The rate at which the world is changing makes it increasingly difficult for risk managers to quantify and predict exactly where the industry is heading. Traditional risk types are well understood, but new emerging risks and trends bring a new element of surprise to the table. Based on research calls and conversations with some of the most senior risk management professionals in the world, RiskMinds conference producer Eleanor Halsey explores 5 key issues that consistently concern risk managers today.
Although credit and market risks are still concerning CROs, their attention is more focussed on the currently unquantifiable. Still in the discovery phase, operational resilience needs to be better understood in order to put a number to it. However, the risk management community knows that due to its fast-paced development, operational risk needs an equally speedy response and flexibility in order to improve efficiency. The hope is, of course, to learn to anticipate the unexpected while staying methodical in approach.
Operational risk plays a part across all risk types, and in this dynamic environment any and all decisions to innovate need to consider operational resilience. For example, it’s clear for risk managers that the adoption of machine learning tools will render traditional manual risk management frameworks obsolete. Failing to manage operational risk can also directly impact compliance and fraud management. Furthermore, in a low interest rate environment, operational risk puts pressure on the bottom line.
So how could operational risk add value and tasks that customers would be willing to pay for? How do we recover when things go wrong and what makes us less likely to fail? These are the questions CROs need to find answers for.
Emerging risks: fintech disruption, AI, machine learning, and cyber
In the front of the house, customers are already seeing a wide range of technologies making banking safer and more convenient. For example, companies are already using finger print scanning and identification of devices to detect fraud.
However, in the back of the house, AI risk behaviour and analytics are slowly being developed to combat fraud, specifically IT fraud. Of course, there are other potential artificial intelligence use cases for risk managers. For example, AI could supercharge anti-money-laundering methods, and it could aid risk managers in compliance, but the biggest barrier is the industry’s lack of expertise and experience in adopting AI. It is also unclear what an AI-driven risk management sector would look like; would machines replace CROs and risk managers in some respect? Before AI implementation, risk managers would need to address this issue to avoid culture shock.
Another important issue to consider is the heightened cyber risk that comes hand-in-hand with technological innovations. Cybercrime has been a global issue for the last 5 years, and for many risk managers, it has become a top priority. Although it is a commonly known issue, many aspects of a cyber risk security governance are vague. For example, how does one define risk appetite for cyber and IT? How does the enterprise manage cyber risk day-to-day? And how could we embed risk security compliance programmes into the company’s culture?
Regulatory developments and demands: FRTB 2022
Although the phase out of IBOR is a global issue that would change the game for interest rates completely, and although we might still receive additional guidelines from Basel by the end of the year, the FRTB 2022 project is perhaps the most pressing of all regulatory developments. As we stand now, the majority of the market is not ready, and many will be looking for an extension.
It is clear that regulators and internal auditors have high expectations, which is a challenge on its own. But the bar is constantly being raised as regulators learn from the practices of the best performing banks. The rules are moving rapidly, and it’s not easy to keep up.
However, CIBC’s Senior Director and Head of Methodology and Analytics of Capital Markets Risk Management Hany Farag noted that “it appears that regulators remain on course to a close-to-neutral impact on IMA, and around 30%-50% impact on SA”. But for banks pursuing the IMA, the fundamental review of trading books still holds a challenge: capital output floors.
Risk and the business
Gone are the days when the risk management function was able to do everything in silo. The CRO is now expected to be much more involved and take a more integrated role with more responsibility to govern and manage increasingly more types of risks, such as political risk, along with more traditional style risks, such as credit compliance. To stay on top of the various risks, a simple checklist is sufficient for now, but as risks are becoming interconnected and too large for certain risk departments to deal with on their own, a risk map could help us visualise ‘the bigger picture’ better in order to plan and prepare more effectively.
The CRO is also becoming the centre of the enterprise’s internal knowledge exchange – a very demanding task on a day-to-day basis. For example, they are expected to know and understand the way technology is disrupting the business, but that’s not something that has historically been at the forefront of some CROs’ training. There is a great demand for risk managers to upskill themselves.
Make no mistake, incorporating sustainability and green policies into everyday business operations will be difficult and for banks, understanding climate change related risks and opportunities will be crucial. For example, changing customer behaviours have already started making an economic impact on plastic consumption. Weather patterns would be impacted, too, along with insurers and loaners for – for example, coastal areas where the increase in rain and floods pose a heightened amount of risk.
“This is causing us to revisit business recovery and disaster recovery plans to ensure they are still appropriate”, a CRO told us.
In general, there is a push across the board for sustainable developments and environmentally cautious decision making. The PRA has also published a document recently that requires firms to do stress testing with environmental risk and impact in mind.
TD Asset Management’s (TDAM) Head of Investment Risk Julie Sherratt reported that TDAM has already expanded its ESG capabilities by using third party ESG ratings, which ultimately contribute to a comprehensive dashboard that provides an overview of ESG considerations and the holdings that are most exposed to material risk.