Regulations, Cybersecurity Are Biggest Risks For Financial Services: Survey

By John Hilton InsuranceNewsNet

With market pressures forcing financial services to "do more with less," many companies are beginning efforts to re-engineer their risk management programs, according to a new survey by Deloitte.

Seventy percent of the financial services executives surveyed said their institutions have either recently completed an update of their risk management program or have one in progress. Another 12 percent said they are planning to undertake such a renewal effort.

A big part of this revitalization will be leveraging emerging technologies, with 48 percent planning to modernize their risk infrastructure by employing new technologies such as robotic process automation, cognitive analytics, and cloud computing.

"Financial institutions face a formidable set of challenges posed by today's more complex and uncertain risk environment," said Edward Hida, a partner with Deloitte Risk and Financial Advisory at Deloitte US and the author of the report. "With budget cuts common — and a big focus on effectiveness and efficiency as the torrent of regulatory change has slowed — this will require institutions to rethink their traditional assumptions."

The findings from the eleventh biennial edition of the survey of financial institutions — titled "Reimagining Risk Management to Mitigate Looming Economic Dangers and Nonfinancial Risks" — are based on the responses of 94 financial institutions around the world.

The institutions surveyed provide a range of financial services, including banking (61 percent), investment management (49 percent), and insurance (46 percent).

Cybersecurity No. 1

Financial services executives were asked in the survey which three risk types they believed would increase the most in importance for their institution over the next two years. The broad consensus was that cybersecurity is the number-one challenge.

Two-thirds of respondents (67 percent) named cybersecurity as one of the three risks that would increase the most in importance for their business over the next two years, far more than for any other risk. Yet, only about half of the respondents felt their institutions were extremely or very effective in managing this risk.

"Historically, you might have seen cyber attacks that were around how companies are trying to set up or mimicking your web portal or trying to steal data or something," David Sherwood, managing director of the Risk and Regulatory Practice at Deloitte. "But cyber attacks are becoming much more sophisticated. It’s the ability to shut down and almost cripple systems within a company."

Although cyber security also held the pole position in the survey's 2016 edition, there was a dramatic uptick in the current survey. More respondents considered it as one of the three risk types that would increase most in importance (67 percent, up from 41 percent) and cited it as the No. 1 risk (40 percent, up from 18 percent).

Regulation is another risk right there with cybersecurity as a top concern, Sherwood told InsuranceNewsNet.

U.S. regulators at the state and federal level are working on rules and regulations designed to better shield the consumer from poor financial advice.

"How do they make sure that the products that they are offering are finding the right way to customers who truly need those products and those customers aren’t buying products that wouldn’t be suitable for them?" Sherwood said, summing up the industry's challenge.

Other Key Findings

Among the survey's other key findings were:

When asked to assess the overall effectiveness of their institution in managing risk, 82 percent of respondents considered it to be extremely or very effective, an increase from 69 percent in 2016.

While institutions have become more skilled at managing financial risks, non-financial risks continue to assume greater prominence as the exposure and consequences from these risks has become more evident.

Respondents were less likely to consider their institutions extremely or very effective in areas including reputation risk (57 percent), business resilience risk (54 percent), model risk (51 percent), conduct and culture risk (50 percent), strategic risk (46 percent), third-party risk (40 percent), geopolitical risk (35 percent) and data integrity risk (34 percent).

Eighty-three percent of respondents expected that regulatory requirements on their institutions would increase over the next two years, with one-third expecting a significant increase.

InsuranceNewsNet Senior Editor John Hilton has covered business and other beats in more than 20 years of daily journalism. John may be reached at [email protected]. Follow him on Twitter @INNJohnH.