Global risk management survey, 11th edition
Financial institutions on a spotlight
Financial organizations face challenges from nonfinancial risks such as cybersecurity, model, third-party, and conduct risk – as well as looming economic dangers – that will require institutions to rethink their traditional risk management approaches.
Despite the relative calm in the global economy, risk management today is confronting a series of substantial impending risks that will require financial services institutions to rethink traditional approaches.
Deloitte’s Global risk management survey, 11th edition is the latest edition in this ongoing survey series that assesses the industry’s risk management practices and the challenges it faces. The survey was conducted from March 2018 to July 2018 and was completed by 94 financial institutions around the world that operate in a range of financial sectors and with aggregate assets of US$29.1 trillion.
- Continued growing importance of cybersecurity risk. There was broad consensus that cybersecurity is the risk type increasing the most in importance.
- Increasing focus on nonfinancial risks. Almost all respondents considered their institutions to be extremely effective or very effective in managing traditional financial risks.
- Addressing risk data and IT systems is a top priority. A theme that runs throughout the survey results is the importance of enhancing risk data and IT systems. This has been a continuing issue for financial institutions and the financial services industry for some time and indicates the deep-seated difficulty of providing quality data from source through many systems and processes to its ultimate users.
- The potential of digital risk management. Continued advances in a range of emerging technologies present a significant opportunity to dramatically transform the efficiency and effectiveness of risk management.
- Addressing the challenges in the three lines of defense risk governance model. Virtually all institutions (97 percent) reported employing the three lines of defense risk governance model, but said they face significant challenges.
- Increasing reliance on stress testing. Almost all institutions reported using capital (90 percent) and liquidity (87 percent) stress tests, and are placing greater reliance on them.
- Stronger board oversight. Reflecting the slower pace of regulatory change, only 28 percent of respondents said their boards of directors were spending considerably more time on risk management compared to two years ago, which is down from 44 percent in the previous survey.
- Widespread adoption of the CRO position. The prevalence of the CRO position continues to expand over the course of the survey series, with 95 percent of institutions now having a CRO.
- Continued increase in the adoption of ERM. Eighty-three percent of respondents said their institutions have an ERM program in place, up from 73 percent in the previous survey, with an additional 9 percent saying they were in the process of implementing one.