Risk management is a fundamental – and fast evolving – part of a bank’s business. Rob Thompson, our Head of Banking Services, looks at the risks financial institutions manage and the career opportunities in this area of finance.
Essentially, risk management is about weighing up the chance of a bad outcome occurring due to a particular action, activity or choice. It’s also a necessary part of business life. A company will never grow or make a profit without taking risks.
It can vary but the risks a bank tends to deal with are typically:
- credit risk
- market risk
- operational risk, including data governance risk and reporting risk
- liquidity risk
- technology and information risk, including cyber risk, and
- strategic risk.
Banks also face risks from events from the outside world which are beyond their direct control, such as climate change risk.
Why banks manage risk
There are many reasons why banks manage risks, including to:
- prevent loss
- ensure survival
- protect their reputation
- safeguard stakeholders’ interests
- comply with regulations and laws
- protect the bank’s credit ratings.
However, because banks and banking system play such an important role in any national and the global economy, the consequences of poor risk management are wide reaching. This became evident in the 2007–08 Financial Crisis, when governments had to come together to bail out banks.
Even on a smaller scale, because a bank’s business is about money and money creation, if it’s in trouble it may reduce or even stop lending. That affects the availability of funds to business and slows economic growth.
This is why banks and financial institutions are regulated, nationally and internationally.
How banks manage risk
In short, banks manage risks by implementing frameworks of policies, procedures and controls, which requires careful planning, regular reviews and updates.
To overcome some of the implementation challenges, banks have adopted industry-standard frameworks, eg ISO 31000:2018 or COSO ERM – Integrated Framework.
But it’s impossible to eliminate risk completely, a bank must identify and analyse risk in all its business units.
That’s why the risk management department is the nervous system of any bank or financial institution. A bank’s chief risk officer (CRO) reports to the board, the regulator and the chief executive.
Working in risk management
If you work in a risk management department, you’re part of a team responsible for identifying, assessing, measuring, mitigating and reporting risks. You work closely with colleagues in other departments of the bank to identify, assess and take actions. And you go out to visit clients and other stakeholders to make assessments.
If you’re thinking of a career as a risk officer, you need to be a people person, with good analytical skills. You’ll also need to be logical, well organised, adaptable and have a high level of intellectual curiosity as well as strong values and determination.
As you progress through your career, you’ll need to push back against colleagues who want to take on too much risk – especially at senior level.
Paul Howard is a Risk Management Consultant with over 30 years’ experience in senior risk management roles and in the Faculty of our Centre for Governance, Risk and Regulation.
“Engaging with the business to support their aspirations safely can be a fine balance on occasions,” he says. “You have to have to be an arbiter, ambassador and enforcer. In some instances, the skill can be having a good nose for what needs closer examination and what does not. It’s never boring.”
See our banking qualifications, including those specialising in risk
See our Centre for Governance, Risk and Regulation website