Financial and Monetary Systems

Why enterprise risk management is the future for banks

In an era of rapid technological innovation, new threats are emerging almost daily – but enterprise risk management can help banks control them. Image: Robert Bye/Unsplash

Jeffrey Brown
Partner, Oliver Wyman’s Risk and Organizational Effectiveness practices, Washington DC
Michael Duane
Partner, Oliver Wyman’s Financial Services practice
Til Schuermann
Partner and Co-Head, Oliver Wyman’s Risk and Public Policy practice

Regulators and risk managers have made great strides in controlling the forces that sparked the financial crisis more than a decade ago. But their success in fighting the last war could be feeding a false sense of security now as new threats appear on the horizon.

The softening economy is only one potential storm banks face today. In an era of rapid technological innovation, new threats are emerging almost daily in cyber security, artificial intelligence, blockchain and other areas.

Economic confrontations between major powers and erosion of multilateral trading rules are among the top global risks for 2019, according to the World Economic Forum's Global Risks Report. Image: Oliver Wyman/World Economic Forum Global Risks Report 2019

The trouble is some banks are so preoccupied with financial risks that they are missing the bigger picture. That’s where “enterprise risk management” can help.

As its name implies, enterprise risk management seeks to control the broadest possible set of risks, from purely financial ones such as market and credit risk—the drivers of doom during the last crisis—to nonfinancial threats such as reputation risk.

Enterprise risk management emerged as a discipline during the 1990s, when banks were expanding internationally and deregulation in the United States allowed for a much more robust set of products and services, requiring a far broader view of risk. The goal was to recognize and measure all forms of financial and nonfinancial risk, so the firm can safely maximize its risk-taking. But at many firms, the enterprise risk function became little more than a dumping ground for all the ancillary risks that didn’t fit neatly into the financial-risk category.

That needs to change.

Have you read?
  • The Global Risks Report 2019

A decade ago, the industry was walloped with a one-two punch of credit and market risk, which pushed several firms to the brink of collapse (and a few into the abyss). The next crisis, however, is likely to be different, sparked not by financial risk but by nontraditional risks that create exposures across the business silos of the organizational structure.

The growth of such risks in recent years, fueled by an explosion of technological innovation, is virtually unprecedented in the history of banking. This puts a premium on firms’ abilities to make connections and to recognize the complex whole is far more than the sum of its parts.

While banks have a sophisticated understanding of financial risk, some are less experienced with nontraditional threats such as cyber risk, strategic risk, operational risk, regulatory risk and legal risk. Such threats can have real impacts on financial performance across the enterprise.

Making matters trickier, these risks aren’t easily quantified. While a high-risk loan, for example, can result in a specific dollar loss attributable to the lending function, an embarrassing customer-service blunder can harm revenues across the enterprise—for years.

Technology risks can be just as vexing. How to quantify, for example, the risk of a bank’s smart speaker application unexpectedly spouting racist insults?

After the financial crisis, regulators placed stress testing at the center of enterprise-wide risk assessment activities. This amplified the importance of comprehensive risk identification. But useful stress test forecasts need to include all the various risks to which the enterprise is exposed—not just financial risks.

Implementing a comprehensive enterprise risk management program isn’t easy, of course—particularly among firms whose risk management functions have calcified along traditional lines. It requires an organizational mandate.

Fifteen years ago, enterprise risk management was little more than a backwater at many firms. The action all took place in the individual risk silos.

We now know better the importance of synthesizing these risks in a compelling and easy-to-understand way, and of considering the ways in which discrete risks can interact with one another. But practice hasn’t always caught up to theory. Enterprise risk management needs to help tell a coherent story. It cannot be viewed as the organizational unit of last resort for activities that don’t fit anywhere else.

Banks that embrace enterprise risk management today will be positioned to respond quickly to unforeseen troubles tomorrow. Those that do not run the risk of making a new set of mistakes during the next crisis that could cost shareholders and employees—and, perhaps, weaken the banking system itself.

Adapted from a forthcoming article in the Journal of Risk Management in Financial Institutions.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Banking and Capital Markets

Share:
The Big Picture
Explore and monitor how Banking and Capital Markets is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

How tokenization is transforming global finance and investment

Yuval Rooz

December 10, 2024

What does the new corporate borrowing boom mean for policymakers and business?

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum