Written By: David Winter – Corporate Finance
Taking on financial risks to earn a return is the business model around which banks earn a large portion of their profits. But nonfinancial risks (NFRs) present a different sort of challenge altogether. They do not offer an income-generating opportunity and can lead only to losses or regulatory penalties.
Recently McKinsey & Company conducted a survey in which it sought the views of 15 leading global and regional banks on NFRs. According to the survey findings, NFR management will assume greater importance in the near future. While banks seem fully aware of the implications of NFRs, the current approach to managing this form of risk can severely restrict the ability of frontline staff to carry out their jobs effectively. At the same time, the steps being taken by banks may not really be effective in managing NFRs.
How have NFRs impacted banks in the recent past?
McKinsey’s report states that in the five years from 2008 to 2012, NFRs have cost the top 10 banks about $200 billion. Further details about these losses illustrate the extent of the problem.
- There have been at least 17 specific incidents that each resulted in a loss of $1 billion or more.
- More than 65 incidents caused an individual loss of $100 million each.
- In 2014, fines and settlements reached an amount equal to 4.8 percent of revenue for the world’s 40 largest banks.
Are banks equipped to tackle these risks?
Even after NFRs have resulted in losses running into hundreds of billions of dollars to the banking industry as a whole, many banks have yet to take the steps that are necessary to mitigate such risks. The nature of these risks is very different from financial risk. This makes it difficult to fix roles and responsibilities for NFRs. The McKinsey survey has revealed that many banks have not done a complete mapping of individual roles for tackling this issue. It has also found that bank staff see jobs in the sphere of managing NFRs as unattractive and lacking in career options. Positions are manned by former auditors, accountants and lawyers. Banks are unable or unwilling to deploy staff members who have a business background.
There is another crucial issue that remains unaddressed by most banks in tackling NFRs. Action is not taken to transform the risk culture at banks, although many incidents leading to large losses stem from a deficiency in this crucial aspect of managing risk.
The role of bank boards
Unfortunately a large number of bank boards are not sufficiently focused on this problem. Even at those banks where attention is being paid to NFRs at the board level, a great deal of time is spent on solving existing problems rather than on the strategies to be adopted to pre-empt the occurrence of incidents that lead to large losses. Many bank boards mistakenly believe that there should be zero tolerance for losses from NFRs. While it is correct to have a zero-tolerance policy for regulatory compliance, it is also important to set tolerance levels for NFRs.
The time that bank boards spend on this issue would be better utilised on setting these limits and then monitoring their implementation. It is critical that performance on this issue be tracked and mechanisms put in place to identify risk-appetite breaches. Bank boards should also periodically review how sums allocated for monitoring NFRs are spent and the return on investment of this expenditure.
Currently, risk is managed in silos.
Each department prepares its own risk report and presents it to senior management. There may be one report on legal risks, another on operational risks and a third on conduct risks. In actual practice, there could be a strong connection between these different risks. Top managers are saddled with the task of wading through several documents, each of which presents only a partial picture of the NFRs that the bank faces. But several leading banks are now implementing consolidated reports that present an integrated assessment of risks.
The need for a cultural transformation
An increasing number of banks are taking various measures to change their internal cultures so they align with the goal of managing NFRs. Top management communication and role-modelling play a key part in this process. The effort should be to change the mindset of staff and move away from the practice of mechanically adhering to a set of pre-decided rules. Some banks have implemented a practice of paying branch staff on the basis of meeting customer needs instead of for reaching their sales targets.
Banks are increasingly focusing on NFRs.
EY’s 2015 annual risk-management survey of major financial institutions found that 89 percent of banks had increased the level of board and senior management attention to such risks. The specific areas that were being looked at included regulatory, conduct, money-laundering, compliance, systems and reputation risk. EY’s survey found that many banks agreed that it was important to shift the accountability for NFRs to the front office. But in actual practice, there were no structures in place to enable front-office staff to exercise this responsibility. Consequently, the control functions were held responsible for managing these risks.
NFRs are getting greater attention at banks as the losses they may cause can run into billions of dollars. But the challenge lies in adopting an integrated approach to this problem in which staff from different functions within a bank work together to minimise the occurrence of incidents that could lead to large losses or penalties.