A guide to banks and how to cope with nonfinancial risks.
Effective risk management is of paramount importance for all businesses. However, for banks, the focus of risk management needs to shift to cope with nonfinancial risk (NFR).
Now that market and credit risks are under better control, banks are facing different risks that mean they will need to shift their practices in order to cope.
This includes the likes of operational challenges, technology, misconduct, and compliance failures.
The downside of nonfinancial risk
Let’s begin by taking a look at the downside of nonfinancial risk, and thus what you are going to be exposing your business to if you do not take risk management seriously.
Firstly, there are the direct financial consequences associated with NFR. Did you know that the top ten banks worldwide lost almost 200 billion dollars between 2008 and 2012 as a result of operational mishaps, compensation claims, and litigation?
This sort of financial damage can be extremely difficult for businesses to cope with, especially when you consider that there were losses in excess of ÂŁ1 billion for singular incidents.
You don’t only need to be concerned with the direct monetary consequences of nonfinancial risk. Incidents can cause public stakeholders, shareholders, and customers to question the business model of your bank, which can cause severe damage to your reputation.
As you know, a credible reputation is something that is notoriously difficult to rebuild. Add this to the prospect of more stringent regulations, combined with the personal consequences experienced by senior managers, and it is not hard to see why better management of NFR should be at the forefront of all banks’ priorities.
Although some strides have been made to manage NFR better, there is rarely any warning regarding where or when the next risk may occur.
Banks have invested heavily in managing nonfinancial risk, by controlling compliance risks through making operational improvements, creating new government structures, and boosting head counts. But, what do they really need to do?
Advice on what practices need to be changed or implemented
Firstly, you need to create an enhanced nonfinancial risk governance framework that is in line with regulations. This framework needs to have three lines of defence.
The first line of defence should be the ownership and management of risks. It is advisable to include central-infrastructure areas, for example, operations and IT. This is where the majority of operational failure risks reside.
Once you have the first defence, the second line should be where standards are controlled, and monitored to make sure they are being adhered to. This should not merely include compliance and risk, but it should also incorporate the likes of tax, finance, HR, and legal.
Finally, the third line is an audit, which will make sure the former two lines are operating adequately.
In addition to this, it is important to make sure that the board at your bank is involved in NFR management. At present, this is typically not the case at most banks, despite recent improvements.
There are a number of different ways that you can boost the engagement of your board. For example, you could consider a board committee, or at least regularly, i.e. quarterly, board meetings that deal solely with risk control.
It is important to compile reports during these meetings so that the bank can have a clear view of the top risks that are a threat to them, and to make sure that control gaps are addressed. The report should consolidate risks based on type of risk and business.
It is also wise to aggregate the following information – the status of efforts to lower risk, the results of control and risks assessments, the results of internal and external audits, a record of big incidents and near misses, and finally a set of risk indicators that are quantitative and can be monitored to make sure there is no breach of the bank’s tolerance of risk.
Hopefully, you now have a better understanding of NFR, and how this is impacting banks, and, more importantly, how they need to react.
Main Image Source – By Koeb