Deloitte Survey: While More Boards of Directors Responsible for Risk Management Oversight, Added Focus Needed on Less Traditional Risks. 

As risk management receives heightened scrutiny in financial institutions’ boardrooms, additional investment and management attention is needed, according to the fifth edition of Deloitte’s global risk management survey.

While executives at financial services firms rated their risk management processes as extremely or very effective in the areas of market, credit and liquidity risk (each between 70 and 80 percent), respondents acknowledge that they have not yet created effective processes and systems to manage less traditional risks. Only 47 percent considered their institution very effective in managing risks associated with business continuity/IT security, 43 percent each for operational and vendor risk, and 35 percent for geopolitical risk.

This occurs as more institutions increase their focus on risk management, by elevating the responsibility for risk management to the top of the organization as a board-level oversight responsibility. The executives surveyed found that 70 percent of boardrooms now have this charge, an increase from the 59 percent reported in 2004 and 57 percent in 2002. In addition, the number of institutions with a chief risk officer (CRO) reached new heights, with 84 percent of institutions reporting that they now have a CRO in place, up from 81 percent in the 2004 survey, while another 8 percent said they plan to establish this position.

“Effective risk management is critical for financial institutions,” said David Myers, investment banking partner at Deloitte. “Expectations for financial institutions in this area continue to increase by an ever widening range of constituents including regulators, rating agencies, customers, counterparties, investors and legislators. While progress in the area of risk management has been real, a great deal more needs to be done to truly achieve a comprehensive approach that actively identifies, assesses and manages the full range of risks financial services firms face.”

Deloitte’s “Accelerating Risk Management Practices” report focused on the range of critical risk management issues facing financial services firms today. The report’s authors surveyed chief risk officers – or their equivalent – at 130 institutions across the globe. Institutions that participated were primarily commercial and retail banks, as well as diversified financial institutions; the aggregate assets of those surveyed totalled nearly $21 trillion.

The progress in implementing enterprise risk management programs illustrate both the progress and the remaining work to do in risk management in the industry. Only 35 percent of executives reported that their institutions had already implemented an Enterprise Risk Management (ERM) program, while almost a third (32 percent) are in the process of establishing one.

Where ERM programs have been created, they have yielded benefits— roughly three-quarters of executives from companies with ERM initiatives said the total value of their programs had exceeded the costs. However, this assessment of value is largely qualitative, as only 4 percent of executives said their institutions quantify the benefits of their ERM programs.

Among other findings from the survey:

• More than 70 percent of executives reported that their firms had established formal enterprise-wide programs to implement Basel II. At the same time, many institutions still have significant work to do in reaching key Basel II qualification standards.
• Although more than 60 percent of executives reported that their institutions used value at risk (VaR) extensively for fixed income, foreign exchange, and equity, less than one-third said it was used extensively for a range of other instruments including asset-backed securities, structured products, credit derivatives, and energy products.
• In the area of operational risk, only about one in four executives said their operational risk management systems were very capable in terms of reporting and data gathering, and more than two thirds said they were at least somewhat capable in those areas. Lagging behind were exposure calculations and scenario model building.

“Institutions now confront a proliferation of more complex products, more volatile markets, increased regulatory scrutiny and external threats that include security breaches, natural disasters and geopolitical concerns,” said William Higgins, financial services advisory partner at Deloitte.

“In a challenging and changing risk environment, the bar on what constitutes effective risk management is constantly being raised. Most institutions have an unfinished agenda. Financial institutions that can understand risk holistically – managing the full range of risks they confront – can strategically use risk-taking as a means to strengthen their competitive position and create value,” said Higgins.

For more information, read our executive summary and download our PDF.

Ends

About Deloitte
In this press release references to Deloitte are references to Deloitte & Touche LLP which is among the country’s leading professional services firms, providing audit, tax, consulting and corporate finance services. Deloitte & Touche LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu (‘DTT’), a Swiss Verein whose member firms are separate and independent legal entities.  Neither DTT nor any of its member firms has any liability for each other’s omissions.  Services are provided by member firms or their subsidiaries and not by DTT.  Deloitte & Touche LLP is authorised and regulated by the Financial Services Authority.  The information contained in this press release is correct at the time of going to press.