was a dramatic uptick in the current survey. More respondents considered it as one of the three risk types that would increase most in importance (67%, up from 41%) and cited it as the number-one risk (40%, up from 18%).

For specific types of cybersecurity risks, respondents most often considered their institutions to be extremely or very effective in managing disruptive attacks, financial losses or fraud, cybersecurity risks from customers, loss of sensitive data and destructive attacks, each above the 50% mark. They were less likely to consider their institutions to be this effective when it came to threats from nation-state actors (37%) or cybersecurity risks from third-party providers (31%).

“In addition to their well-established supervision of operational risk, many financial regulators in the Middle East are either establishing or have already established cyber security specific regulation and oversight functions with a focus to address the risks that cyberattacks could pose to the financial system as a whole,” comments Fadi Mutlak, Partner and Cybersecurity Leader, Deloitte Middle East. “Given the increasing interconnections among financial institutions, their technology partners and financial markets around the world, good cyber governance and oversight is imperative to the ability to respond and recover effectively when a threat is detected or an attack is realized. It is well known that a cyberattack has the potential to quickly damage the global financial system.”

Increasing Regulatory Requirements

When asked to assess the overall effectiveness of their institution in managing risk, 82% of respondents considered it to be extremely or very effective, an increase from 69% in 2016. However,  83% of respondents expect that regulatory requirements on their institutions will increase over the next two years, with one-third expecting a significant increase.

Financial institutions confront significant challenges in effectively employing the “three lines of defense” risk governance model – which details the appropriate roles in risk management of business units, the risk management function, and internal audit – according to the survey. This model has long been a regulatory expectation and a prevailing practice. Forty-three percent of survey respondents said their institutions either have revised their three lines of defense model, are reassessing or are planning to reassess their models. Deloitte Global expects the impact of emerging technologies to be a key consideration in these changes.

“Financial institutions will need to consider how to effectively reengineer their ‘three lines of defense’ in this technology-powered environment,” says Khoury. “One of the biggest issues in the three lines of defense will be making sure that business units are engaged in their ‘first line’ role—as the survey found that more than half said their institutions have increased, or plan to increase, the risk management responsibilities of business units to manage the risks they assume.

“There is a great deal of work to do in this arena in the volatile environment that companies face today.”

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Effective due diligence, screening and monitoring to mitigate financial crime risk

Managing financial crime risk requires a comprehensive approach to due diligence, screening, and continuous monitoring. Financial institutions face increasing regulatory scrutiny and staying compliant in today’s dynamic environment requires advanced technologies. Failure to comply is resulting in severe enforcement penalties. This webinar will explore practical strategies and tools for mitigating financial crime risk, focusing on...

BLOG

AI in FinCrime Prevention – 23 Thought Leaders to Watch in 2024

Financial crime (FinCrime) has escalated into a formidable challenge for global financial institutions, with estimated costs soaring to staggering levels. Regulatory bodies worldwide, including the U.S. Federal Reserve and the European Central Bank, have intensified scrutiny over financial institutions with compliance failures in this high-stakes environment coming with hefty penalties including fines reaching into the...

EVENT

TradingTech Summit MENA

The inaugural TradingTech Summit MENA takes place in November and examines the latest changes and innovations in trading technology and explores how technology is being deployed to create an edge in sell side and buy side capital markets financial institutions in the region.

GUIDE

Regulatory Data Handbook 2024 – Twelfth Edition

Welcome to the twelfth edition of A-Team Group’s Regulatory Data Handbook, a unique and useful guide to capital markets regulation, regulatory change and the data and data management requirements of compliance. The handbook covers regulation in Europe, the UK, US and Asia-Pacific. This edition of the handbook includes a detailed review of acts, plans and...