Choose your location to get a site experience tailored for you.

Remember my region and language settings

Risk Management and Compliance

The banking business is full of risks, large and small. The greatest risks demand the most attention:

  • Credit risk generated by lending activities
  • Market and counterparty risk from trading activities (especially derivatives trading)
  • Liquidity risk arising from mismatched assets and liabilities
  • Operational risk caused by error and omission in core systems and processes
  • Risk associated with writing insurance contracts

Three of the principal issues facing banks and other financial institutions today are regulatory compliance, adapting risk management models to a shifting environment, and minimizing risk in a cost-effective way. Above all, financial institutions must take a proactive approach to managing risk.

Future-Proofing the Bank Risk Agenda

The growth of banks’ economic profit—that is, profit adjusted for risk and capital costs—has weakened on a globally averaged basis. Moreover, the twists and turns of regulatory change and oversight show no signs of receding. The flood of revisions averages 200 per day—three times the rate in 2011. Global banks must diligently monitor and implement change in three regulatory clusters: financial stability, prudent operations, and resolution.

Forward-looking CROs at successful banks will master regulatory change as part of a broader plan to transform the capabilities and the role of their bank’s risk function. The agenda includes initiatives such as digitizing the risk function and elevating its knowledge and data resources with cutting-edge technologies. Banks can achieve such goals by adopting new, potentially disruptive technical capabilities and services, and by collaborating with regtechs and other fintech enterprises.

Enhancing Cyber Resilience

Every day the financial sector is subject to cyber-attacks. The European Central Bank in May 2018 published new guidance aimed at helping financial infrastructures and institutions create simulations of cyber-attacks that closely resemble those in the real world. Threat Intelligence-Based Ethical Red Teaming (TIBER-EU) supports European and national authorities in conducting the tests, which should be applied to investment and commercial banks, payment systems, central counterparties, exchanges, and other entities. TIBER-EU is currently advisory. But given the rising menace of cyber-attacks, it makes sense for financial institutions to start testing now.

Getting Ahead of the New Curve in Reference Rates

EONIA and EURIBOR, the reference rates for financial contracts with a nominal value of more than €150 trillion, are about to be replaced. Because these rates are ubiquitous in contracts between banks and their counterparties, and commonly used in valuation modeling and internal transfer pricing within banks, nearly every part of the balance sheet and nearly all front-to-back processes are affected.

The shifting to new reference rates presents banks not only with one-off transition costs but with significant risk. If the old rates are no longer published, existing contracts referencing them will need to be renegotiated, presenting not only direct financial risk, but also legal, conduct, and reputational risks that attend such a sensitive process. Redesigning products, hedges, and valuation models for use from 2020 presents the same risks. Get things wrong, and a bank’s balance sheet, legal position, and reputation with customers could all be damaged. A new BCG White Paper explains how banks can manage the transition.

Banking On the Digital CRO

Imagine a virtual boardroom in which powerful, user-friendly dashboards allow risk leaders to simulate and stress-test potential strategies on the spot, a function in which steering is integrated and predictive modeling tools provide early notice of financial, operational, compliance, and cyber risks. That’s the future, and it is not a distant one. Indeed, within ten years, leading chief risk officers (CROs) will have these capabilities. Given the unique skills and data that are present within the risk function, a digital CRO could become both a nucleus and a force multiplier for bank-wide digital transformation. Achieving these benefits, however, will require a clear digital strategy, well-aligned use cases, and the right enablers.

BCG’s Global Regulatory Database

In 2012, with the aim of capturing and tracking all upcoming regulations influencing major banking hubs worldwide, BCG established its Global Regulatory Database. Today, having been continuously upgraded and improved, the database has developed into an interactive, web-based solution that includes numerous filter possibilities and export functions. The database not only provides a window for viewing original regulatory documents, but offers value-adding information that helps banks’ senior management facilitate implementation, prioritize and reduce compliance costs, and make strategic decisions — all based on a comprehensive, holistic view of the ever-evolving regulatory climate.

The BCG Regulatory Database provides:

  • Summaries of regulations and regulatory proposals
  • Maturity assessments (regarding the likelihood of significant change to evolving regulations)
  • Updates on regulations’ legal status (such as already implemented, under discussion, and on hold)
  • Identification of banking entities and products most affected by pending regulations
  • Analysis of both the domestic and cross-border (where applicable) scope and implications of regulations
  • Tracking of proposed and/or expected compliance dates
  • Web links to original, official regulatory documents

Four Key Questions for Financial Institutions

Q: How can an institution efficiently manage its financial resources?

A: As financial institutions employ capital and maintain liquidity, they must adhere to strict regulatory requirements. At the same time, they need to find the best opportunities to earn a return and satisfy shareholders.

Q: How can the effectiveness of risk management be improved?

A: Companies should continually evaluate whether their risk management procedures are adequate. As requirements change, financial institutions have to consider the implications for governance, systems, and infrastructure.

Q: What is the impact of new regulatory requirements?

A: Regulations such as Basel III in banking, Solvency II in insurance, and International Financial Reporting Standard 9 are forcing companies to create new systems to ensure compliance. Companies must also manage costs associated with the increasingly strict regulatory climate.

Q: How can an institution manage its biggest risks?

A: Financial institutions first need to identify their biggest risks. Once identified, those risks must be understood and managed at every level.

Lessons from Risk Management in Other Industries

Banks face many sources of risk. Regulatory and competitive pressures are forcing institutions to confront them and manage them rigorously. But how can banks know where to begin? Sometimes, it’s useful to explore how risk is managed in other industries.

Financial Institutions
Previous Page