Nearly nine in 10 financial services firms plan to increase their investment in risk-management capabilities in the next two years in response to emerging risks of cyber security and fraud, according to a new report from Accenture.
The Accenture 2015 Global Risk Management Study – based on a survey of more than 450 senior risk-management executives in the banking, capital markets and insurance industries – found that 86 per cent of respondents said their organisations plan to increase their investment in risk-management capabilities in the next two years, with one in four (26 per cent) planning to increase it by more than 20 percent. In addition, three in 10 respondents (29 per cent) said their companies plan to increase by more than 20 per cent their investment in Cloud/Software-as-a-Service (SaaS) and big data and analytics.
The report found clear evidence of the increasing impact that cyber security and fraud is having on financial services firms’ business and the risk-management function in particular. F
More than one-third (34 per cent) of respondents said that understanding cyber risk will be the most-needed capability in their risk function.
Nearly two-thirds (65 per cent) of respondents said that cyber/IT risk will have an increased impact on their business in the next two years, with 26 per cent saying that the increase would be significant.
More than eight in 10 respondents (82%) said that emerging risks, such as cyber and social media, account for more of the chief risk officer’s (CRO) time than ever before.
“The combination of market forces, advances in technology and customer demands are pushing financial institutions to become more digital and requiring a broader range of skills from today’s risk management professionals,” says Steve Culp, senior global managing director for Accenture Finance and Risk Services. “Financial services firms are struggling to keep pace with the demand for people with highly specialised skills, such as cyber risk experts, business analysts, security specialists and fraud experts. To fill these gaps, most firms will have to look outside of their organisations — and the competition for the right people is increasingly intense.”
The report indicates that the surging demand for talent by financial services institutions in recent years shows no signs of abating. While firms are focusing on enhancing their specialised skills, fewer than half (41 per cent) claim to have extensive skills in understanding digital technologies. Only 10 per cent said that their risk function has the resources needed in specialised areas like emerging risks. Many respondents said that in the past two years, their recruiting has targeted cyber risk experts (cited by 48 per cent of respondents) and fraud experts (36 per cent) , and 36 per cent of firms said they have hired former hackers.
In response to today’s low-growth, low-return environment, financial institutions are focusing on new paths to profitability. As a result, risk appetites are increasing, although in a targeted fashion. More than four in 10 financial services firms (43 per cent) said they have a higher risk appetite for developing new products than they had two years ago, and more than one-third (36 per cent) have a greater appetite for taking on major digital initiatives.
“At a time when the regulatory focus has never been keener, financial services firms are taking a hard look at their existing strategies and starting to identify where they want to extend their business to achieve growth,” Culp says. “The willingness to accept greater business risks will also expose financial services firms to emerging risks – including cyber, data privacy, reputational, social media and new conduct risks – requiring risk professionals to play an enhanced role.”
Nearly three-quarters (73 per cent) of respondents said that managing emerging digital risks and the increased velocity, variety and volume of data challenge their ability to be effective. Fewer than one in 10 (9 per cent) said that consistent and updated data is regularly available to decision makers across the organisation.
Increasingly, CROs seek to play a more strategic role in their companies. Only 36 per cent of capital markets respondents and 29 per cent of banks said that, when delivering regulatory change programs, their senior managers go beyond basic regulatory compliance, such as by integrating with ongoing change initiatives. For firms that go beyond basic compliance, there is much greater coordination on regulatory issues between the risk function and the rest of the business.
At the same time, the majority of financial services firms have some distance to travel before risk management becomes fully aligned with broader strategic planning. While more than eight in 10 respondents (83 per cent) said they believe that risk management has contributed to enabling long-term profitable growth for their company, nearly three-quarters (73 per cent) said that gaining the trust of the business is a top challenge to their effectiveness. Fewer than one in five respondents (17 per cent) said that their companies have a framework that supports major strategic decision-making with input from risk management.
“CROs can help their institutions become digital leaders by capitalising on the insights generated from the wealth of data they hold,” Culp says. “While many have said the increase in data has posed a challenge, risk teams can free up time by automating data collection and analysis in order to focus on more strategic management activities. Better data is required by regulation, but it will also help CROs advise their stakeholders on meeting key goals around risk-adjusted profitability and performance.”