The eighth annual global bank risk management survey of Chief Risk Officers (CROs) explores key focus areas and challenges for banks. Source: Shutterstock

Digital transformation and cybersecurity reported as top concerns by CROs

ACCORDING to a survey by Ernst & Young (EY) and the Institute of International Finance (IIF), risk management functions within financial services organizations are primarily concerned with cybersecurity and data-related risks.

The eighth annual global bank risk management survey of Chief Risk Officers (CROs) explores key focus areas and challenges for banks as they move through three distinct phases of a 15-year risk transformation journey: restore, rationalize and reinvent. A total of 77 banks across 35 countries participated in the study.

The survey reports cybersecurity as an increasing concern for respondents, with 77 percent of CROs claiming it is one of the most important risks over the next year. This is an increase of 22 percent since the 2015 survey.

A majority of the banks surveyed (86 percent) also cited data-related risks, such as availability and integrity, as a top emerging risk over the next five years.

Top-of-mind risks for CROs and boards. Source:

Tom Companile, partner, financial services office, Ernst & Young LLP, said:

“Banks have reached an inflection point in risk management. How banks navigate emerging risks and opportunities presented by technological innovations will dictate their ability to thrive over the next decade. Risk leaders recognize that data is both a risk and a major opportunity. Being able to manage multiple challenges and changes simultaneously will distinguish leaders in the industry, especially as cyber threats and digital disruption continue to impact banks globally.”

Respondents to the survey claim that risk and compliance functions are key tasks that should be prioritized due to ever-present cyber threats and digital disruption.

Andres Portilla, managing director of the regulatory affairs department at IIF said:

“CROs and anyone who works in the risk function have to be much closer to the business lines with a more proactive mindset. Banks depend on people to implement, maintain and protect systems and data. Data will help identify and address emerging risks as well as inform strategic and everyday decisions. But data itself is also a source of risk, either from a data protection, integrity or fraud perspective, and risk managers have a key role to play in keeping a balance between leveraging the new technologies as much as possible within their organizations and keeping the associated risks within their risk appetite.”

Banks are increasingly incorporating new technologies into their risk management programs. It is becoming abundantly clear that in order for banks to succeed in an increasingly digital world, they need to become technologists at heart. Blockchain, Chatbots, and Robotic Process Automation (RPA) are becoming key priorities for financial organizations.

Survey results show that respondents expect new techniques and technologies will cut costs in risk management, notably through digitization (64 percent), machine learning (59 percent) and through the use of automation (87 percent).

In regard to the implementation of new technologies to drive digital transformation, respondents reported their top concerns as cybersecurity (64 percent), a shortage of IT talent/resources (64 percent) and cost (52 percent).

“Over time, risk functions will have to leverage technology to improve risk management and become technology innovators, rather than spectators. Banks will have to rethink how they manage risks, what risks need to be managed and what new types of talent will be required,” adds Campanile.

Last year, EY got 26 percent of its revenue from advisory services, including IT risk.