Financial institutions have made progress in addressing risk management but still have a lot of work to do, especially in creating a culture that encourages employees to take appropriate risks and that promotes ethical behavior more broadly, according to Edward Hida, global risk and capital management leader at Deloitte.
“One of the more recent areas of focus of regulators in the last year or two has been on culture, ethics, conduct risk, ethical standards,” Hida told Markets Media. “That's involves the qualitative side of risk management. How you link those into more programmatic elements is of increased scrutiny and focus.”
For example, some organizations have made progress on embedding risk-based compensation programs, “but when we look at the variety of techniques that are utilized, there is more work that can be done there,” said Hida.
Only 60% of respondents said their board has worked to establish and embed the risk culture of the enterprise and promote open discussions regarding risk, according to the Global Financial Services Risk Management Survey by Deloitte. This means 40% have not done so, indicating more work is needed on this issue.
A similar percentage – 63%– said that their directors review incentive compensation plans to consider alignment of risks with rewards. In addition, only about half of respondents said it was a responsibility of their institution’s risk management program to review compensation plans to assess its impact on risk appetite and culture.
“When we look at the amount of oversight that boards play in risk-based incentive compensation, there's still a gap there as compared to other high-level governance statistics,” Hida said. “There is more work that needs to be done to fully invest in risk-based incentive programs and build a more consistent risk culture throughout the organization.”
The survey is intended to take the pulse of chief risk officers and financial institutions around the world, assess risk management programs, the challenge of those programs, and trends in the risk management programs.
By many measures, the financial services industry has made significant progress on risk governance. For example, 92% of respondents have an enterprise risk management program in place or are building one. Boards are spending much more time focused on risk oversight, with 85% spending more time than 2 years ago. Having a dedicated chief risk officer position has grown to be nearly universal (92%). “There’s a number of key statistics that would certainly support the case that much is being done on risk culture,” said Hida.
The theme for this year’s survey is the New Normal environment, characterized by continual regulatory change, ever increasing expectations by regulators, and a ratcheting up of risk management. Organizations have built up their risk management capabilities in the post-crisis environment both due to management requirements, as well as higher regulatory expectations. “We believe that this environment is the current operating backdrop for financial institutions, especially for risk management programs,” said Hida.
Risk data and technology continue to pose challenges as well, with 48% of respondents extremely or very concerned about the ability of the technology systems at their institution to be able to respond flexibly to ongoing regulatory change. Sixty-two percent of respondents said that risk information systems and technology infrastructure were extremely or very challenging, and 46 percent said the same about risk data.
“One area that we've been focused on for several years now related to data management and data quality,” said Hida. “That has to do with the integrity of the data that actually underlies a lot of the risk systems and risk decisions that are made by the organization. That's been an area of focus as organizations have had to improve the quality of their underlying risk data.”