Five years after the 2008 financial crisis, financial institutions around the world indicate that while progress has been made in improving risk management capabilities, many are still struggling with foundational elements, according to a new international report sponsored by global consulting firm Protiviti.
Titled Restoring Confidence: Risk management capabilities in the wake of the financial crisis and conducted by the Economist Intelligence Unit (EIU), the report surveyed 350 senior-level executives at financial institutions across the globe about the state of risk management following the financial crisis.
The results of the EIU survey show that only 20 percent of financial institutions feel they have integrated risk awareness into their corporate cultures, with just 15 percent making substantial improvements toward implementing or enhancing comprehensive, enterprise-wide risk management systems.
"Respondents painted an equal glass half full and half empty picture. Many institutions have made progress towards improving risk management capabilities, and recognize the linkage between strong risk management and positive customer impacts," said Cory Gunderson, managing director of Protiviti's global risk and compliance practice. "However, much effort remains to be done on such fundamental elements as integrating risk awareness into corporate cultures, improving risk aggregation, and the quality of underlying data, all of which need to occur in a time of belt-tightening and intense competition for resources."
A Focus on Regulatory Change
Despite the need for more integrated risk awareness throughout their organizations, financial institutions are keenly aware of risks surrounding the evolving regulatory environment. In fact, nearly half (49 percent) consider dealing with increasingly complex regulatory pressures as their top risk management priority. Interestingly, a significant number of respondents say growing scrutiny from several different regulators is more burdensome than the actual regulations and associated costs for implementation.
"There is no question that the increased scrutiny by the regulators can be challenging, but risk officers are also starting to understand that some of this regulatory pressure, if it is well thought out, can be quite beneficial to their organizations," said Tim Long, a Protiviti managing director and the firm's global regulatory risk management practice leader. "In fact, nearly 60 percent of respondents admitted that tighter regulatory controls provide stronger assurances to customers, which in turn creates a distinct competitive advantage."
Ongoing Challenges and Obstacles
When asked what the obstacles are to dealing with key risks, 42 percent of the respondents said not having enough people and time; 24 percent indicated a lack of appropriate skills, and roughly 25 percent pointed to inadequate funding.
"As enforcement expands and intensifies without a commensurate increase in resources, the devil is in the details," said Carolyn Whelan, editor at the Economist Intelligence Unit.
"Progress has been made, but the research suggests much more can be done to foster a strong risk management culture across the entire enterprise."
According to the survey, perception of risk varies considerably by global region, with North American businesses attributing less importance to nearly every category of risk compared to their peer organizations.
For example, when asked to rank the importance of global economic instability, only one-third (33 percent) of North American respondents listed it as a top-three risk compared to nearly half in both Europe (48 percent) and the Asia-Pacific region (47 percent). Additionally, North American institutions are about half as likely (20 percent) as their European (37 percent) and Asian (45 percent) counterparts to consider reputational risk a top priority.