Building business resilience: The evolving role of risk, compliance, and cybersecurity
Private banks are currently operating in an environment of significant pressure. Intensified regulatory requirements, elevated client expectations regarding seamless digital services, and heightened competition are converging amid narrowing margins. In this landscape, resilience has emerged as a critical competency for institutions aiming for long-term success.
As the Chief Risk Officer of a Swiss private bank, Banco Itaú Suisse, predominantly serving Brazilian clients – with onboarding operations in Brazil and an operational hub in Portugal – I regard risk and compliance functions as more than mere safeguards. They serve as strategic enablers driving efficiency, fostering trust, and supporting sustainable growth. By capitalising on the expertise within our head office in Brazil and maintaining strong global alignment, we have established a model that enables us to prosper despite external pressures.
Outlined below are the key pillars supporting this approach.
1. The evolving roles of risk, compliance, and cybersecurity
Risk, compliance, and cybersecurity roles have shifted from serving as final process checkpoints to assuming broader responsibilities:
- From policing to enabling: Risk functions now combine oversight with supporting business activities. Integrating compliance and cybersecurity early in operational design can enhance controls and provide a better client experience.
- From local silos to global integration: Financial crime and cyber threats have a global dimension. Coordinated efforts with head office help provide a comprehensive view of exposures, facilitate intelligence sharing, and improve resilience across different jurisdictions.
- From defensive posture to resilience drivers: Current teams are tasked with both preventing issues and contributing to client trust, regulatory credibility, and operational efficiency.
This shift requires risk functions to use new tools, adopt revised approaches, and collaborate more closely with business units.
2. Leveraging group standards for AML and cybersecurity
Itaú’s group head office in Brazil has established frameworks for anti-money laundering (AML) and cybersecurity that meet or surpass local regulations. The implementation of these group-wide standards results in two key outcomes:
- Consistency: Operating on a shared baseline reduces the need to replicate controls across areas, helping to minimise costs and limit fragmentation.
- Resilience: Using the resources, data, and monitoring capabilities of a larger institution supports efforts against cross-border financial crime and complex cyber threats.
This consistent approach aligns with regulatory expectations, reinforces client trust, and contributes to a stable foundation for business operations.
3. Client onboarding: Closer to the client
Client onboarding is a resource-intensive process for private banking, due to strict regulatory requirements for KYC and suitability checks, alongside client expectations for efficiency.
Our approach has been to centralise onboarding activities in Brazil, which shares the time zone and region with most of our clients. This arrangement offers advantages, for example:
- Proximity to clients: Locating teams nearer to clients facilitates faster and more accurate information collection.
- Efficiency and speed: Operating within the same time zone helps minimise communication delays, making the onboarding process more streamlined.
- Cost effectiveness: Concentrating resources in Brazil reduces duplication across regions.
Oversight is conducted in Switzerland to verify adherence to Swiss regulatory standards. The hub-and-oversight model is implemented to facilitate operations, while ensuring compliance with local regulatory requirements.
4. Portugal as an operational hub
Alongside Brazil and Switzerland, the Portugal hub provides support for back-office functions. Its roles include:
- Scalability: The hub enables service expansion without significant increases to Swiss costs.
- Talent and efficiency: Portugal supplies a skilled workforce and a cost-effective environment to help manage margin pressure.
Brazil and Portugal together serve as an operating backbone for the Swiss private banking entity.
5. A unique market risk system across the group
Effective management of market risk is essential for institutions with significant exposure in Latin America. Fluctuations in exchange rates and sovereign risks can materially impact the bank’s performance.
To mitigate these risks, our group has introduced a comprehensive, group-wide system for calculating market risk exposure. This system incorporates sophisticated risk factors to provide:
- Consistency across all entities: All units within the group utilise an identical model, ensuring transparency and facilitating reliable comparisons.
- Advanced stress-testing capabilities: The system enables simulation of market shocks, assisting in the optimal allocation of capital buffers.
A unified market risk management framework boosts efficiency, resilience, and enables consistent comparisons.
Looking ahead: Risk as a driver of resilience
Risk, compliance, and cybersecurity functions are increasingly being integrated within business operations rather than operating separately. These areas contribute to developing client trust, streamlining processes through standardisation, and enabling institutions to adapt to changing circumstances.
In our case, adopting group-wide AML and cybersecurity baselines, centralising onboarding in Brazil with Swiss oversight, leveraging Portugal for operations, and aligning all units under a unique market risk framework are the building blocks of resilience.
At RiskMinds International, I will be engaging in thought-provoking sessions and contributing to dynamic panel discussions. Additionally, I look forward to networking with fellow risk professionals and sharing insights on best practices in the industry.
Join Carolina and 1,200+ risk leaders this November at RiskMinds International – book your tickets now!
