Against a backdrop of bank failures and low consumer trust, the financial services industry is juggling escalating cyber threats, ever-rising regulatory scrutiny, and the need to innovate. Sara Benwell reports.

The financial services industry is in a period of significant disruption.

A global risk management survey, carried out by Aon, drew on the experiences of risk, finance, C-suite and HR professionals worldwide to gain an understanding of what is keeping business leaders in the sector up at night.

Financial markets

The survey found that FS risk managers see cybercrime and data breaches as the greatest risk to their operations. This is no surprise – cyberattacks are growing ever-more sophisticated, and banks, pension companies and other financial institutions are obvious targets.

Matt Cumbers, chief risk officer at Cushon, says that dealing with the threat of cyber disruption has been a significant priority for his organisation, in part driven by the conviction of their cyber risk director.

He says: “We spent a lot of time upfront on cyber risk, so we’ve got very strong controls, probably stronger than we should have for an organisation of our size… Now, I’m trying to bring up the mitigation of the other risk types in line with that.”

TOP TEN RISKS

The greatest risks facing financial institutions in the future, as outlined by Aon’s Global Risk Management Survey, are:

  1. Cyberattack or data breach
  2. Regulatory or legislative changes
  3. Failure to attract or retain top talent
  4. Economic slowdown or slow recovery
  5. Artificial intelligence
  6. Cashflow or liquidity risk
  7. Failure to innovate or meet customer needs
  8. Asset price volatility
  9. Interest rate fluctuation
  10. Tech or system failure

REGULATION – FOR US OR AGAINST US?

The second most significant risk facing financial firms, according to the Aon survey, is regulation.

This is likely to be in direct response to the tsunami of new legislation seen both nationally and internationally as regulators seek to avoid the mistakes of the past and solve the challenges of the future.

Matt Handley, chief risk officer at Handelsbanken, sees it as a blessing and a curse. He explains that onerous regulatory frameworks can sometimes stifle innovation and create challenges for new or and smaller banks, who may feel as if they’re being bogged down in a box-ticking exercise.

“Some 60% of our tech engineering resource is focused purely on staying compliant and keeping up with regulatory change.”

But ultimately, it’s important to see regulation as an opportunity for growth rather than a barrier. For instance, he notes: “It’s been helpful having ESG on the regulatory agenda to get us to really think about climate risk and the ways in which we should be thinking about the threats to our bank today and in 40 years’ time.”

Cumbers agrees that regulation can provide opportunities, but says that the burden on pensions companies is significant. He explains: “Some 60% of our tech engineering resource is focused purely on staying compliant and keeping up with regulatory change.

“The challenge from my CEO is: ‘Do we really need to spend the majority of our resources on this? Can we not spend more on having a better customer interface or new products?’ And the short answer is no and not for the foreseeable future.”

TRUST ISSUES

Another ongoing challenge for financial services firms is building up trust and reputation, which has been damaged by events such as the 2008 financial crisis, the collapse of three banks last year, mis-selling scandals, Libor, and today concerns about greenwashing.

Handley says the accelerating speed of change and the role of social media in rapidly spreading both information and misinformation that can affect market stability means CROs need to grapple with real-time risk management.

He says: “I’m old enough to remember the Northern Rock crash and the queues of people on the streets… You then draw the parallels to SVB, and obviously there were lots of things that went wrong… but the speed with which the customers got their money out was never seen before. We watched as different banks were thrown up as potential failures or were being stress-tested in real time.”

“In an environment where new talent is hard to attract, upskilling the existing workforce to be able to address these risks is more important than ever.”

Fostering the right culture is a significant issue for financial institutions, in the face of faltering consumer trust. Having the right people is crucial, yet Aon’s report found that 70% of financial institutions reported losses in digital talent.

The report states: “Historically, financial institutions have countered talent-related risks with relatively high pay; however, many have shifted to a strategy that combines pay (levels and structures) with employee value propositions (EVPs) and purpose.

“In an environment where new talent is hard to attract, upskilling the existing workforce to be able to address these risks is more important than ever. Retaining talent will depend on building a strong EVP to balance pay with other benefits.”

COST OF KEEPING UP

The competitive landscape for financial institutions is constantly evolving, with digital-first companies and FinTech innovators shaking up the sector.

To remain competitive, financial institutions must optimise their cost base while maintaining a tight grip on security and compliance, and invest in technology as part of a longterm strategy to future-proof their businesses. But this takes up valuable resources.

Cumbers says that working through the implications of AI is something that takes up a lot of his time; as is looking to eliminate human errors introduced through manual processing.

He says: “We’re working through what our own approach [to AI] should be and what guardrails there should be around it. It’s very early days and in my role, I’m trying not to stifle the innovation because I’m quite excited about it, but I do recognise the need to be realistic in terms of how it’s deployed.”

“It has to be married with training your people, skilling them to the right level and providing the context as to why they’re doing a process. Otherwise, you end up with box-ticking.”

Handley agrees that automation is a critical next step. “From a risk control perspective, there’s a lot to be said for automating and simplifying processes and putting the right number of controls in the right place… But it has to be married with training your people, skilling them to the right level and providing the context as to why they’re doing a process. Otherwise, you end up with box-ticking.”

Another concern is that the complexities involved in launching new initiatives quickly to meet consumer needs often have unintended, but severe, consequences. For example, the deployment of bounceback loans in the UK during the COVID-19 pandemic created vulnerabilities that fraudsters could exploit. Some financial firms are aiming to stay ahead and stay relevant by outsourcing to technology companies. But this in turn creates new supply chain challenges.

Handley says: “It brings a huge number of different risks… including being able to appropriately outsource and oversee some very large firms… It’s not typically the person that you’re outsourcing to that gives you the challenge, it’s the fourth and fifth parties who are also supplying little bits of the food chain.”

As the world continues to change and challenge at a dizzying rate, financial services teams have their work cut out to keep those plates spinning and the crashes at bay. And only those that invest in the right controls – and people – will succeed.