Chief Risk Officer – mission impossible?

Live from RiskMinds International 2018, we review the current bank risk landscape and explores 6 key themes in the regulatory debate.
You don’t often hear of risk professionals being compared to Tom Cruise, but when it comes to the plethora of risks they have to face, they certainly have a mission impossible.
With an ever-widening risk landscape, the role of Chief Risk Officer seems an increasingly impossible task. CROs have to predict emerging risk, deal with increasing regulatory complexity, and manage changing business models and innovation.
An expert panel gathered at Risk Minds International 2018 in Amsterdam to debate the topics highest on the agenda of bank strategy.
The bank risk landscape
In recent years, there has been a shift in the risk landscape from thinking about purely financial risk to the non-financial.
Chiefly, that has meant putting customers front and centre of what banks and other financial institutions do, ensuring there is transparency for clients in terms of what they are getting and how much they are paying, for instance.
According to David Lawton, Managing Director at Alvarez & Marsal, this focus was now moving into a more systematic look at key issues such as the impact of operational risk on the customer.
“There is a consequential need for banks and other institutions to show they are accountable for these issues, and that they are thinking about their service to customers over a lifetime and not just for a one-off product,” he said.
“But this is much more challenging, and it brings to bear the types of disciplines more suited to prudential issues like stress testing,” he added.
Paul Sharma, Managing Director at Alvarez & Marsal said there was still plenty to deal with on the prudential side.
Firstly, there was the increasing arbitrariness of capital requirements: “I’m pessimistic as to the future utility of stress testing,” he argued. “It degrades the stress test if you change the assumptions to meet what supervisors were expecting. And anyway, we need to recognise the limitation of stress testing – it only covers particular types of risk and can’t cover them all.”
Paul went on to say that resolution is very much an unfinished business. “Obviously there has been a lot of concentration on MREL and rightly so, but then there is the real bit of resolution which is what happens when you run out of financial resources.”
Top regulatory debates
The panel went on to explore six key themes in the regulatory debate.
Bank profitability
Bank profitability, having plunged during the financial crisis, had remained low ever since. What could banks do about it?
“Consolidation doesn’t seem to be on the agenda,” said Paul, “but it might have to happen, and the competition authorities need to be prepared to let that happen.”
Part of the problem, added Paul, was that the industry had not yet dealt with its stock of non-performing, under-priced loans. Part of the solution had to come from dealing with that stock, particularly in countries where it had accumulated.
The unpredictability of capital requirements also needed addressing: “We know there are problems that are not reflected in the book values, we don’t know what the regulatory regime is going to demand next,” he said.
Financial crime and money-laundering
These issues were back on the agenda, agreed the panel, but then they had never really gone away.
“It’s a topic which is always going to be key for financial services regulators,” said David. “There is more focus right now because of the continuing evidence of historically weak controls on the part of institutions and growing evidence of historic weakness in the supervision of those controls.”
David added that there was a political and societal shift, which had brought more scrutiny to bear on opaque practices, such as tax evasion. This put more pressure on supervisors and regulators to turn up the dial.
It was all “difficult stuff” said David, but the ones getting it right were the ones gripping the issue at a senior level.
Innovation and digital regulation
The explosion of innovation and digitally-enabled services had left holes in the current regulatory framework.
One of those was data protection and maintaining a strict link between what the data was used for and what the customer had given permission for, argued Paul.
And then there was an issue with data discrimination. Companies that offered customers better or different deals if they had handed over their data would have to prove that the advantage came solely from the data they had been given.
“My prediction is that there will be an evidential burden on those firms to prove that the advantage is connected to the absence of data as opposed to being an inducement.”
This would also affect the “data poor”, added Paul, those that hadn’t had a chance to accumulate data, such as immigrants or refugees, or those without a strong pattern of work “How does the provision of services to them compare with those who don’t have those disadvantages?” he pondered.
Lastly, there was the problem of opacity with the use of neural nets to make decisions.
“It is extraordinarily difficult to explain why a neural net has made a decision the way it has,” explained Paul.
“Obviously it has been trained on data. It has been created using one set of data and tested using another, but is the way in which it is making its decision morally acceptable, or is it reinforcing existing prejudices?”
Greater tech brings greater vulnerability
A recent study by FCA shows large increases in system failures and cyber-attacks. Firms have reported significantly more outages (+138%) and cyber-attacks (+18%) over the last year.
“There’s definitely vulnerability from an IT perspective,” said David.
“The FCA seemed to suggest that some firms are too complacent. One of the issues is that they think they have a good handle on what their information assets are and where their data is held, but when things go wrong route maps have been found missing,” he explained.
Regulatory fragmentation
Regulatory fragmentation was an issue across the board. For instance, the outcome of stress tests in the US, UK and Europe was very different.
But Paul was optimistic that the reduction of systematic countrywide fragmentation would continue, the price we were now going to pay was having to deal with idiosyncratic differences from one bank to another, which would mean that we would lose intra-country comparability.
Sustainability
Finally, there was the issue of how sustainability was increasingly driving firm strategy.
It was interesting, thought David, that the topics the panel had discussed so far were the ones being set by the regulatory community.
“Regulators think about stability and systemic risk, and have the discipline of looking around corners and anticipating what is going to bring the system down. Thinking about longer term issues is very much the bread and butter of regulators.”
The panel left the audience with five key pieces of advice:
- Spend one third of your time on emerging risks
- Integrate risk and compliance
- Assess the effectiveness of risk process and culture
- Advise the business on how to optimize capital
- Integrate risk technology, data and modelling
And ultimately, adopting the attitude of Tom Cruise, and approaching the impossible as possible.