Risk Governance ‘Critical for Bank Success’ Says ABA SVP of Risk

The entire risk governance structure is likely to be front and centre in 2022 according to the American Bankers Association (ABA).

In an article on ‘Top Bank Risks for 2022’, the ABA said that while risk management has always been a vital component for banks, the priority, scope, and value of the function as a whole has escalated.

“Given the uncertainty that’s still in front of us and the rapid changes we’re having to deal with, whether they’re internal or external circumstances, I think risk management oversight and decisioning has moved into a position that’s more critical for bank success than ever before,” said Ryan Rasske, ABA SVP, and risk expert.

“The risk governance part is coming into focus more than ever,” he added. “What structure is in place to make sure the decisions that are being made are the right ones, and that the right people are making those decisions?”

Rasske also emphasised the need to ensure information stemming from those decisions flows smoothly across the organization in a collaborative way — something established communications channels may need to adjust for today’s increasingly hybrid work structure.

The article identified risks for banks in 2022 which include changing client practices that raise viability risk, supply chains issues, maturing third-party relationships and cybersecurity, regulators changing priorities, as well as interest rates, technology, talent which cover longstanding risk priorities.

Brendan Mulvey, managing director at Promontory Financial Group’s compliant practice said that in terms of risk, banks must better listen to their customer and go beyond active engagement into issues such as complaints and satisfaction surveys to tackle the viability risk.

Mulvey recommended expanded metrics to provide direction on the effectiveness of customer interactions, as well as uncover areas where friction is hampering the customer experience.

Banks must also develop strong relationships with third-party providers to mitigate cybersecurity risks highlights the article. It includes looking into business response capabilities, incident response, cybersecurity and how well they can respond.

Paul Benda, SVP for operational risk and cybersecurity at ABA said that banks may do a good job of protecting their own systems, but the risks are no longer limited to their own systems.

“It’s the third-party vulnerability to things like ransomware,” said Benda. “And it isn’t just that they’re going to come in and hack the bank through a third party—that third party may hold your data.”

In September 2020, the Basel Committee urged banks to improve cyber threat resilience after remote working and digital channels in financial services heightened cyber security concerns.

The global banking regulator said that malicious actors have “more points of access to banks’ systems”, which included targeted attacks on banks’ third-party providers, including third-party software banks which commonly use and intragroup entities.