Publication

Banking in transition: overseeing non-financial risk in the midst of technological and business model transformation

April 2017

“We are going through one of the most transitional periods in banking’s history. The speed and unprecedented scale of change and the risks inherent make it very difficult to stay one step ahead.” 

—Director

Immediately following the financial crisis, regulators and banks focused on addressing the risks that could bring down a bank or trigger another systemic crisis: credit risk, liquidity risk, and market risk. But other risksconduct and compliance failures and systems issues among themhave had the biggest economic impact on the industry in the years since 2008. One participant coined the term “transition risk” to encompass the many hazards (conduct, compliance, systems, cyber, reputational, etc.) associated with the transformation of banks systems, operations, and structures. “It is really about your approach to conduct, financial crime, strategic risk, and transformation risk.  It is about, given the strategy we’ve chosen, what happens to the risk profile along the way, as we transition,” a participant said. Many changes, particularly those related to the technological transformation of large banks, are helping financial institutions to address sources of non-financial risk. But they also introduce new risks.  

Over the course of several months at the end of 2016 and the beginning of 2017, culminating with meetings on February 23, 2017 in New York and March 16, 2017 in London, Bank Governance Leadership Network (BGLN) participants discussed the practical challenges that boards and risk management teams face in overseeing non-financial risks in the midst of an accelerating change agenda. This ViewPoints synthesizes the perspectives and ideas raised in the meetings, as well as in nearly 30 additional conversations with directors, executives, supervisors, and banking professionals. A list of individuals who participated in discussions can be found in Appendix 1. A companion ViewPoints entitled Cyber risk management: the focus shifts to governance captures content relating specifically to oversight of cybersecurity. These discussions yielded some themes and insights of note, summarized in the following sections:

  • The pace and scale of change in large banks heightens execution risk

  • Balancing innovation and control complicates transformation initiatives

  • Oversight of non-financial risks must continue to evolve