EY: Cyber threats a top risk for banks – role of CROs is key

According to the ninth annual global bank risk management survey, Accelerating digital transformation: four imperatives for risk management, it is clear that as technology and ongoing competitive disruption force banks to reinvent themselves, the risk management function must undergo a revolution in risk management professionals balancing their roles and operating models.

The survey, a collaboration between EY organization and the Institute of International Finance (IIF), finds that risk groups link strategy and risk appetite (67%); identify forward-looking or emerging risks (53%); assess strategy and business models from a risk appetite perspective (36%); help influence firm risk culture and behaviors (34%) and implement effective risk management structures (31%).

The survey also highlights four imperatives that boards, senior management, chief risk officers (CROs) and other key executives will have to address to stay competitive, maintain trust, and successfully achieve their digital transformation ambitions. The four imperatives include:

  1. Adapting to a risk environment and risk profile that is changing faster and more intensively than ever.
  2. Leveraging risk management to enable business transformation and sustained growth.
  3. Delivering risk management effectively and efficiently.
  4. Managing through and recovering from disruptions.

Additionally, risk management has a central role to play in helping navigate the evolving risk profile of banks, and preparing for, managing through, and recovering from disruptions such as cyber-attacks and weather-related disasters.

Respondents recognised the below top resilience concerns: overall cyber risks (80%), prolonged IT outages inside the bank’s environment (64%), critical-third-party outages (64%), data availability (41%), IT obsolescence (39%), critical data being destroyed (39%) and financial resilience (32%).

The survey suggests that risk management functions can leverage new technologies much more than they are doing currently. Respondents identify a range of areas where new technologies will have a material impact: fraud surveillance (72%), financial crime (68%), modeling (57%), credit analysis (57%), cybersecurity (57%) and know-your-customer activities (57%).

Regional differences

The survey findings reveal significant regional trends. Each region has different CRO top priorities: credit and liquidity risks in Asia-Pacific (both 58%); risk appetite in Latin America (62%); implementation of new regulations and supervisory expectations in Africa and the Middle East (86%); business-model risk and implementation of new regulations and supervisory expectations in Europe (both 56%) and operational risk (excluding cybersecurity) and risk technology architecture in North America (both 65%).

Savvas Pentaris, Partner and Head of Financial Services at EY Cyprus, commenting on the findings of the report, said: “The banking system of Cyprus is currently facing a number of major challenges, including the new threats and opportunities created by new technologies with regard to risk management. Cypriot banks will need to invest in new digital technologies and attract the right talent so that they can make full use of modern risk management capabilities to further shield their organisations.”

For further information, view the report at ey.com/bankingrisk and follow EY on Twitter: @EY_Banking.