Regulatory requirements top challenge for 79% of financial services institutions

29 June, 2015 - 85 percent of financial institutions from around the world reported that their boards of directors currently devote more time to oversight of risk than they did two years ago, while 79 percent felt that increasing regulatory requirements and expectations were their greatest challenge, according to the ninth edition of Deloitte’s Global risk management survey. In addition, the most common board responsibilities are approving the enterprise-level statement of risk appetite (89 percent), and reviewing the corporate strategy for alignment with the risk profile of the organization (80 percent).

This survey, conducted in the second half of 2014, is the latest instalment in Deloitte’s ongoing assessment of the state of risk management in the global financial services industry. Its findings are based on the responses of 71 financial institutions from around the world and across multiple sectors, representing a total of almost US$18 trillion in aggregate assets.

“Risk management must respond to “the new normal”—an environment of continual regulatory change and ever more demanding expectations,” said Fadi Sidani, partner, enterprise risk services leader at Deloitte Middle East. “However, financial institutions must not only comply with these new regulatory requirements and priorities, they also need the flexibility to respond to the next round of regulatory developments that is likely over the coming years. This will require strong risk management capabilities, robust risk infrastructures, and timely, high-quality risk data that are aggregated across the organization,” he added.

Other key findings from the survey include:

• Broad adoption of chief risk officer (CRO) position - 92 percent of institutions reported having a CRO or equivalent position, up from 89 percent in 2012 and 65 percent in 2002.
• Enterprise risk management (ERM) becoming standard practice - 92 percent of respondents said their institution either had an ERM program or was in the process of implementing one, an increase from 83 percent in 2012 and 59 percent in 2008.
• Progress in meeting Basel III capital requirements - 89 percent of respondents at banks subject to Basel III or to equivalent regulatory requirements said their institution already meets the minimum capital ratios.
• Increasing use of stress tests - Regulators are increasingly relying on stress tests to assess capital adequacy, and respondents said stress testing plays a variety of roles in their institutions, including enabling forward-looking assessments of risk (86 percent), feeding into capital and liquidity planning procedures (85 percent), and informing setting of risk tolerance (82 percent).
• Low effectiveness ratings on managing operational risk types - Roughly two-thirds of respondents felt their institution was very effective in managing the more traditional types of operational risks, such as legal (70 percent), regulatory/compliance (67 percent), and tax (66 percent).
• More attention needed on conduct risk and risk culture - 60 percent of respondents said their board of directors works to establish and embed the risk culture of the enterprise and promote open discussions regarding risk
• Increasing importance and cost of regulatory requirements - 79 percent felt that increasing regulatory requirements and expectations were their greatest challenge. The most important impact of regulatory reform was noticing an increased cost of compliance, cited by 87 percent of respondents.
• Risk data and technology systems continue to pose challenges - 62 percent of respondents said that risk information systems and technology infrastructure were extremely or very challenging, and 46 percent said the same about risk data.

“Two emerging risks in particular are receiving increased attention from financial institutions and their regulators. Cyber-attacks on corporations, including financial institutions, have increased dramatically in the last few years, requiring institutions to strengthen the safeguards for information systems and customer data. Regulators are more closely scrutinizing how institutions manage conduct risk and the steps they are taking to create a risk culture and incentive compensation programs that encourage ethical behavior,” concludes Fadi Mutlak, partner and Cyber-security leader at Deloitte Middle East.

To download the report please visit: http://bit.ly/1FHKvkM

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities.  DTTL (also referred to as “Deloitte Global”) does not provide services to clients.  Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.  

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte’s more than 200,000 professionals are committed to becoming the standard of excellence.

About Deloitte & Touche (M.E.)

Deloitte & Touche (M.E.) is a member firm of Deloitte Touche Tohmatsu Limited (DTTL) and is the first Arab professional services firm established in the Middle East region with uninterrupted presence since 1926.

Deloitte is among the region’s leading professional services firms, providing audit, tax, consulting, and financial advisory services through 26 offices in 15 countries with more than 3,000 partners, directors and staff. It is a Tier 1 Tax advisor in the GCC region since 2010 (according to the International Tax Review World Tax Rankings). It has received numerous awards in the last few years which include Best Employer in the Middle East, best consulting firm, and the Middle East Training & Development Excellence Award by the Institute of Chartered Accountants in England and Wales (ICAEW).