The banking business is full of risks, large and small. The greatest risks demand the most attention:
Three of the principal issues facing banks and other financial institutions today are regulatory compliance, adapting risk management models to a shifting environment, and minimizing risk in a cost-effective way. Above all, financial institutions must take a proactive approach to managing risk.
It’s safe to say that in banking, disruption is now here. Innovations that were bleeding edge just a decade ago—such as robotic process automation, machine learning, artificial intelligence, and cloud computing—are joining the mainstream. Likewise, fintechs, bigtechs, and digital leaders that emerged during the past decade have already begun to form strategic banking partnerships and to carve out specialized niches. As transformation accelerates, open banking, instant payments, and other advances will create enormous value for fast-moving institutions—while disintermediating those that move too slowly.
Yet as the banking value chain breaks up, banks will get the opportunity to reposition themselves. They will likely pursue a mix of strategies, such as becoming platform leaders, being specialist providers, and promoting infrastructure-as-a-service offerings. The cost basis will also change, and banks will need to be leaner and more efficient if they are to compete effectively against digitally mature peers and fintechs. Overall, banks are reaching an inflection point. While outside forces may have dictated the path in the post-recessionary period, banks now have an opportunity to lead the way.
Every day the financial sector is subject to cyber-attacks. The European Central Bank in May 2018 published new guidance aimed at helping financial infrastructures and institutions create simulations of cyber-attacks that closely resemble those in the real world. Threat Intelligence-Based Ethical Red Teaming (TIBER-EU) supports European and national authorities in conducting the tests, which should be applied to investment and commercial banks, payment systems, central counterparties, exchanges, and other entities. TIBER-EU is currently advisory. But given the rising menace of cyber-attacks, it makes sense for financial institutions to start testing now.
EONIA and EURIBOR, the reference rates for financial contracts with a nominal value of more than €150 trillion, are about to be replaced. Because these rates are ubiquitous in contracts between banks and their counterparties, and commonly used in valuation modeling and internal transfer pricing within banks, nearly every part of the balance sheet and nearly all front-to-back processes are affected.
The shifting to new reference rates presents banks not only with one-off transition costs but with significant risk. If the old rates are no longer published, existing contracts referencing them will need to be renegotiated, presenting not only direct financial risk, but also legal, conduct, and reputational risks that attend such a sensitive process. Redesigning products, hedges, and valuation models for use from 2020 presents the same risks. Get things wrong, and a bank’s balance sheet, legal position, and reputation with customers could all be damaged. A new BCG White Paper explains how banks can manage the transition.
Imagine a virtual boardroom in which powerful, user-friendly dashboards allow risk leaders to simulate and stress-test potential strategies on the spot, a function in which steering is integrated and predictive modeling tools provide early notice of financial, operational, compliance, and cyber risks. That’s the future, and it is not a distant one. Indeed, within ten years, leading chief risk officers (CROs) will have these capabilities. Given the unique skills and data that are present within the risk function, a digital CRO could become both a nucleus and a force multiplier for bank-wide digital transformation. Achieving these benefits, however, will require a clear digital strategy, well-aligned use cases, and the right enablers.
In 2012, with the aim of capturing and tracking all upcoming regulations influencing major banking hubs worldwide, BCG established its Global Regulatory Database. Today, having been continuously upgraded and improved, the database has developed into an interactive, web-based solution that includes numerous filter possibilities and export functions. The database not only provides a window for viewing original regulatory documents, but offers value-adding information that helps banks’ senior management facilitate implementation, prioritize and reduce compliance costs, and make strategic decisions — all based on a comprehensive, holistic view of the ever-evolving regulatory climate.
The BCG Regulatory Database provides:
Q: How can an institution efficiently manage its financial resources?
A: As financial institutions employ capital and maintain liquidity, they must adhere to strict regulatory requirements. At the same time, they need to find the best opportunities to earn a return and satisfy shareholders.
Q: How can the effectiveness of risk management be improved?
A: Companies should continually evaluate whether their risk management procedures are adequate. As requirements change, financial institutions have to consider the implications for governance, systems, and infrastructure.
Q: What is the impact of new regulatory requirements?
A: Regulations such as Basel III in banking, Solvency II in insurance, and International Financial Reporting Standard 9 are forcing companies to create new systems to ensure compliance. Companies must also manage costs associated with the increasingly strict regulatory climate.
Q: How can an institution manage its biggest risks?
A: Financial institutions first need to identify their biggest risks. Once identified, those risks must be understood and managed at every level.
Banks face many sources of risk. Regulatory and competitive pressures are forcing institutions to confront them and manage them rigorously. But how can banks know where to begin? Sometimes, it’s useful to explore how risk is managed in other industries.