Cyber threats remain the top concern for Chief Risk Officers (CRO) according to Jan Bellens, head of global banking and capital markets at EY. He tells RBI, that despite billions invested to safeguard core systems and protect vital data assets, CROs consider cyber the top inherent threat.
In a joint EY/ Institute of International Finance report, co-authored by Bellens entitled ‘Seeking stability within volatility: How independent risks put CROs at the heart of banking business”, some 73% of respondents say that cyber remains a top priority in the next 12 months and during the next three years.
The report examines CROs’ views on the most urgent issues facing their organisations, and those that will take on more importance in the next three to five years.
Geopolitical concerns made the biggest jump on the CRO agenda since last year. Russia’s invasion of Ukraine, simmering US-China tensions, regional conflicts and the retreat from globalisation in 2022 has led to the largest banks to reassess market risk and rethink where to make new business investments. 62% said geopolitical risks would have a ‘much more significant’ effect on their organisation during the next year.
Major risk factors are co-related: the key report takeaway
Says Bellens: “It was not a great surprise that the top three risks are number one cyber, number two credit and number three, environmental risk. But what did come out of the interviews was how the various risks are co-related with each other. For example, how does the war for talent impact the risk in the banks for data privacy, new AI and ML tools, cyber risks but also ESG. These risks all come together and hit the CRO at the same time in a co-related manner. That is the major takeaway.
Looking ahead, CROs expect ESG and climate risks to see the greatest increase in priority during the next three years: 88% of respondents said ESG risk is likely to increase most in priority in the next three years, and 84% said the same of climate risk.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
Says Bellens: “While many familiar risks remain priorities, we detect in this year’s results increased complexity caused by overlapping and correlated risks. Consider how the combination of geopolitical and cyber risks threatens operational resilience, while also increasing market risk, particularly for institutions designated as global systemically important banks.”
The role of CRO: one of the most difficult in the C-suite
He adds that ESG strategies, digital transformation and new product development also require multi-dimensional thinking by CROs and fresh approaches to instilling the right controls. And, increased regulatory risk is present in all of these vectors.
CROs face an extraordinary volume and variety of risks — traditional and emerging, those resulting from external forces and those from internal pressures — nearly all of which seem to be increasing in urgency.
“That’s one reason I believe that in the 20 years since the inception of the CRO role, it has become one of the most difficult jobs in the banking C-suite, a point we’ve heard directors and senior executives make repeatedly in recent months. There are more and more demands on the CRO going way beyond the traditional risk management framework and the traditional risk management tools.”
He adds that now more than ever, the CRO needs much more agility while greater multi-dimensional thinking is needed as they have a greater remit in playing their role in defending their financial institution.
Climate and environmental risk
Though the pandemic and geopolitical concerns have generated more headlines during the last few years, climate risk remains a top-three risk for both boards and CROs over the next 12 months. Bellens says that in this year’s survey only 36% of CROs cited environmental risk as a top-five issue that will demand CRO attention during the next 12 months, versus 49% of last year’s respondents. This drop is likely a function of the nearer-term urgency around cyber and geopolitical risks. It’s also worth noting that 58% of CROs at the global systemically important banks selected environmental risk as one of their top-five focal points.
However, looking ahead, CROs expect ESG, digital transformation and climate risks to see the greatest increase in priority during the next 36 months.
Bellens adds: “Clearly, climate and environmental risk, in its multiple forms, is still on the minds of CROs and the severity and frequency of natural disasters is likely to keep it there. The war in Ukraine also raises environmental questions relative to the European energy mix, and the necessity of expanding fossil fuel usage. For CROs, the focus will continue to be on developing better measures and models of climate risks (including both physical risks and those associated with the transition to a greener economy) for the purposes of more effective credit underwriting.”
Not surprisingly, global systemically important banks have more robust capabilities for incorporating climate factors into risk management activities. For instance, 92% cite scenario modeling and stress testing as important activities for incorporating climate risk into their broader risk management approach, compared to 28% of other banks. And half of CROs at G-SIBs say climate change risks are inherent in assessments of material credit exposures, compared to one-third of other banks.
Climate risk: the top concern over the next 5 years
Looking over a five-year horizon, 65% of CROs cited climate risk as the most important concern for their organisations, well ahead of tech-driven disruption (42%), IT obsolescence (42%) and the pace and breadth of change from digitisation (42%). The implication is that these latter risks seem more manageable for CROs, compared with environmental risks, which include both physical threats and the disruptions caused by the transition to a greener economy.
Says Bellens: “It was pleasing to see and one of the nice things that came out of the survey was how the executive committees, CROs and boards are all aligned on the priority risks. The report does highlight that the banks are investing heavily in protecting their banks against these risks, cyber, credit and the environment.”
And on the environment specifically, Bellens says that banks will listen to their customers – consumers and corporates – who want to see them invest in renewables, improving climate and in driving sustainability.
He concludes: “It is an opportunity for the banks and they should not shy away from highlighting that they are supporting a lot of these climate initiatives with their lending and through their balance sheet. That is good for consumers, for corporates and it is good for shareholders.”