As the fallout from the collapse of SVB and Credit Suisse continues to be felt, banks’ risk frameworks have come under intense scrutiny.
Risk has always been a significant factor in banking, but the modern risk landscape is more diverse than ever before, and the digital age has brought new challenges. It has become increasingly important for all banking staff to understand their role in effective risk management.
The Bank of England has also pledged closer scrutiny of banks’ risk frameworks moving forward, so now is a good time to make sure your risk management credentials are up to scratch.
What has the Bank of England said about risk management?
Following its demise, Silicon Valley Bank was slammed by a US regulator for its “terrible” risk management strategy. In fact, the firm was actually without a chief risk officer throughout much of 2022. Its collapse spurred banks around the world into rethinking their own approaches to risk management.
But even before SVB’s downfall, the Bank of England had asked all banks operating in the UK to put together better risk frameworks in the wake of Archegos Capital Management’s collapse back in 2021. The failure of the private investment firm reportedly caused $10bn of losses at banks including Credit Suisse and Nomura.
The Bank of England asked banks to be proactive in assessing the economic landscape, remaining resilient and ensuring that “lessons from past crises are definitively learned in full, and thoroughly embedded across the first and second lines of defence.”
What are the major risks in banking in 2023?
Risks associated with financial instruments are nothing new, but the Bank of England has placed emphasis on operational risk – including emerging risks, such as climate change, data protection, and cybercrime.
“Banks are far, far stronger, in financial terms, than they were 10 or 15 years ago,” says Andrew Cunningham, founder and Managing Director of Darien Analytics and a member of the Faculty for our Centre for Governance, Risk and Regulation.
“But over the last few years, we have seen new risks emerging which are harder to quantify and often impossible to model: cyber and data security, financial crime and sanctions exposure, geopolitical risk, and climate change.”
A recent survey carried out by EY / IIF found that 72% of global chief risk officers believe that cybersecurity is the most significant risk in the year ahead, followed by credit and environment risks. In Europe, 62% of banking CROs see geopolitical risk as the biggest risk management issue.
New technologies also present new risks. Recently, the Central Bank of Denmark and three of the country’s largest banks suffered a DDoS attack, highlighting the need for robust cyber security. Data also presents its own challenges. For example, in October 2020, Morgan Stanley was hit with a $60m fine for risk management problems relating to a data breach that occurred due to the investment bank having inadequate safeguards in place when it decommissioned two data centres.
The consequences of inadequate risk management in banking
The collapse of SVB may be an extreme example of what can happen if risk is not managed effectively, but banks face significant fines if they fail to abide by regulatory expectations.
Cunningham points out that “in 2021, ABN AMRO reached a settlement with the Dutch financial authorities, in which they paid €480m for breaches of internal controls, including not keeping proper customer records.”
In 2020, Citigroup was hit with a $400m fine by the US banking regulator for failures in its risk management systems, including regulatory reporting, data management, and internal controls.
So, failures in operational risk management can be extremely costly for banks – and that’s before taking any potential reputational damage into consideration.
How do banks build better risk management frameworks?
Banks and financial institutions must be prepared to deal with the traditional risks associated with operating in the financial sector, as well as a diverse array of new and emerging risks. In practice, this means taking a much more holistic approach to risk across their organisations.
Employees at all levels need to be aware of the modern risk landscape and the importance of robust risk management. If you work in a bank, you need to understand what risks you are exposed to and what your responsibilities are in mitigating or reporting them.
Put simply, everyone working in the bank should be an effective risk manager.
“The risk landscape in which banks operate has become more extensive and harder to quantify. The need for good risk management, and experienced risk managers, is greater than ever,” adds Cunningham.
Read more about our risk training programmes