Regulatory requirements form the top challenge for 79 per cent of financial services institutions, a report said.

Eighty-five per cent of financial institutions from around the world reported that their boards of directors currently devote more time to oversight of risk than they did two years ago, while 79 per cent felt that increasing regulatory requirements and expectations were their greatest challenge, according to the ninth edition of global risk management survey conducted by Deloitte, a leading professional services firms, providing audit, tax, consulting, and financial advisory services.

In addition, the most common board responsibilities are approving the enterprise-level statement of risk appetite (89 per cent), and reviewing the corporate strategy for alignment with the risk profile of the organization (80 per cent).

This survey is the latest instalment in Deloitte’s ongoing assessment of the state of risk management in the global financial services industry. Its findings are based on the responses of 71 financial institutions from around the world and across multiple sectors, representing a total of almost $18 trillion in aggregate assets.

“Risk management must respond to “the new normal”—an environment of continual regulatory change and ever more demanding expectations,” said Fadi Sidani, partner, enterprise risk services leader at Deloitte Middle East.

“However, financial institutions must not only comply with these new regulatory requirements and priorities, they also need the flexibility to respond to the next round of regulatory developments that is likely over the coming years. This will require strong risk management capabilities, robust risk infrastructures, and timely, high-quality risk data that are aggregated across the organization,” he added.

Other key findings from the survey include:

•    Broad adoption of chief risk officer (CRO) position - 92 per cent of institutions reported having a CRO or equivalent position, up from 89 per cent in 2012 and 65 per cent in 2002.

•    Enterprise risk management (ERM) becoming standard practice - 92 per cent of respondents said their institution either had an ERM program or was in the process of implementing one, an increase from 83 per cent in 2012 and 59 per cent in 2008.

•    Progress in meeting Basel III capital requirements - 89 per cent of respondents at banks subject to Basel III or to equivalent regulatory requirements said their institution already meets the minimum capital ratios.

•    Increasing use of stress tests - Regulators are increasingly relying on stress tests to assess capital adequacy, and respondents said stress testing plays a variety of roles in their institutions, including enabling forward-looking assessments of risk (86 per cent), feeding into capital and liquidity planning procedures (85 per cent), and informing setting of risk tolerance (82 per cent).

•    Low effectiveness ratings on managing operational risk types - Roughly two-thirds of respondents felt their institution was very effective in managing the more traditional types of operational risks, such as legal (70 per cent), regulatory/compliance (67 per cent), and tax (66 per cent).

•    More attention needed on conduct risk and risk culture - 60 per cent of respondents said their board of directors works to establish and embed the risk culture of the enterprise and promote open discussions regarding risk

•    Increasing importance and cost of regulatory requirements - 79 per cent felt that increasing regulatory requirements and expectations were their greatest challenge. The most important impact of regulatory reform was noticing an increased cost of compliance, cited by 87 per cent of respondents.

•    Risk data and technology systems continue to pose challenges - 62 per cent of respondents said that risk information systems and technology infrastructure were extremely or very challenging, and 46 per cent said the same about risk data.

“Two emerging risks in particular are receiving increased attention from financial institutions and their regulators,” said Fadi Mutlak, partner and cyber-security leader at Deloitte Middle East.

“Cyber-attacks on corporations, including financial institutions, have increased dramatically in the last few years, requiring institutions to strengthen the safeguards for information systems and customer data. Regulators are more closely scrutinizing how institutions manage conduct risk and the steps they are taking to create a risk culture and incentive compensation programs that encourage ethical behaviour,” Mutlak concluded. – TradeArabia News Service