Share this article
It’s often said that “change is the only constant”. This could not be more true for the financial services industry which has faced unprecedented changes in recent years: the rising importance of non-financial risks in the post-Royal Commission era; the emergence of Environment, Social and Governance (ESG); the impact of COVID-19 shifting the way we work and how we interact; rapid technological change, increased digitisation and advanced analytics; the shifting geopolitical environment, regulatory changes; and low-interest rates.
Financial institutions have been at the forefront of these significant changes and have had to reorient business strategies and realign operating models to best adapt and transform. We believe the Risk function within these institutions plays a pivotal role in this ongoing transformation and must remain at the centre to help the business navigate and transition from responding to change to enabling sustainable growth.
Our latest global study, Risk Management 2025 and beyond - priorities and transformation agenda, draws on survey insights from more than 80 senior Risk executives at financial institutions across the globe to understand today's priorities and build the risk transformation agenda for the future.
As part of our global study, we conducted interviews with senior risk executives from more than 60 financial institutions globally (including 5 from Australia) to uncover key risk management trends, areas of priority and transformation ambitions. This research is supplemented with quantitative survey results from numerous financial institutions to provide more than 1,500 data points. While the global respondents were primarily from banks, we believe these insights will be relevant and applicable across the financial services industry.
This extensive analysis provides an informed perspective on how financial institutions can not only navigate the shifting risk management landscape but turn this into an opportunity to enable growth. It also makes clear that the Risk function and the role of Chief Risk Officer (CRO) are undergoing a period of transition against the background of broader business and industry transformation which requires a re-evaluation of the role both play within the business.
Good quality data management is now foundational for the more advanced analytical techniques and application of technological enhancements. Financial institutions are looking at improving, not ignoring, legacy data to obtain richer insights. Analytics on-demand and AI-based solutions are two examples that have been used to optimise risk management and boost effectiveness. Risk functions will need to develop a broader technology vision and integrated roadmap aligned to other parts of the organisation. This could involve partnering with RegTech providers as a continuing broader set of use cases and opportunities are identified and prioritised. The continued investment in data and technology will drive productivity growth within Risk functions as they will look to either do more with less and/or create capacity for more forward-looking analysis and engagement with the business.
Looking ahead rather than analysing the past will become the new mantra. This represents a fundamental shift for risk management which has traditionally been quantitative in nature and focused on the past. This is more important than ever in the Australian context which is often characterised by large remediation projects and focused on fixing past issues. Leveraging these projects to drive a more proactive risk management approach is one way organisations can move towards sustainable growth.
The traditional risk disciplines and improvements in financial risk management cannot be lost and will continue to be a baseline requirement moving forward - credit risk is still the most fundamental risk banks face. Banks have demonstrated learnings from the Global Financial Crisis of 2008 by improving their capital and liquidity positions. The current low interest rate and high debt environment is different, and stress testing and scenario analyses will assist financial institutions to navigate safely. Hardening stress testing and scenario analysis is a key item on the change blueprint and it will assist with managing other activities such as operational resilience and the interconnected stakeholder environment.
The risk profile of financial institutions continues to shift to non-financial risks. This has required an increased focus for the Risk function on cyber risks, fraud, money laundering, ESG, and operational resilience - particularly with the growing dependence on a complex network of third, fourth and fifth parties. These risks require different courses of action. These new areas of specialisation - in conjunction with the growing need for different mindsets to engage the business, safely support execution, and facilitate a more digital/technical environment - will require planning and investment for the depth and breadth of capabilities of the Risk function of the future.
Risk functions are becoming more dynamic and flexible, and increasingly contribute to leading financial institutions through a complex and volatile landscape of opportunities and threats. A holistic view is increasingly being applied to risk management, and the expectations for the first line of defence - “the business” - have increased.
For risk management to become more integrated, we believe it will require change not just from the business, but from the Risk functions as well. Risk transformation projects will need to be more business-centric - for example, the core Governance, Risk and Compliance (GRC) systems should be built from the requirements of the business as opposed to the Risk function; and policies simplified and linked into core business processes.
While the principles of “three lines of defence” remain consistent, we believe a more integrated risk management, right-sized and cross-functional approach may result in innovative ways to address thematic and non-financial risks.
Risk functions, and the environments in which they operate, have come a long way since our previous global study in 2018. It’s not surprising that the fundamentals haven’t shifted - such as the use of advanced analytics and increased use of technology and digitisation - but the goalposts for “better practice” risk management within financial institutions continue to move and mature at a rapid pace.
Embed Risk in strategy and decision making by strengthening Risk capability on thematic risks, establishing competence centres across the Business and Risk teams, and breaking down silos across the lines of defence.
Enhance stress testing capabilities to be faster, more dynamic, and enhance the ability to capture cross-risk impacts.
Digitise non-financial risk through simplifying policy requirements, redesigning GRC platforms to work for the first line and defining data models across non-financial risk to collect enriched data sets
Build operational resilience into the organisation by increasing the prominence of strategic decisions and creating visibility of value streams and their potential points of failure.
Develop platforms to deploy technology at scale through building a shared technology roadmap across the organisation, providing access to self-service data analysis capabilities and investing in the reskilling of staff.
The next five years will continue to result in major changes to the Risk function - and risk management in the broader sense - and stakeholders' expectations will continue to shift. The question is not if risk management will evolve within financial institutions, it’s a matter of when?
We believe Risk leaders are in a powerful position to seize this opportunity and position themselves to help lead business-wide transformation and enable sustainable growth.
Amrita Jebamoney
National Risk and Digital Trust Leader, PwC Australia
Tel: +61 412 782 897