However, with drastic changes in market conditions, technology, and world affairs, non-financial risk is playing a greater role.
Super incidents such as the pandemic, which have wide-ranging cultural, technological, and societal impacts, can present sudden and unexpected risks to business continuity.
Whereas financial risks are reflected in a financial institution's assets and investments, non-financial risks can have a significant impact on all business operations.
The COVID-19 pandemic changed how institutions and consumers operate because it affected the core infrastructure and market confidence on which economic activity depends.
For example, in the UK, the average cost of a data breach has grown to nearly £2.7 million. Meanwhile, the Bank of England said UK banks and insurers face climate-related losses of £209 billion to almost £334 billion.
In this environment, risk management must evolve to keep pace with rapidly changing markets, consumer expectations, and business models.
With looming challenges from agile fintechs, institutions’ ability to respond to the changing risk landscape will be a key determiner of success.
Super incidents present a new challenge - incidents where the costs cannot be easily borne by the institution, or where the costs have other negative effects.
These can include:
By 2021, there was an increased focus on operational risk and resilience, including IT disruption, data compliance, resilience risk, theft and fraud, and third-party risk.
The implications of a super incident can be significant and include:
Financial institutions are the leading targets of cybercrime, including extortion, theft, and fraud, accounting for 23 percent of all cyber-attacks.
Financial services firms are, in fact, 300 times as likely as other companies to be targeted.
Such risks are exacerbated by the move to rapidly digitise business models, with new risks emerging, including cyber attacks, IT delivery risks, business-continuity risks, as well as new model risks from AI.
The move to remote working and online services has also expanded the available attack surface that criminals can exploit and changed the conditions for how teams work together securely and efficiently.
Changing regulation focuses on protecting consumers and economies from emerging issues, demanding new approaches from financial institutions.
Climate change and ESG represent a major structural shift in risk profile for financial institutions, touching financing decisions, and measuring the potential impacts of changing weather and compliance with emissions targets.
This also includes the risk from aligning the operational impact of legacy infrastructure within the industry, including communication and document management.
For example, many institutions still rely largely on paper to manage engagement with customers, with 72% of customers still receiving printed documents even if they use a banking app or online banking service as well.
Compliance around data is also a key concern for regulators, with more customers exchanging sensitive information over digital networks.
It’s the responsibility of banks to make sure end-to-end security for all customer channels is maintained in order to protect their interests and avoid fines and reputational damage.
The global pandemic saw a large shift towards digital banking services, delineated sharply along the lines of those who could meet the demand.
Incumbents working with robust digital operations as well as fintechs were able to expand their digital footprint and gain new customers as consumers adapted their financial habits.
In the world of super incidents, financial institutions' customer retention and value proposition is dependent on the ability to adapt to changing consumer needs.
If incumbents can’t keep up, it’s likely that there is a digital challenger waiting in the wings to take on their customers.
To keep pace with these changes, financial institutions need systems that can evolve with their market context in order to remain relevant.
Effective risk transformation must account for a variety of processes targeted at different business areas and contingencies:
Business area or process capability uplift and remediation: Process, system, and control mapping; process simplification, digitisation, and automation; documenting, decommissioning, and building automated, preventative controls and monitoring.
Risk-type-specific capability uplift: These transformations focus on specific risk types, frameworks and operating-models to solve individual issues.
Risk function operating-model uplift: These transformations are typically driven by the risk function to make sure models can keep up with changing parameters and emerging threats.
Holistic enterprise-wide risk transformation: These efforts focus on changing the general way the business operates to make sure processes are fit for purpose.
Financial institutions need to prioritise systems that can change to meet the needs of the moment.
This requires a focus on:
To prevent risks from both internal actors and external attackers, institutions need to invest in solutions to accelerate recovery in the event of disaster.
Modern systems and security protocols can reduce the cost of a breach by as much as 72 percent, saving $273,000 per breach.
At an average of 22 incidents per year, these savings add up to potentially $6 million annually for the average firm.
This requires strategies to protect data before, during, and after transmission, as well as systems to store, flag breaches and locate potential threats proactively, including:
Engaging with customers is a core competency for financial institutions, but carries a range of risks, including data breaches, cyber security and fraud, as well as operational risks such as process inefficiency and sustainability challenges.
Reducing risk requires an end-to-end communication solution that can protect internal resources and transfer data securely between parties.
Keeping up with the rapid changes taking place in the risk landscape while maintaining service levels and core systems is one of the chief challenges for financial providers, platforms and intermediaries today.
To maintain competitive positioning, institutions must prioritise solutions that can be implemented across financial and operational processes to reduce risk without impacting either customer experience or efficiency.
Mailock is a secure email solution designed specifically for the financial services industry that integrates easily with existing systems and processes.
It uses the most secure encryption technology with no disruption to the email recipient experience.
In a click, you can exchange files quickly and securely with advisers, clients, and customers, minimising the need for paper and protecting against interception and fraud.
The Most Significant Data Breaches in the UK, Computer World, 2019
Bank of England: Climate Transition Will Cost Finance System Billions, Bloomberg, 2022
Financial Institutions Are Prime Targets for Cybercriminals, Institutional Asset Manager, 2021
Going Paperless: Cost Savings for UK Financial Institutions, NS Business Hub, 2021
Climate-related Financial Disclosures, Accenture, 2022
Cyber Resilience in Financial Services, Accenture, 2022
Sabrina McClune, 05.06.24
Sam Kendall, 05.06.24