The financial crisis laid bare the inability of many financial institutions to properly identify, understand, and control the risks they were facing. Weak risk governance and risk management put individual firms in jeopardy – with many failing – and undermined the stability of global markets.
The industry has responded by investing heavily in strengthening its approach to overseeing and managing risks. Board-level oversight has changed significantly: more knowledgeable directors have been appointed, new committees created, and reports and systems have been upgraded. The rigor around articulating and measuring each firm's risk appetite, and ensuring its tight linkages to strategy and key business decisions, has improved materially.
Regulators have stepped up their game in monitoring macro-economic and firm-specific risks. New institutions have been formed, stress testing is now commonplace, and risk reporting to regulators has grown exponentially.
However, improving risk governance is a journey. Firms started from different positions, have differing business models, and face different risks. Yet common challenges remain, including implementing work on risk appetite, managing complex data flows, finding time for director-level risk dialogue, and spotting emerging risks. Industry-wide dialogue helps.
Banking in transition: overseeing non-financial risk in the midst of technological and business model transformation
Non-financial risks have been among the greatest sources of risk for large banks since the financial crisis. Conduct and compliance issues, systems failures, and cybersecurity have risen to the top of risk committee agendas, but remain difficult to monitor, measure, and predict. Even as technology offers new mitigation tools, the transformative changes underway in large banks are creating new and different sources of non-financial risks. As banks overhaul systems, operations, business models, and structures to become more agile and efficient, the pace and scale of change is creating execution risk. As banks navigate their way through this transformation, boards and executives are identifying ways to improve management and oversight of these risks.
Cyber risk management: the focus shifts to governance
Cyber risk has attracted a great deal of attention in recent years, and banks, who are among the most-targeted, have made substantial investments in cybersecurity. Despite this investment, cyber vulnerability continues to present unique challenges for risk management and oversight. As technology is increasingly embedded in all aspects of banking, cyber risk is expanding, requiring greater board attention. In response, boards are taking steps to improve governance and oversight of cybersecurity. At the same time, regulatory authorities are becoming increasingly prescriptive in defining cyber risk expectations and emphasizing the role of governance and controls.
Revolutionary change is transforming the financial services landscape
In October 2016, Tapestry Networks and EY hosted the Financial Services Leadership Summit, which brought together more than 80 financial sector leaders to discuss the extraordinary changes happening across the financial services landscape. Participants included directors and executives of the largest global banks, insurers, asset managers, regulators, fintech entrepreneurs, and other subject matter experts. ViewPoints synthesizes these and other discussions with participants in the Bank and Insurance Governance Leadership Networks over the second half of 2016. Technology is lowering the barriers to entry for emerging competitors and transforming the way incumbents do business, rapidly altering the competitive marketplace. At the same time, unprecedented macroeconomic and geopolitical conditions, driven by underlying structural changes, are creating a degree of uncertainty about the environment through which leaders must guide these institutions. Regulation will need to continue to evolve in response. A summit participant summarized, “Revolutions only get called with hindsight … We are in a period of accelerated evolution that will be called a revolution in financial services.”
Sustaining growth and innovation in the insurance sector
The insurance sector faces one of its most difficult periods in recent memory. Economic, regulatory, technological, structural and shareholder challenges are driving insurers to redesign many aspects of the business and key elements of strategy.In this ViewPoints,leading insurers share perspectives on the outlook for the sector, opportunities in asset management governance, and new models for growth and innovation.Insurers, together with leading banks, also explore broader challenges facing financial services, including market liquidity risks and the need for increasing board-shareholder engagement.
Building sustainable models for banks and their investors
At the seventh BGLN Summit, participants focused on how banks are adapting strategies, business models, and operations to a changing competitive landscape. Non-executive directors and senior executives from among the largest global banks were joined by regulators and other participants representing investor and other stakeholder perspectives for discussions on some of the challenges and opportunities for banks as they seek to improve returns and attract investment. This ViewPoints synthesizes themes emerging from the summit discussion including how regulation is driving changes to bank structures, the need to build more agile banks to attract investment, increasingly active investors and requests for board-shareholder engagement, and potential systemic risk stemming from reduced market liquidity.
Top and emerging risks: improving identification and oversight of key risks facing large banks
Bank boards continue to face increasing accountability for ensuring banks are effectively overseeing risks. Yet, despite improvements in risk identification, participants in the BGLN question whether they are truly engaging in the right ways on the key risks that could bring down an individual bank or have a broader systemic impact. BGLN discussions over the last six months, including two meetings in June, focused on top and emerging risks and how boards and supervisors can improve oversight. This ViewPoints captures the essence of these discussions with individual sections focused on top risks including emerging sources of systemic risk, persistent conduct challenges, increasing strategic risk intensified by possible disruption, and the growing cyber threat.
Leading insurers address reputation and its risks
Reputation has long been thought of as the cornerstone of any brand. But in the current environment, reputation has increasingly become not just an asset but also a risk to be managed. For some companies, reputational risk can threaten not just their well-being and but existence. Although reputational challenges have arisen in the past, the viral nature of modern communication has radically changed the dynamic for large public firms. In this ViewPoints, leading insurers share perspectives on why reputation is so difficult to manage and how companies can more effectively govern reputation and its associated risks.
Navigating amongst icebergs: leading insurers address emerging risk
Regulatory risk requirements and the evolution of emerging risk management (ERM) have contributed to a significant maturation of risk management within leading insurers. Despite this progress, boards still wonder if they are prepared to spot the next big challenge, especially in a world where risks seem to multiply exponentially. In this ViewPoints, leading insurers share perspectives on how boards can enhance the governance of emerging risks, along with which emerging risks are most likely to materialize and cause significant harm.
Risk and opportunity in an increasingly digital world
As the world becomes more digital, insurers are faced with important questions about strategy, risk, market and organizational structure, workforce, and culture - issues that, in the final analysis, require the full board's careful attention. Like the technology itself, insurers' understanding of the impact of digitization is evolving rapidly. Despite progress on digital strategies, a tremendous amount of work remains to be done. In this ViewPoints, leading insurers share their perspectives on how the industry remains relevant and how companies can lead in a rapidly transforming world.
Addressing conduct and culture issues in banking
Persistent misconduct caused commentators, bank leaders, and regulators to question whether something is fundamentally wrong with the culture of banks and banking. BGLN discussions over the last six months, including two meetings in March, focused on how bank boards, management, and supervisors can address cultural issues within their institutions and across the industry. This is a long-term, multifaceted challenge that will require changes to hiring, accountability, incentives, governance, and business models.
Developing effective and sustainable risk cultures in banks
For banks and supervisors, a focus on embedding effective risk cultures into banks has become the next area of focus for improving risk governance. Over some time, the BGLN has been discussing risk culture among over 50 members in the banking and supervisory community, bringing together a roundtable in March 2014 to discuss collective challenges. This ViewPoints captures the essence of these discussions and aims to provide a common base to think about instilling, monitoring, assessing, and sustaining effective risk cultures in banks.
Strategic responses to macroeconomic challenges
Current macroeconomic challenges related principally to evolving fiscal and monetary policies, and their influence on interest rates, growth, uncertainty, and volatility, could lead to a variety of future economic scenarios, and thus are at the top of the insurance industry’s risk agenda. For board members, these challenges raise many considerations of portfolio optimization and geographic strategy. Several IGLN participants stressed the importance of seeking knowledge and expertise from diverse inputs – beyond their own economists – and vigorous dialogue.
Heightened expectations for risk management and controls
Despite progress in improving risk governance, banks are still grappling with effectively implementing risk appetite frameworks, and improving measurement and mitigation of increasingly important operational risks. Ongoing operational issues continue to underscore the need to improve controls. At its core, effective risk management is about building a strong risk culture, and shaping that culture is a long-term challenge confronting banks.
Enabling more effective risk appetite frameworks
A major area of focus in the BGLN for improving risk governance has been the adoption of formalized risk appetite frameworks (RAFs), where discussions have revealed a lack of clarity on the objectives, expectations, and core elements of RAFs between supervisors and banks. In order to bridge these gaps, the BGLN conducted a year-long set of one-on-one and group discussions with banks and regulators. The findings include: attributes of mature RAFs, common challenges in implementation, and approaches for evaluating effectiveness.
Top and emerging risks for global insurance
The multitude of risks facing insurers is greater than ever. While certain key risks tend to dominate the landscape, insurance boards want to be sure they understand a broad range of challenges that will shape business strategy in the future. This ViewPoints explores specific industry risks related to information technology, operations, outsourcing, consumer protection, internal modeling, and competition.
Improving risk identification processes
Improved risk governance practices are emerging in response to heightened scrutiny, new risks, and changing regulations. The success of the risk governance process depends on its ability to be forward-looking so leading insurers and their boards can better identify top and emerging risks. This ViewPoints explores current practices and mechanisms for identifying risks, the role of the board and risk committee in the identification process, and the challenges facing boards and management.
Cybersecurity: an emerging risk for global banks and the financial system
The issue of cybersecurity as a top and emerging risk in banking and the financial system arose during a series of Bank Governance Leadership Network (BGLN) discussions among directors, executives, and supervisors in early 2012. On June 18, 2012, six non-executive directors, two chief risk officers, and three supervisors met in New York to further examine this difficult to manage, but increasingly important risk for global banks. This ViewPoints summarizes key themes emerging from those discussions and ideas on how to address the threat.
Top and emerging risks for global banking
In a series of discussions in 2012 bringing together chief risk officers, non-executive directors, and supervisors, BGLN participants exchanged perspectives on top and emerging risks for global banks, including concerns about bank funding, liquidity, and collateral management; strategic, operational, and potentially systemic risks emerging from global regulatory changes; cybersecurity and geopolitical risks; and short- and long-term risks associated with the continuing economic and market conditions.