The role of bank Chief Risk Officers

Global climate change, the impact of the COVID-19 pandemic, persistently low interest rate environments and the growing demands of regulators are testing the resilience of banks and setting their risk management in a new direction.

Worldwide, banks are making major changes to their organisations and operating models driven by the pressure to perform and the opportunities provided by new technology. PwC’s Risk management 2025 and beyond – priorities and transformation agenda for the banking industry focuses on the transformation steps being undertaken by banking risk functions over the next five years, as well as the evolving role of the Chief Risk Officer. For the purposes of the study, 80 representatives from 60 international banks (including 17 from Africa) were interviewed and a total of 1,500 data points were evaluated.

Jacques Muller, PwC Africa’s Financial Services Risk and Regulation Leader says:

“The COVID-19 pandemic and related economic uncertainty have generally been well managed by the banking sector. Risk functions are becoming more dynamic and flexible and increasingly contribute to leading banks through a complex and volatile landscape of opportunities and threats.

“Risk officers and their teams are developing innovative approaches to react to emerging thematic risks and increasing their focus on cyber risks, fraud, money laundering, and ESG matters. The rapidly evolving risk landscape necessitates new mindsets and approaches to staff development and prioritisation of investments in new capabilities.”

The report highlights the key risk challenges impacting the industry and priorities for change identified by bank Risk functions for the next five years.

Key priorities of change for banks over the next five years

1. Interlocking risk and business transformation: Bank business models continue to evolve driven by technology changes, new competitors and pressure on shareholder returns. Risk functions acknowledged the need to pivot their skills, capabilities and infrastructure to lockstep with these changes to ensure a future proof and agile control environment. Payments and transaction banking are the business areas expected to undergo significant change over the next decade. This is followed by retail and commercial lending.

While efficiency continues to be important, material cost reduction is not on the agenda for the majority of risk functions in the immediate term.

2. Moving from analog to digital – unfinished business concerning non-financial risks: Most banks struggle to build a close link between the performance of controls, specific process vulnerabilities and the loss estimates tagged to non-financial risks. There is equally a recognition of the need for new frameworks, assessment approaches and organisational structures around risk themes like cyber and climate change which can have very diverse impact channels. There are significant differences in organisation maturity and ambition around non-financial risks (cyber, information technology, third party/outsourcing, etc.) and the interaction model between risk and compliance remains a complex area requiring further thought for most banks in the context of managing non-financial risks.

3. Preparing for climate change: The enormity and uncertainty surrounding evolution of the climate agenda makes it particularly challenging for Risk functions. There is a need to establish effective frameworks and operating models to track and act on diverse data sources both for better risk management as well as a potential competitive advantage. It is clear that firms will need to build capabilities to shape up an informed strategy and build effective and compliant risk management practices. Most institutions have started multi-year programmes in response, looking at this as a joint challenge across strategy, business and risk

4. Building on the lessons from COVID-19: The COVID-19 pandemic was the first large-scale test of operational resilience across the financial services sector and many stakeholders would not have expected the ability of even complex global institutions to transition to a remote and digital way of operating within such a short frame of time. Despite the challenges of tens of thousands of staff across the value chain moving to remote working, most participants in the study were able to maintain major operations without any significant incidents.

Looking forward there are a number of learnings from the crisis which we expect to shape scenario analysis design and frequency, change delivery and data-driven decision making.

5. Preparing for the next decade of operational resilience: Banking resilience is emerging as the second key trend (next to sustainability) that will require continued focus from the industry over the next ten years.

Muller adds:

“The COVID-19 pandemic has raised the profile of resilience as banks recognise it’s no longer an option but a necessity. Globally, and locally, we are also seeing a call from regulators to take action by putting this issue on par with their ability to handle financial stresses.”

One of the key challenges to building resilience cited by banks was a lack of awareness about operational resilience and its connection to existing business practices. Strong governance, clear accountability and consistent definitions are essential to push ahead with efficient programmes and processes for building a resilient organisation.

6. Seizing upon the advent of true automation:. In terms of technology, banks are increasingly relying on big data, artificial intelligence (AI) and machine learning to control and reduce risks. There has been considerable investment in building self-service analytics platforms and making these available to staff across the institution with an aim to provide more effective capabilities and potentially reduce cost at the same time. Much of the adoption is being driven organically within institutions where analytics and data science teams are beginning to emerge within Risk functions.

7. Managing the generational workforce transition: There is agreement among banks that risk professionals with a very different background will be required to deal with newly emerging risks, with an affinity for data and technology being critical. The incoming generation of risk professionals has grown up with technology and is looked at as inherently tech-affine, bringing the skills and attitude to tech enabled problem solving that institutions are looking to build. It is also believed that leadership models and career pathways will have to evolve to cater to the differing expectations of millennials with a general sense of the growing importance of work-life balance and that career journeys may need to be structured such that they include positions in multiple parts of the firm.