Top and emerging risks: improving identification and oversight of key risks facing large banks

July 2015

“There are things we could envision happening that could call into question the very existence of the organization, and they are not quantifiable, nor can the bank put a timescale on them … They make normal business risks seem inconsequential.” 

—Bank director

Bank boards continue to face increasing accountability for ensuring banks are effectively overseeing risks. Yet, despite improvements in risk identification, reporting, and interaction between banks and their supervisors, participants in the Bank Governance Leadership Network (BGLN) question whether they are truly engaging in the right ways on the key risks that could bring down an individual bank or have a broader systemic impact.

Over several months, culminating with meetings on June 9, 2015 in New York and June 17, 2015 in London, BGLN participants shared perspectives on the top and emerging risks facing large banks and the financial system and how boards and supervisors can improve oversight. The exchange of perspectives yielded new insights and produced actionable next steps for individual and collective responses.

This ViewPoints synthesizes the perspectives and ideas raised in the meetings, as well as in nearly 30 conversations beforehand with directors, executives, supervisors, and banking professionals. A list of individuals who participated in discussions on top and emerging risks is represented in Appendix 1.

This document is divided into five sections. The first describes the challenges and opportunities in how boards can improve oversight of top and emerging risks. The remaining four focus on top risks prioritized for discussion by participants. A full list of risks identified by participants is included in Appendix 2.

  • Improving identification and discussion of key risks (pages 3-4). Boards and risk committees spend a lot of time reviewing risk reports and discussing how their institutions are managing key risks. Yet, participants see opportunities to shift the focus of their efforts to be sure they are spending more time openly and informally discussing with management the key risks that are emerging and could impact the viability of their institutions. 

  • Emerging sources of systemic risk (pages 5-8). Much effort has been expended globally to decrease systemic risk in banking through new regulatory requirements. But these actions may be creating new risks by limiting the role banks can play in providing market liquidity, and in pushing systemic risk into the world of shadow banking, to which banks still have significant exposure, but which remains opaque and largely unregulated. In addition, participants question whether central clearing parties might be systemically important themselves. 

  • The risk from misconduct could be an existential one (pages 9-10). Banks and regulators have been focused on addressing conduct issues, notably by launching culture reform initiatives and improving accountability and controls. But, participants see persistent risk of legal and financial damage, but also reputational and political risk that could threaten banks’ ability to operate in some markets. 

  • Increasing strategic risk and potential for disruption (pages 11-13). Banks are all identifying ways to build more agile, profitable institutions in the face of mounting pressure to improve returns with increasing competitive pressure from multiple directions, including financial technology companies, that threatens margins in core businesses. As the threat grows more quickly than many expected, the urgency to respond is increasing.

  • The unique and growing cyber threat (pages 14-16). Participants expressed growing frustration with the challenges of managing cyberrisk. As awareness and knowledge about the threat has improved, the nature of the risk continues to evolve, and while the damage from attacks to date has been relatively limited, participants see the potential for long-term threats to emerge in different and more damaging ways. Discussions included necessary actions individual firms can take, and the continued need for improved collaboration among banks, regulators, and governments to protect the system.