New York, December 10, 2004 — Faced with growing exposure to risk through mega mergers, off-shoring, outsourcing, more stringent regulations and an increased volume of lending, 81 percent of global financial services institutions have established the position of Chief Risk Officer (CRO), according to Deloitte's 2004 Global Risk Management Survey released today. That number has increased from 65 per cent since the last survey was conducted in 2002.

The survey also shows that three quarters of CROs in financial services firms report to their chief executive or the board of directors. There has also been a 25 percent increase in board-level oversight of risk management over the last two years.

Despite the increasing emphasis on containing risk, the survey shows, however, that enterprise risk management (ERM) continues to be an elusive goal for many institutions. In fact, less than one-quarter of survey participants say they are able to integrate risk across any of the major dimensions of risk type, business unit, or geography.

Their focus in ERM is on measuring economic risks including credit, market, operational, and liquidity. While 38 percent of respondents say they have integrated the organizational structure required to deal with these risks, only 15-16 percent reported progress in integrating methodology, data, and systems.

The survey indicates that a tougher regulatory environment and increased scrutiny of financial institutions in the post-Enron business environment have contributed significantly to a greater emphasis on risk management. Reflecting this reality, the Bank for International Settlements (BIS) this year established a new capital adequacy framework for banks commonly known as Basel II, replacing guidelines created in 1988. The new framework significantly updated credit risk measurement approaches and introduced new methodologies for measuring operational risk and related capital charges.

Meanwhile, the Sarbanes-Oxley Act in the United States and similar legislation in other countries has elevated the importance of corporate governance, board oversight, internal controls, and financial disclosures — with the threat of criminal prosecution for non-compliance.

Deloitte's fourth biannual survey, which serves as a global benchmark for risk management in financial services firms, contains responses from 162 financial institutions on six continents with assets totaling nearly US$19 trillion.

Approximately 65 percent of the responses were from firms with assets ranging from $10 billion to more than $100 billion. The survey sample included responses from 12 financial services sectors in four broad categories: investment banking and related services, commercial banking, integrated financial services, and retail banking.

"Financial institutions are recognizing the need for strong risk management governance, now more than ever," said Jack Ribeiro, managing partner of Deloitte's Global Financial Services Industry practice. "They are responding to increased expectations from regulators, counterparties, the public, and others to ensure sound governance of their risk management programs."

Edward Hida, partner, Deloitte & Touche, and leader of US Banking Risk Management Services, continues: "While compliance with regulatory requirements is an imperative itself, we see major institutions using this opportunity to transform the way they look at economic capital and even their finance functions.

"A continuing challenge is the applicability and practicality of these efforts for smaller and mid-size institutions that may feel pressure from the development of more sophisticated capital approaches at larger institutions." Additional survey findings include:

• Credit Risk Management  In the area of credit risk management, respondents reported significant progress since the 2002 survey. The influence of Basel II requirements, commercial credit market difficulties and increased lending volume spurred by low interest rates in the consumer sector have caused management to focus more of their attention on strengthening their credit risk capabilities. As a result, 61 percent of respondents are planning a high or moderate level of investment in the next 12-24 months for commercial credit, and 53 percent for consumer credit. According to the survey, financial institutions have stepped up their efforts to improve such core capabilities as benchmarking internal ratings and using more sophisticated portfolio management methodologies and credit mitigation techniques.
• Market Risk and Asset/Liability Management  The survey showed that in terms of market risk, many firms are adding coverage of additional product types such as asset-backed securities. They also have increased their use of advanced modeling techniques such as event risk, and they are doing more stress testing, which indicates more attention is being paid to current market risk analyses. In the asset/liability management arena, the survey shows that financial institutions are building upon the core analytics and methods that have been in place.
• Operational Risk Management  According to the survey, operational risk management (ORM) continues to be a relatively new and developing field compared to the more established risk management disciplines, with the majority of respondents still in the beginning stages of implementation. However, the survey shows an increase over 2002 in the number of firms that have established ORM programs. The capability of ORM systems continues to be a challenge for a substantial majority of respondents who indicated that at least some improvement in functionality is needed.
• Risk Systems and Technology  While information technology is considered to be the key enabler of a risk management architecture, respondents report a host of continuing challenges in developing adequate risk systems. More than half (52 percent) cited a lack of integration among systems as a major concern and 42 percent cited it as a minor concern. Lack of flexibility and scalability as well as performance issues were also noted as key challenges. Improving regulatory related systems capabilities and implementing operational risk management and advanced credit risk systems were the three highest priority items cited by respondents in the systems development and technology area.
• Extended Enterprise Solutions  When it comes to off-shoring, near-shoring and outsourcing arrangements across a variety of corporate functions, survey respondents reported that information technology and application management was the only area where a majority (61 percent) employed an extended enterprise solution (EES). Just less than half of the respondents use EES for call centers or back office processing.

About the survey methodology
To produce the 2004 Global Risk Management Survey, a comprehensive set of detailed questions addressing the key issues facing risk management of global financial institutions was completed using an on-line tool, with invited participants comprising the senior risk management officers of the financial institutions. Participation included 162 of the top global financial institutions, with respondents broken out regionally as follows: 17% of respondents were North American companies; 25% were South American companies; 26% were European companies; and, 31% were from Asia/Pacific.

Respondents answered questions which addressed the range of key risk management issues facing financial institutions including: Risk Governance; Economic and Regulatory Capital; Enterprise Risk Management; Credit Risk Management; Market Risk and Asset/Liability Management; Operational Risk Management; Risk Systems and Technology; and, Extended Enterprise Solutions.

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 150 countries. With access to the deep intellectual capital of 120,000 people worldwide, Deloitte delivers services in four professional areas — audit, tax, consulting, and financial advisory services — and serves more than one-half of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies. Services are not provided by the Deloitte Touche Tohmatsu Verein, and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas.

As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names "Deloitte," "Deloitte & Touche," "Deloitte Touche Tohmatsu" or other related names.