January 13, 2005
Four Out of Five Major Financial Firms Now Have a Chief Risk Officer, Reflecting Tough Regulations, Increased Scrutiny, Deloitte Survey Says
Global financial services institutions are facing growing exposure to risk from a variety of factors, including mega-mergers, off-shoring, outsourcing, greater regulation, and the need to manage an increased volume of lending. These factors are causing a very large proportion of these institutions -- 81 per cent -- to establish the position of Chief Risk Officer (CRO), according to Deloitte's biannual Global Risk Management Survey released today.
The number of large institutions with chief risk officers has increased from 65 per cent since the last survey was conducted in 2002. The survey also shows that three quarters of CROs in financial services firms report to their chief executive or the board of directors. There has also been a 25 per cent increase in board-level oversight of risk management over the last two years.
Despite the increasing emphasis on containing risk, the survey shows, however, that enterprise risk management (ERM) continues to be an elusive goal for many institutions. In fact, less than one-quarter of survey participants say they are able to integrate risk across any of the major dimensions of risk type, business unit, or geography. Their focus in ERM is on measuring economic risks including credit, market, operational, and liquidity. While 38 per cent of respondents say they have integrated the organizational structure required to deal with these risks, only 15-16 per cent reported progress in integrating methodology, data, and systems.
The survey indicates that a tougher regulatory environment and increased scrutiny of financial institutions in the post-Enron business environment have contributed significantly to a greater emphasis on risk management. Reflecting this reality, the Bank for International Settlements (BIS) this year established a new capital adequacy framework for banks commonly known as Basel II, replacing guidelines created in 1988. The new framework significantly updated credit risk measurement approaches and introduced new methodologies for measuring operational risk and related capital charges.
Meanwhile, the Sarbanes-Oxley Act in the United States and similar legislation in other countries has elevated the importance of corporate governance, board oversight, internal controls, and financial disclosures -- with the threat of criminal prosecution for non-compliance.
Deloitte's fourth biannual survey, which serves as a global benchmark for risk management in financial services firms, contains responses from 162 financial institutions on six continents with assets totaling nearly $19 trillion. Approximately 65 per cent of the responses were from firms with assets ranging from $10 billion to more than $100 billion. The survey sample included responses from 12 financial services sectors in four broad categories: investment banking and related services, commercial banking, integrated financial services, and retail banking.
"Financial institutions are recognizing the need for strong risk management governance, now more than ever," said Jack Ribeiro, Managing Partner, Global Financial Services Industry, Deloitte & Touche LLP. "They are responding to increased expectations from regulators, counterparties, the public, and others to ensure sound governance of their risk management programs.
"While compliance with regulatory requirements is an imperative itself, we see major institutions using this opportunity to transform the way they look at economic capital and even their finance functions," Edward Hida, Partner and Leader, Financial Services Risk Management Services, Deloitte & Touche LLP continues. "A continuing challenge is the applicability and practicality of these efforts for smaller and mid-size institutions that may feel pressure from the development of more sophisticated capital approaches at larger institutions."
Additional survey findings
Credit Risk Management In the area of credit risk management, respondents reported significant progress since the 2002 survey. The influence of Basel II requirements, commercial credit market difficulties, and increased lending volume spurred by low interest rates in the consumer sector have caused management to focus more of their attention on strengthening their credit risk capabilities. As a result, 61 per cent of respondents are planning a high or moderate level of investment in the next 12-24 months for commercial credit, and 53 per cent for consumer credit. According to the survey, financial institutions have stepped up their efforts to improve such core capabilities as benchmarking internal ratings and using more sophisticated portfolio management methodologies and credit mitigation techniques.
Market Risk and Asset/Liability Management The survey showed that in terms of market risk, many firms are adding coverage of additional product types such as asset-backed securities. They also have increased their use of advanced modeling techniques such as event risk, and they are doing more stress testing, which indicates more attention is being paid to current market risk analyses. In the asset/liability management arena, the survey shows that financial institutions are building upon the core analytics and methods that have been in place.
Operational Risk Management According to the survey, operational risk management (ORM) continues to be a relatively new and developing field compared to the more established risk management disciplines, with the majority of respondents still in the beginning stages of implementation. However, the survey shows an increase over 2002 in the number of firms that have established ORM programs. The capability of ORM systems continues to be a challenge for a substantial majority of respondents who indicated that at least some improvement in functionality is needed.
Risk Systems and Technology While information technology is considered to be the key enabler of risk management architecture, respondents report a host of continuing challenges in developing adequate risk systems. More than half (52 per cent) cited a lack of integration among systems as a major concern and 42 per cent cited it as a minor concern. Lack of flexibility and scalability as well as performance issues were also noted as key challenges.
Improving regulatory related systems capabilities and implementing operational risk management and advanced credit risk systems were the three highest priority items cited by respondents in the systems development and technology area.
Extended Enterprise Solutions When it comes to off-shoring, near-shoring and outsourcing arrangements across a variety of corporate functions, survey respondents reported that information technology and application management was the only area where a majority (61 per cent) employed an extended enterprise solution (EES). Just less than half of the respondents use EES for call centers or back office processing.
Note to Editors
A comprehensive set of detailed questions addressing the key issues facing risk management of global financial institutions was completed using an on-line tool with invited participants comprising the senior risk management officers of the financial institutions. 162 of the top global financial institutions participated. Respondents broke out regionally as follows: seventeen percent of respondents were North American companies; 25% were South American companies; 26% were European companies; and 31% were from Asia/Pacific. Respondents answered questions which addressed the range of key risk management issues facing financial institutions including: Risk Governance, Economic and Regulatory Capital, Enterprise Risk Management, Credit Risk Management, Market Risk and Asset/Liability Management, Operational Risk Management, Risk Systems and Technology and Extended Enterprise Solutions.
For further information please visit: http://www.deloitte.com/
Posted by Tom Troceen