Banks, NBFIs: Building a strong risk-management culture
Tapash Chandra Paul | Thursday, 12 September 2019
Over the decades, the country's financial services industry has undergone significant transformation due to internal and external factors, including business model transformation, adoption of advanced technologies and changing regulatory environments.
Simultaneously, the risk management in banks and non-bank financial institutions (NBFIs) has been transformed, largely in response to regulations that emerged from the global financial crisis.
In Bangladesh, the concept of risk management in banking sector evolved in the 1990s. Earlier, it was used to explain techniques and risks related to insurance. That kind of risk management refers to purchase of traditional insurance products to protect banks from future hazards.
Risk management in the financial sector is now referred to, as "financial risk management". Management of risk in banking became necessary in 1997 when the Basel Committee on Banking Supervision (BCBS) published the "core principles" for effective banking supervision.
This framework provided an essential linkage between capital and risks. Accordingly, banks and NBFIs need to adopt risk measurement and risk management procedures and processes in order to guarantee their risk-adjusted return in business. So, the core concept of banking risk management is to ensure profitability and safety of the banking industry.
Current financial sector trends suggest that risk management will undergo sweeping changes in the next decade, although some of the risks have already been addressed. Such risks include credit risk, liquidity risk, residual risk, market risk, foreign exchange risk, strategic risk, operational risk, reputational risk, compliance risk, cyber security risk and moral hazard.
Today, a good number of functional staff are dedicated to risk-related operational processes such as credit risk, foreign exchange risk and treasury administration. These numbers, researchers say, would be increase sharply in the coming days.
No one can draw a blueprint of what a bank's risk function will look like in the next decades nor can anyone predict all forthcoming disruptions, technological advances, macroeconomic shocks, and banking scandals.
However, fundamental trends do permit a broad sketch of what will be required of the risk function of the future.
The trends further suggest that banks and other NBFIs should take some serious initiatives now to deliver short-term results as well as towards long-term vision while preparing for the coming changes.
Some of the banks and other financial institutions are plagued by crumbling asset quality, erosion in profit and depleting status of capital. So, it's imperative to address this issue by strengthening risk management systems of banks.
For each institution, the actual solution to this problem entails different philosophies towards risk policies, methodologies, processes and technologies. Visualising risks and combating their effects on profitability through proactive planning and implementation of management process have been important tasks.
The new risk-based regulatory framework of BASEL is emphasising strengthening regulatory mechanisms such as tighter definition of regulatory capital, higher risk-weighted requirements, a new minimum leverage ratio and a capital conservation buffer.
The new architecture of 'Risk Management' has two important doctrines: risk quantification and establishing control systems. The BASEL Accords (BASEL II and III) demand utmost importance to risk management systems in banks and financial institutions and direct these institutions to adopt risk capital allocation based on quantification of risk.
While the magnitude and speed of regulatory change is unlikely to be uniform across countries, the future undoubtedly holds more regulation for banks operating in emerging economies.
Risk functions must not only ensure compliance with existing rules but also review the entire business approach through a broad, principle-based lens.
Technological innovation has ushered in a new set of competitors in financial technology companies. If banks want to keep up their pace with the tech revolution, they have no alternative to raising their game.
Customers will expect intuitive, seamless experiences, access to services at any time on any device, personalised propositions, and instant decisions even though such degree of customisation is expensive for banks.
Cyber security risks and contagion risk are also emerging. Effective and proper risk function will detect and manage new and unfamiliar risks through risk management framework of the banks.
Most of banks and NBFIs are in search of the most effective risk management framework and procedures that are simple, standard, and digitised. A strong automated control framework, for example, can reduce human intervention.
As pressure to reduce costs will persist, the risk function will need to find further cost-savings opportunities in digitisation and automation while delivering much more with much less.
Banks and other NBFIs also need to focus on managing non-financial risks cost-effectively. Despite having risk frameworks in place, the financial institutions need to go a long way to prove effectiveness and improve cost-efficiency.
As risk appetite frameworks evolve, common challenges such as nonfinancial risks inclusive of reputational, strategic and cyber risks remain. Banks and NBFIs should stay resilient beyond their core competencies.
To prepare for new risks, the risk management function will need to build a perspective for senior management on risks that might emerge, and how to detect and mitigate them.
And it will need flexibility to adapt its operating models to fulfil any new risk activities. For most banks and NBFIs, their risk functions are some way off from being able to play that role. The optimal function would have the following attributes and capabilities:
* Full automation of decisions and processes with minimal manual interventions;
* Increased reliance on advanced analytical models to de-bias decisions;
* Close collaboration with businesses and other functions to provide a better customer experience, de-biased decisions, and enhanced regulatory preparedness
* Strong advocacy of corporate values and principles, supported by a robust risk culture that is clearly defined, communicated, and reinforced throughout the bank;
* A talent pool with superior advanced-analytics capabilities
To put all this in place, there should be operating models. It is not possible to get prepared for every eventuality, but initiatives can be implemented that will bring short-term business gains while helping build essential components of a high-performing risk function over time.
Digitisation of core processes can help reduce nonfinancial risk and operating expenses. Increased efficiency, superior customer experience, and improved service standards bring additional benefits.
Risk functions should also experiment more with analytics and enhance accuracy of predictive models to be used in financial-crime detection, credit decision, early-warning systems, and recovery.
Organisations are advised to record their risks in a risk register, covering information such as: unique identifier number, risk category, description of risk, and targeted date the risk. Other possible data include likelihood of risk, consequences, interdependencies with other risks and a monetary estimation.
In an increasingly complex environment, new complexities arise, requiring an adjustment in risk management systems and procedures.
For financial institutions, expanding the array of risks that come with new types of players, new technologies, ever-growing complexities of national and international regulations, as well as changing consumer behaviour, require significant resource investments to address financial and other risks occurring as consequences of those changes.
More than ever, chief risk and compliance officers play a critical role in monitoring and managing these risks to ensure a safe transformation of banking.
While regulatory requirements have already done much to improve quality of data used in risk reports and their timeliness, less attention has been given to how they could be put to better use for making decisions.
Replacing paper-based reports with interactive digital solutions may offer information in real time and enable users to do root-cause analysis which would enable financial institutions to make better decisions and identify potential risks more quickly as well.
It is now crucial to build a strong risk-management culture: The process of detection, assessment and mitigation of risk must be made a part of daily job of all employees. With automation and sophisticated analytical and technical capabilities, the human resources are equally needed to ensure appropriate and ethical application.
Tapash Chandra Paul is Head of Risk Management Division, Mercantile Bank Ltd.
[email protected]