The future of risk in financial services

The regulatory and business environments have become more volatile and unpredictable. Financial institutions have also faced a tsunami of new regulatory requirements which have driven up compliance costs, whilst increased capital and liquidity requirements have reduced returns. At the same time, fintech startups are threatening to disrupt traditional financial services business models.

As a result, risk management in financial services is at a crossroads. Financial institutions need to decide if they will continue with business as usual or rethink their approach to risk management. As they plan for the new era of risk management, institutions should consider the following six imperatives:

1. Increase focus on strategic risks and improve identification and management of these risks;
2. Rethink the three lines of defence by enhancing business unit responsibility for managing risks and clarifying second line of defence activities;
3. Leverage emergent technologies to increase efficiency and effectiveness of risk management;
4. Establish a formal conduct and culture programme to build customer trust and gain a clear strategic advantage;
5. Enhance risk management capabilities to build a nimble infrastructure able to address newer non-financial risks as well as the challenges of regulatory fragmentation; and
6. Manage capital and liquidity strategically by enhancing governance structures and decision-making processes.

In this article, we focus on three imperatives that we have observed in Southeast Asia (SEA):

Establish a formal conduct and culture programme
Recent instances of inappropriate behaviour by employees at financial institutions have led to an increased focus by senior management as well as by regulatory authorities on the importance of instilling a risk-aware culture and encouraging ethical behaviour by employees. Efforts in this area will need to be enhanced to demonstrate a programmatic and sustainable approach to conduct risk. Organisations are placing increased emphasis on an individual’s ethics, compliance, and history during the hiring process, as well as refreshing recruitment, induction, training, and development frameworks. The Monetary Authority of Singapore is adding an ethics and skills component to existing financial adviser and market intermediary competencies. 

Enhance risk management capabilities
Institutions will need to integrate their siloed responses to the many regulatory requirements that have been introduced in recent years. They will also need to leverage the power of RegTech solutions to increase their agility in responding quickly to new developments, whilst providing the analytics that support more effective risk management.

An important Basel regulation which will apply to Domestically Systemically Important Banks (DSIBs) in SEA is the BCBS 239 principles on risk data aggregation and risk reporting. Banks will need to continue efforts on data management programmes such as those spurred by the regulation. These requirements often trigger additional enhancements in the fields of data governance, data quality, and risk reporting framework. They also push the banks to promote further collaboration amongst the key stakeholders: risk, IT, finance, and business units.

Strategically manage capital and liquidity
Recent regulatory requirements have significantly increased capital and liquidity requirements. In the current low revenue environment, institutions will need to consider carefully the impacts of their business strategy on capital and liquidity so they can improve their returns on equity by optimising the use of these scarce resources.

Some banks in SEA face new liquidity requirements including the liquidity coverage ratio and the net stable funding ratio introduced in Basel III. In response, banks should develop a robust capability to measure capital and liquidity so the institution can understand the relative capital and liquidity needs of each business unit and how the business unit contributes to the institution’s overall capital and liquidity profile. Institutions will then need to build capital and liquidity measures into their strategic plans and management approaches and re-evaluate them periodically.

Whilst we’ve only highlighted three, institutions will need to address these six imperatives in a coordinated programme in order to be effective. Each institution will need to decide whether to continue with business as usual, running the risk of being unprepared for new risks, and falling behind their peers and regulatory expectations or seize the opportunity to take risk management to an entirely new level that truly provides the capabilities to support the organisation’s strategic plan.