Executive Perspectives on Top Risks – Key Issues Being Discussed in the Boardroom and C-Suite
Research conducted by Protiviti and North Carolina State University’s ERM Initiative
Shifting cultural norms and expectations of accountability. Disruptive business models. Innovations triggered by emerging technologies. Changes in the geopolitical landscape. Negotiations surrounding Brexit. Shifting customer preferences and demographics. Natural disasters. Record lows in unemployment, tightening labour markets and an escalating war for specialised talent. Immigration challenges. Cyber breaches on a massive scale. Terrorism. Big data analytics. A strong U.S. dollar.
These and a host of other significant risk drivers are all contributing to the risk dialogue happening today in boardrooms and executive suites.
Expectations of key stakeholders regarding the need for greater transparency about the nature and magnitude of risks undertaken in executing an organisation’s corporate strategy continue to be high. Pressures from boards, volatile markets, intensifying competition, demanding regulatory requirements, changing workplace dynamics, shifting customer preferences, uncertainty regarding catastrophic events and other dynamic forces are leading to increasing calls for management to design and implement effective risk management capabilities and response mechanisms to identify, assess and manage the organisation’s key risk exposures, with the intent of reducing them to an acceptable level.
In this seventh annual survey, Protiviti and North Carolina State University’s ERM Initiative report on the top risks on the minds of global boards of directors and executives. Our respondent group, which includes 825 board members and C-suite executives from around the world, provided their perspectives about the potential impact over the next 12 months of 30 risk issues across these three dimensions:
- Macroeconomic risks likely to affect their organisation’s growth opportunities
- Strategic risks the organisation faces that may affect the validity of its strategy for pursuing growth opportunities
- Operational risks that might affect key operations of the organisation in executing its strategy
Commentary – Financial Services Industry Group
For financial services organisations globally, the years since the global financial crisis that began in 2008 were marked by an unusually intensive and, for many firms, almost exclusive focus on risk management and regulatory compliance matters. Last year, the results of our survey marked an initial shift away from those trends, in that while regulatory compliance matters remained a significant source of risk, digital disruption and other threats to business competitiveness began to be viewed as increasing sources of concern. Our 2019 results show this shift is continuing and, in many areas, accelerating.
Regulatory compliance concerns remain elevated but stable
Although regulatory change and regulatory scrutiny remained the highest scoring risk issue this year, scores for this attribute increased only 4 percent year over year. Moreover, perceptions of regulatory risk diverged significantly by geography in this year’s survey. Concern for this risk issue actually decreased in North America, reflecting the deregulatory agenda of the Trump administration and Republican-held Congress, as well as what has generally been perceived to be a more balanced, growth-friendly supervisory environment promoted by the new leaders of the major federal regulatory agencies within the United States.
Conversely, the perception of regulatory risk increased significantly among financial institutions in the European Union, as well as those in Asia-Pacific and Australia/New Zealand. European institutions face ongoing efforts to fully implement and optimise controls related to the General Data Protection Regulation (GDPR) that became initially effective in May 2018.1 Additionally, significant concerns and uncertainty exist regarding the ultimate outcome and impact of the United Kingdom’s looming exit from the European Union in light of London’s historical prominence as a financial services hub.2 Financial institutions might face myriad change-management tasks should they need to relocate people and operations out of the United Kingdom and into financial services centers that will remain in the European Union, such as Dublin, Frankfurt and Paris, and obtain the necessary licenses to reflect their new footprints. In the meantime, they also are attempting to develop contingency plans in the event that a failure in negotiations leads to a “no deal” or “hard Brexit” scenario by March 2019.
The Asia-Pacific region continues to experience increasing regulatory scrutiny in areas in which U.S. and European financial institutions have spent the past decade in remediation activities, notably financial crimes misconduct and overall strengthening of the risk and compliance management framework.
Top Risks for 2019
(click on image to enlarge)
Concerns about keeping pace with technological change increase
Although regulatory compliance matters remain important, as described above, we continue to see an accelerating shift in financial institutions’ attention toward business growth and innovation objectives. Notably, the attribute that saw the largest year-over-year increase in the current survey was:
Our existing operations and legacy IT infrastructure may not be able to meet performance expectations related to quality, time to market, cost and innovation as well as our competitors, especially new competitors that are “born digital” and with a low-cost base for their operations, or established competitors with superior operations.
This risk issue also increased in significance from 2017 to 2018; however, the rate of increase from 2018 to 2019 was nearly three times that of last year, indicating a strong and accelerating degree of concern about the ability of financial institutions to keep pace with disruptive technology change.
For Financial Services globally, our top risks surveys conducted for 2018 and 2019 marked a shift away from an intensive and, for many firms, almost exclusive focus on risk management and regulatory compliance matters that transpired since the global financial crisis. While regulatory compliance matters remain a significant source of risk, digital disruption and other threats to business competitiveness are being viewed with increasing concern. The results for 2019 show this shift not only is continuing but is, in many areas, accelerating.
Michael Brauneis, Managing Director, Americas Financial Services Industry Leader, Protiviti
Going into 2018, for example, 82 percent of U.S. commercial banks surveyed expected to increase FinTech investments over the next three years, and 86 percent of those expected to begin investing immediately.3 These expectations were strongly borne out in practise. According to FinTech Global, total financial technology venture investments in the first half of 2018 alone ($41.7B) exceeded those made throughout all of 2017 ($39.4B).4 Additionally, 2018 continued to see the total number of investments shrink, while average investment size increased significantly and investments continued to shift more to late stage startups. All of these data points indicate a maturing and consolidating market for FinTech capabilities as traditional financial institutions increase investments designed to ward off competition from non-traditional startups.
In practise, we have observed several specific areas of investment, including:
- Use of technologies such as robotics and other workflow automation tools, natural language processing, and artificial intelligence/machine learning to dramatically increase the efficiency of and reduce costs associated with operational, risk management and compliance activities. In particular, we are seeing that anti-financial crime and fraud risk management functions are at the center of significant innovation and cost reduction efforts.
- Modernising legacy technology platforms and data storage infrastructure to reduce the competitive advantage that “born digital” competitors have in these areas, and enable greater use of big data-driven solutions such as AI-supported digital customer service assistants. Over the past year, global money center banks such as HSBC (piloting its “Pepper” robot in branches5) and Bank of America (with its “Erica” digital assistant6) have made headlines for their innovations in these areas. In 2019, we expect to see these trends continue and increasingly trickle down to smaller organisations, as well.
- Consolidating platforms and providing a more efficient and user-friendly customer-facing digital experience across internet and mobile platforms as well as in physical locations.
- Evaluating the feasibility of and beginning to launch initial use cases for distributed ledger technology, particularly in areas such as global payments, trade clearing, and custody operations.
Concerns about talent on the rise
In addition to attention shifting to the risk of technology-driven disruption discussed above, the other risk issue that saw the most significant increase between the 2018 and 2019 surveys was:
Our organisation’s succession challenges and ability to attract and retain top talent in a tightening talent market may limit our ability to achieve operational targets
We believe heightened focus on this risk stems from multiple factors. First, at this point in the economic cycle, markets such as the United States have essentially reached full employment and costs to attract and retain specialised talent have increased. For example, while the overall U.S. unemployment rate stood at 4.4 percent as of October 2018, unemployment for the “financial activities” sector was less than half that rate, at 2 percent.7
In addition to a broad-based war for talent, this risk issue is strongly coupled with concerns about technological disruption as described above. Financial institutions of all types and sizes are struggling to meet the vastly increased need for data scientists, quantitative resources, information security professionals and other technical specialists. Unlike other positions for which financial services firms must recruit, in these areas they must compete not only with one another, but also with “FAANG”-type tech companies (Facebook, Amazon, Apple, Netflix and Google) that often are viewed as the premier employers in these fields.
Beyond the demand within CIO and chief data officer-type functions for specialised talent, we also are seeing concerns on this front across the second and third lines of defense. For example, as financial institutions increasingly use more complex AI/ML-driven models in place of traditional rules-based programmes in areas such as credit underwriting and fraud risk management, chief audit executives worry about how they will be able to find and retain the audit talent with the right technical skills to evaluate these models. In addition, we have had multiple conversations with regulatory agency leadership who share these concerns with respect to their own supervisory teams. Given all of the above, we expect these risks to continue to remain elevated in the years ahead.