Nearly nine in 10 financial services firms plan to increase their investment in risk management capabilities in the next two years in response to the emerging risks of cyber security and fraud, according to a new report from Accenture.
The Accenture 2015 Global Risk Management Study – based on a survey of more than 450 senior risk management executives in the banking, capital markets and insurance industries – found that 86 percent of respondents said their organizations plan to increase their investment in risk management capabilities in the next two years, with one in four (26 percent) planning to increase it by more than 20 percent. In addition, three in 10 respondents (29 percent) said their companies plan to increase by more than 20 percent their investment in cloud / software-as-a-service (SaaS) and big data and analytics.
The report found clear evidence of the increasing impact that cyber security and fraud is having on financial services firms’ business and the risk management function in particular. For example:
- More than one-third (34 percent) of respondents said that understanding cyber risk will be the most-needed capability in their risk function.
- Nearly two-thirds (65 percent) of respondents said that cyber/IT risk will have an increased impact on their business in the next two years, with 26 percent saying that the increase would be significant.
- More than eight in 10 respondents (82 percent) said that emerging risks, such as cyber and social media, account for more of the chief risk officer’s (CRO) time than ever before.
“The combination of market forces, advances in technology and customer demands are pushing financial institutions to become more digital and requiring a broader range of skills from today’s risk management professionals,” said Steve Culp, senior global managing director for Accenture Finance and Risk Services. “Financial services firms are struggling to keep pace with the demand for people with highly specialized skills, such as cyber risk experts, business analysts, security specialists and fraud experts. To fill these gaps, most firms will have to look outside of their organizations — and the competition for the right people is increasingly intense.”
The report indicates that the surging demand for talent by financial services institutions in recent years shows no signs of abating. While firms are focusing on enhancing their specialized skills, fewer than half (41 percent) claim to have extensive skills in understanding digital technologies. Only 10 percent said that their risk function has the resources needed in specialized areas like emerging risks. Many respondents said that in the past two years, their recruiting has targeted cyber risk experts (cited by 48 percent of respondents) and fraud experts (36 percent), and 36 percent of firms said they have hired former hackers.
Rising impact of digital
In response to today’s low-growth, low-return environment, financial institutions are focusing on new paths to profitability. As a result, risk appetites are increasing, although in a targeted fashion. More than four in 10 financial services firms (43 percent) said they have a higher risk appetite for developing new products than they had two years ago, and more than one-third (36 percent) have a greater appetite for taking on major digital initiatives.
“At a time when the regulatory focus has never been keener, financial services firms are taking a hard look at their existing strategies and starting to identify where they want to extend their business to achieve growth,” Culp said. “The willingness to accept greater business risks will also expose financial services firms to emerging risks – including cyber, data privacy, reputational, social media and new conduct risks – requiring risk professionals to play an enhanced role.”
Nearly three-quarters (73 percent) of respondents said that managing emerging digital risks and the increased velocity, variety and volume of data challenge their ability to be effective. Fewer than one in 10 (9 percent) said that consistent and updated data is regularly available to decision makers across the organization.
Increased role of the risk function
Increasingly, CROs seek to play a more strategic role in their companies. Only 36 percent of capital markets respondents and 29 percent of banks said that, when delivering regulatory change programs, their senior managers go beyond basic regulatory compliance, such as by integrating with ongoing change initiatives. For firms that go beyond basic compliance, there is much greater coordination on regulatory issues between the risk function and the rest of the business.
At the same time, the majority of financial services firms have some distance to travel before risk management becomes fully aligned with broader strategic planning. While more than eight in 10 respondents (83 percent) said they believe that risk management has contributed to enabling long-term profitable growth for their company, nearly three-quarters (73 percent) said that gaining the trust of the business is a top challenge to their effectiveness. Fewer than one in five respondents (17 percent) said that their companies have a framework that supports major strategic decision-making with input from risk management.
“CROs can help their institutions become digital leaders by capitalizing on the insights generated from the wealth of data they hold,” Culp said. “While many have said the increase in data has posed a challenge, risk teams can free up time by automating data collection and analysis in order to focus on more strategic management activities. Better data is required by regulation, but it will also help CROs advise their stakeholders on meeting key goals around risk-adjusted profitability and performance.”