Global Risk Survey Findings: Banking and Capital Markets: PwC

In a nutshell: An industry built to profit from risk-taking is being tested by an array of risks, chiefly market, cyber and business/operational model risks. These require coordination among risk owners and risk managers in ways that banks have yet to master.

More than three-quarters of banks expect to increase revenues over the next 12 months — and almost a quarter expect revenue growth of 11% or more, according to PwC’s 2022 Global Risk Survey.

The banking industry’s growth story in 2022 is one of disrupting itself amid a challenging economy. Driving revenue growth are digitisation of products and services (17%), launch of a new product or service (17%) and expansion into a new customer segment (14%), our survey found.

Bank customers have experienced this growth story firsthand by seeing how easy it is to make payments in virtual stores or peer-to-peer. From mortgages and foreign exchange to personal loans, saving and investing, they’re now participants in alternative banking.

But “phygital” banking, at the intersection of physical and digital, means different things to different users, and this is a likely area of focus in 2022. In fact, some banks are updating their service architecture to enable scalable offerings that can “plug and play” with new capabilities from anywhere, so they can give their customers the experiences they want. They’re aiming to provide smooth onboarding and service across channels, for customers and employees alike.

For business customers, a treasury platform can give CFOs/treasurers a near real-time view into their cash flows, especially during periods of volatility. The platform — running on a distributed ledger, AI automation and analytics — can potentially bring higher returns, establish a stronger commercial banking relationship that brings commercial deposits, fees, new commercial clients and, for the largest players, foreign transaction (F/X) fees.

Banks are also looking into enormous financing needs tied to the coming “green” transition. Already, global green bond issuance topped US $500 billion in 2021.

Banking has had one of the busiest markets for acquisitions, divestitures and partnerships in nearly a generation. Scale deals continue to be popular, and there’s still room for further consolidation and more surgical transactions. We expect to see banks move more aggressively this year to leverage partnerships for rapid scale, distribution or infrastructure. Many fintech providers are building and bundling applications that, through partnerships, could accelerate traditional bank cloud strategies. Cloud and fintech partnerships are becoming essential parts of the delivery strategy and experience.

Top risks in 2022

Four risks rose to the top in 2022, ranked as most concerning by at least a fifth of banking industry respondents to PwC’s 2022 Global Risk Survey: market risks (27%), cyber/data management risks (26%), business/operational model risks (21%), and credit risks (20%).

Market risks
Cyber/information management
Business/operational model
Climate risk
Regulatory risks

Market risks

Disruptions in commodity markets and to global supply chains will affect the trajectory of inflation and the global economy, and perhaps even macro-financial stability. For banks, it means that the recent pickup in loan growth may not be sustainable. Deposits had been growing, but this may reflect monetary policy and temporary shifts in consumer and business behavior more than anything banks have done. And some banks that ceased new business with Russia or are exiting the market have increased their loan-loss reserves, beginning in the first quarter. Significantly higher loan-loss reserves will be needed in the event of a recession.

Cyber/information management

A greater volume of personal and financial data coursing through digital banking channels is a target of cyber attacks. The financial services industry faces an onslaught of credential, phishing and ransomware attacks. Not surprisingly, 59% of chief executives of financial services institutions were extremely/very concerned about cyber threats in PwC’s latest Global CEO Survey. And yet, with few exceptions, banks have yet to develop more sophisticated data trust practices encompassing governance, discovery, protection and minimisation.

Business/operational model

Fintech firms are pushing deeper into the banking landscape. Customer expectations are being reshaped in ways that legacy firms may have trouble matching. Many might miss growth opportunities because complex strategies have them trying to fight multiple fires at once. But some banks with truly differentiated offerings are taking deposit market share from peers, increasing top- and bottom-line growth faster than their competitors and being rewarded by investors (e.g., market-leading tangible book value per share).

A major operational change in banks is cloud transformation, which is vital to banks’ pursuit of better experiences for their customers. The conversation is moving from “how do we move our data?” and “which applications should we rewrite first?” to “how do we get more value from digital transformation?” The key is using utilities and pre-built integrations to bring together the dozens of functionalities that make a bank what it is, whether built or bought: origination systems, linked to treasury systems, linked to trading systems, linked to the compliance and control systems — all of which happen to be purpose-built for the cloud, and all built with cloud security and compliance by design.

Climate risk

Many banks have designated a head of climate risk under the chief risk officer (CRO), have begun to identify potential exposures and are well underway in modeling and measuring their risk profile. The Risk Management Association recently announced that a group of leading US and Canadian banks are working together to find more consistent ways for banks to integrate climate risk management throughout their operations. This is an important step, because physical and transition risks may turn out to have a much greater impact on financial institutions than they realise. For example, greenhouse gas emissions associated with lending, underwriting and investment activities are more than 700 times higher, on average, than a financial institution’s direct emissions. If a bank wants to reduce its carbon footprint, it needs to understand the scope of its financed emissions.

Regulatory risks

Banks face a new group of more consumer-friendly regulators and they increasingly need good data to support their lending and fee policies. Meanwhile, proposals for consistent reporting of cybercrime and climate change risk are on the table. On digital assets, banks face many related questions on risk, tax, accounting and more, even ahead of new regulation. According to PwC’s 2022 Global Risk Survey, banks are extremely/very concerned about the impact of regulations on their business; topping the list are data protection laws (64% of respondents), cyber regulations (62%) and cryptocurrency and digital payments regulations (60%).

What’s next for risk management in banks?

Keeping up with the speed of digital and other transformations is a significant or very significant challenge for risk management, according to 79% of respondents in banking to PwC’s 2022 Global Risk Survey. The need for investments in risk management skills and technology is expected to increase as banks continue to gain scale.

External and compliance pressures take up much of the time of risk functions and risk owners, according to 74% of respondents. And around 70% face time-consuming and costly manual risk processes, signaling a lack of access to digital tools for risk management.

Tech investments
People investments
Coordination for a panoramic view of risks
Rethinking risk management

Tech investments

It is good that 41% of respondents in the banking industry expect to increase investments in risk management technologies by up to 10% in 2022. An additional 24% of respondents are increasing spending by more than 10%. Data analytics is a focus of significant risk tech investments, according to 39% of respondents. Close behind are process automation, technologies that help with detection and monitoring of risks, and workflow management. These tech investments should help address two of the top challenges in managing risks in banks: lack of access to digital tools and time-consuming, costly, manual risk processes.

About one-third of banks still need to develop good tech investment habits that could help risk management keep up with the pace of transformations: investing in tech solutions as part of an integrated tech stack, complementing tech with spending on people and processes, and demanding to see tangible returns on investments.

People investments

Thirty percent of respondents in banks expect to increase spending significantly to add technology and digital capabilities to the risk function workforce — a welcome development. For one, this should help alleviate the significant worry for the 29% who say that risk owners and risk teams don’t have the required skills. Perhaps more importantly, assumptions about scale, which are core to banks’ growth story, often break down when viewed from the necessary, complementary people transformations.

Some banks are adding headcount in the risk functions, but many augment their risk management teams through managed services. Close to 60% of bank respondents rely on managed services for cyber. They are more likely than the global group to use managed services in fraud alert and investigation (43%), internal audit (41%), and Know Your Customer processes (40%).

Coordination for a panoramic view of risks

Primary responsibility for risk management is spread among the C-suite. Surprisingly, the CRO is considered primarily responsible for managing operational risks in 26% of the responding organisations. Clearly, this finding points to the need to draw a better distinction between management and oversight. In the long-established regulatory construct, risk management is an activity that happens in the business (first line) and risk oversight is an activity performed by the CRO and his/her risk function (the second line). This distinction between management and oversight needs to continue to be reinforced, and is indeed a topic of intense regulatory attention.

The respondents recognise the problem: 29% are very concerned that they have to deal with unclear division of responsibilities and accountability; and a third of them are very worried about not having a coordinated approach to enterprise risks.

A significant opportunity to improve risk management is for the CRO to play the role of orchestrator for the banking organisation to see across all risks and across all businesses. Coordination among executives who own and who manage risks is a must for banks if they want risk management to keep up with the speed of transformations. In some cases, banks can jumpstart the coordination by setting common standards for non-financial risks.

Rethinking risk management

We look for signs of shifts toward the kind of risk management needed to support banks’ ambitious growth plans: an integrated, panoramic view of risks; redefinition of risk appetite and thresholds; quantification of new risks; and better coordination among risk owners and managers, among others.

A majority say they have implemented these growth-focused practices at scale, but outcomes are underwhelming: Less than half say they’re realising benefits.

Banks might draw inspiration from the top 10% of all respondents to PwC’s 2022 Global Risk Survey; together these practices distinguish growth-focused risk management. The top 10% are five times as likely to report confidence in achieving risk management goals in 2022-2023, such as increased customer trust or improved board confidence. They tend to be acutely aware of the challenges of risk management today, rating all the challenges as very significant. And they are twice as likely to be increasing investment in risk management technology by more than 10%.

For CEOs

Ask every owner of a major business move — new product launch, cost-savings initiative, new technology implementation — the following questions: What are the potential risks arising from the initiative? How does it change the organisation’s risk profile? How does it affect the organisation’s risk appetite? How well are the risks mitigated in your business plan?

For the board

Ask executive management to report on the organisation’s risk profile, and its relationship to the risk appetite approved by the board.
Ask the business owners, “What is your risk management plan?” for every major initiative.
Engage with both the risk owners and risk managers to keep up with the new and emerging risks that your organisation is taking on.

For risk owners in the business lines

Partner with risk and compliance functions and internal audit to benefit from data-driven, risk management perspectives.
Nothing delays a growth agenda faster than a regulatory matter. Work with your regulatory compliance team to fully understand the regulations to which your business is subject, and have a plan to manage them efficiently and effectively.
Work with the risk managers to use bank risk models strategically to enable growth.

For risk executives/leaders

Invest in skills development so that your risk function can effectively oversee and credibly challenge risk management activities in the first line of defence.
Push the organisation to embed risk management considerations in all business decisions and transformations.
Parlay investments in data analytics into arming first-line risk owners with the data they need to make better decisions.
Implement good tech investment habits to sync up risk management with the pace of transformation in your organisation.