Maintaining expertise in types of risks in banking is an unending challenge for industry leaders. The landscape is always changing, whether in response to technology advancements, increasingly sophisticated criminal activity or, as we've discovered, a pandemic. Banking leaders who were certain of the risks their organizations faced in the late twenty-teens woke up to a brand new view in spring 2020.
Now, over a year later, COVID-19, increased remote access, a heightened interest in blockchain currencies, opportunistic financial crime and regulatory responses have made the view even more complex.
5 Types of Risks in Banks for Your RadarIt's time to take a fresh look at the risks faced by the banking industry.
1) Strategic Risk Grows with Changing Demands
Many bank leaders are emerging from the all-hands-on-deck status of the early COVID era to evaluate their strategic goals, only to discover that they need to make significant pivots to continue their growth and achieve a full recovery. Several essential factors banks should consider while preparing for strategic threats include:
- Unexpected geopolitical shocks
- Rapidly evolving regulatory policies
- Societal changes inspired by remote work and social distancing — which ramped up the demand for innovative payment solutions
The competitive landscape is changing. Nontraditional providers like Google, Amazon and Facebook are disrupting the banking industry with new services, steadily deepening their footprint in the space.
Assessing and addressing strategic risk will be a critical priority of bank leaders as the triage mode fades.
2) Ever-Changing Rules Heighten Compliance Risk
The digitization and mobility of today's banking customers mean that any financial institution needs to be prepared to meet regulations on a global scale.
Rapid digital transformation, already underway but spurred by the past year, has increased pressure on financial institutions to implement greater data and privacy controls. In the United States, California's data privacy acts have led to additional state-specific actions. They may demand response at the federal level Payment services directives in the European Union and Singapore are just two of the newer regulations international financial institutions must account for.
(Read more about international banking regulations in Diligent's piece,"World Response to Cybercrime Threat Impacts Financial Institutions.")
Meanwhile, banks may find themselves between a rock and a hard place if they are targeted by ransomware demands. The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) issued an advisory on ransomware in late 2020, warning organizations of repercussions: "Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations."
As always, not all regulatory changes introduce new burdens. Australia's lending reforms, part of the government response to COVID-19, are "a path to improve the efficient flow of credit by removing duplicative or excessive regulatory barriers that increase the time and cost involved in obtaining credit approval," Lexology reported. The reforms are part of the country's National Consumer Credit Protection Amendment (Supporting Economic Recovery) Bill 2020.
3) Predicted Increase in Insolvencies Looms over Lenders
The ongoing management of pandemic response and lifting government aid will likely increase the risk to lenders, the European Central Bank warned in May. The heightened risk to financial stability could be brought on as support is removed, and "considerably higher insolvency rates than before the pandemic cannot be ruled out, especially in certain euro area countries. This in turn could weigh on sovereigns and banks which provided support to corporates during the pandemic."
Major global banks are bracing themselves for a dramatic rise in defaults due to the financial and economic stress caused by the pandemic. S&P Global predicts that default rates of non-financial corporations could surge "into the high single digits in Europe over the next 12 months"; in the U.S., such loan defaults "may rise above 10%."
4) Lack of Imagination Puts Banks at Operational Risk
Resiliency is a keyword that grew out of the past decades' focus on disaster recovery and business continuity ideation.
According to the U.S. Federal Reserve, banks' operational resiliency in the context of COVID-19 is promising. In its spring Supervision and Regulation Report, the organization had an optimistic view of banks' operational resiliency. It read, "Many banks had invested in technology to improve their capacity to process digital transactions prior to the COVID event. This investment enabled banks to continue to provide banking services and work with their customers in a remote environment."
As working models continue to evolve as organizations transition to the next phase of Future of Work, leaders will need to anticipate and mitigate complex operational risks.
5) Third-Party Risks Take the Spotlight
The shift to remote work and online banking has increased the risk institutions face from third-party vulnerabilities, a factor presented in the ABA Journal's risk outlook for 2021. Both counting on a single platform, such as a cloud service provider, and engaging with a vendor who may have its own higher-risk downstream suppliers are factors banks should account for. Consider this advice: "Institutions should increasingly assess where data is going, who's managing it along the way and how downstream risks may now exist with providers the bank didn't even know they were using."