Four Out of Five Major Financial Firms Now Have a Chief Risk Officer
Global financial services institutions are facing growing exposure to risk from a variety of factors, including mega-mergers, off-shoring, outsourcing, greater regulation, and the need to manage an increased volume of lending.
These factors are causing a very large proportion of these institutions -- 81 per cent -- to establish the position of Chief Risk Officer (CRO), according to Deloitte's biannual Global Risk Management Survey released last week.
The number of large institutions with chief risk officers has increased from 65 per cent since the last survey was conducted in 2002. Despite the increasing emphasis on containing risk, the survey shows, however, that enterprise risk management (ERM) continues to be an elusive goal for many institutions. In fact, less than one-quarter of survey participants say they are able to integrate risk across any of the major dimensions of risk type, business unit, or geography. Their focus in ERM is on measuring economic risks including credit, market, operational, and liquidity. While 38 per cent of respondents say they have integrated the organizational structure required to deal with these risks, only 15-16 per cent reported progress in integrating methodology, data, and systems.
The survey indicates that a tougher regulatory environment and increased scrutiny of financial institutions in the post-Enron business environment have contributed significantly to a greater emphasis on risk management.
"Financial institutions are recognizing the need for strong risk management governance, now more than ever," said Jack Ribeiro, Managing Partner, Global Financial Services Industry, Deloitte & Touche LLP. "They are responding to increased expectations from regulators, counterparties, the public, and others to ensure sound governance of their risk management programs.
"While compliance with regulatory requirements is an imperative itself, we see major institutions using this opportunity to transform the way they look at economic capital and even their finance functions," Edward Hida, Partner and Leader, Financial Services Risk Management Services, Deloitte & Touche LLP continues. "A continuing challenge is the applicability and practicality of these efforts for smaller and mid-size institutions that may feel pressure from the development of more sophisticated capital approaches at larger institutions."
Additional survey findings:
Credit Risk Management: In the area of credit risk management, respondents reported significant progress since the 2002 survey. The influence of Basel II requirements, commercial credit market difficulties, and increased lending volume spurred by low interest rates in the consumer sector have caused management to focus more of their attention on strengthening their credit risk capabilities. As a result, 61 per cent of respondents are planning a high or moderate level of investment in the next 12-24 months for commercial credit, and 53 per cent for consumer credit. According to the survey, financial institutions have stepped up their efforts to improve such core capabilities as benchmarking internal ratings and using more sophisticated portfolio management methodologies and credit mitigation techniques.
Market Risk and Asset/Liability Management: The survey showed that in terms of market risk, many firms are adding coverage of additional product types such as asset-backed securities. They also have increased their use of advanced modeling techniques such as event risk, and they are doing more stress testing, which indicates more attention is being paid to current market risk analyses. In the asset/liability management arena, the survey shows that financial institutions are building upon the core analytics and methods that have been in place.
Operational Risk Management: According to the survey, operational risk management (ORM) continues to be a relatively new and developing field compared to the more established risk management disciplines, with the majority of respondents still in the beginning stages of implementation. However, the survey shows an increase over 2002 in the number of firms that have established ORM programs. The capability of ORM systems continues to be a challenge for a substantial majority of respondents who indicated that at least some improvement in functionality is needed.
Risk Systems and Technology: While information technology is considered to be the key enabler of risk management architecture, respondents report a host of continuing challenges in developing adequate risk systems. More than half (52 per cent) cited a lack of integration among systems as a major concern and 42 per cent cited it as a minor concern. Lack of flexibility and scalability as well as performance issues were also noted as key challenges.
Improving regulatory related systems capabilities and implementing operational risk management and advanced credit risk systems were the three highest priority items cited by respondents in the systems development and technology area.
Extended Enterprise Solutions: When it comes to off-shoring, near-shoring and outsourcing arrangements across a variety of corporate functions, survey respondents reported that information technology and application management was the only area where a majority (61 per cent) employed an extended enterprise solution (EES). Just less than half of the respondents use EES for call centers or back office processing.