Almost all banks have increased their focus on non-financial risk in the past 12 months, reflecting the size of fines for compliance failures and remediation costs, according to EY.
Non-financial risks include regulatory, conduct, money laundering, compliance, systems, and reputation risk. In its 2015 annual risk management survey of major financial institutions, EY found that 89% of banks reported increased board and senior management attention to such risks.
Over the past three years, more than two-thirds (69%) suffered losses of more than $1 billion, including regulatory fines and penalties, due to non-financial risks.
“Given the heightened regulatory and public attention to misconduct in the industry, conduct risk management is a high priority,” the report says.
The majority of respondents cited lapses in oversight and controls as a key internal cause of loss events. As a result, EY said, most banks are enhancing operational controls and processes to identify control weaknesses, with some banks developing new tools and techniques to understand and track risks more effectively.
“Firms are increasingly focusing on forward-looking risk assessments and prevention versus after-the-fact analysis of a risk failure, and many are enhancing scenario processes and tools aimed at more effective assessment of forward risk,” EY said.
Many banks also agreed that an essential part of the solution will be a fundamental shift to the front office of accountability for all risks, including non-financial ones. “In many banks, the business lines are notionally responsible for all risks, but there are no structures to enable them to exercise that responsibility, and, generally, de facto accountability sits in the control functions,” the report states.
Ninety-four percent of banks now hold the front-office desk and business-line heads fully accountable for managing a wider view of risk, including non-financial risks, and more than one-third of banks see accountability in the front office as a cause of risk culture deviating from board expectations.