The top 100 financial institutions will spend over $100 billion a year implementing risk governance frameworks by 2012, according to research from business advisory firm Deloitte.
This is more than double the figure they spent on risk and control activities in 2006, the last full year before the financial crisis, says Deloitte, which surveyed chief risk officers (CROs) or equivalents at 28 financial institutions, including investment and retail banks and insurers.
Most respondents expect spending on risk and compliance to continue to rise and say much of it is a direct result of the global financial crisis. Money is being spent on people, computer systems and meeting Basel II and Solvency II capital standards.
However, despite the growing financial investment in risk governance Deloitte believes the success of such expenditure hinges on a corresponding behavioural change in risk culture.
While 93% of the CROs surveyed say their firms have comprehensive enterprise-wide risk statements in place, only 67% suggest these are having a significant impact on risk taking behaviour.
Martyn Jones, chairman, corporate governance services group, Deloitte, says: "It is clear that financial institutions are investing more heavily in risk management, but some are struggling with the integration. The fundamental issue is around behavioural changes - without changes in attitudes and behaviour no framework will be truly effective.
In October a report by financial regulatory agencies warned that firms need to make substantial and sustained investments in IT infrastructure if they are to overcome severe underlying weaknesses in their risk management capabilities.
The Senior Supervisors Group that comprises watchdogs from seven countries (US, Canada, France, Germany, Japan, Switzerland, UK) observed that underlying weaknesses in governance, incentive structures, information technology infrastructure and internal controls would require need to be overhauled.