This blog discusses some of the most significant enterprise risks that financial services firms will have to contend with in 2021, and how risk teams should prepare.
While most enterprise risk management teams were glad to see the back of 2020, it’s unlikely that 2021 will be any less challenging. Although vaccines could enable a return to a more familiar way of operating within financial services firms, the Covid19 pandemic is generating waves of change, some of which may only start to break on the shore as the year progresses. The pandemic has amplified pre-existing trends and is creating new undulations of its own. Below are 10 enterprise risks that we’ve identified as being very important in 2021:
- Operational resilience risk – Although operational resilience risk was on our 2020 list, no one foresaw the Covid19 pandemic, or its impact on the financial services industry globally. Now, operational resilience is a top regulatory priority, with the Basel Committee on Banking Supervision publishing a consultation, Principles for operational resilience, in August 2020. Other regulators, including the US, the EU, and the UK have also weighed in with their own operational resilience proposals. Expect the Basel Committee and national regulators to move quickly to finalize their documents. It’s worth noting that some firms are under challenging circumstances.
- Fraud and financial crime – For example, in the UK, more than £40 billion was loaned to businesses through the Covid19 “bounce back” scheme, and fraud reports are already surfacing. The arrest of three people who worked for City firms – accused of £6 million in fraudulent loans – hit the headline in January 2021. Graeme Biggar, director-general of the National Crime Agency’s national economic crime centre, has cited Cabinet Office assessments that fraud in the scheme could be in excess of 5% of the total loaned. Firms should also be ready for an increase in internal fraud as well, thanks to the perfect storm of home working arrangements and employees who might be financially pressed as a result of others in their household being out of work.
- Political risk – The pandemic tamped down some political risks in 2020 and inflamed others. Covid-19 may have played a part in Donald Trump’s loss of the US presidential election, which resulted in the storming of the US Capitol building. The riots in the US and UK, which erupted over the summer as a result of the death of George Floyd while in police custody, may have been exacerbated by the pandemic lockdown. More recently, the EU tried to close the Northern Irish border as part of a row with the UK about access to vaccines. Overall, the pandemic could continue to foster political instability as new virus variants emerge, economies’ activity continues to be suppressed, and access to vaccines remains uneven around the globe. With Brexit, politics will continue to have an impact on the regulatory framework for financial services on both sides of the Channel. a wide variety of political risks, from protecting physical branches to pivoting lobbying strategies quickly.
- Cyber risk – The volume of cyberattacks increased during 2020, in response to the pandemic, and it seems likely that this trend will continue in 2021. Increased political risk in 2021 could boost the number of cyberattacks by state actors on financial services firms. Organized crime is prowling for weaknesses in cyber defences too. Also, cyber risk is increasing as a result of more home working – people are more likely to fall for phishing scams when working from home, for example. Financial services firms are going to have to pivot fast to meet the evolving cyber risk challenges ahead in 2021.
- Digital transformation risk – This topic is now even hotter in 2021. The disruption caused by the pandemic has enhanced the demand for digital solutions for engaging with retail and business clients, for example. In wholesale and investment banking, it’s highlighted the need to automate manual processes and replace clunky legacy technology. For example, there will be considerable questioning of the use of Excel for enterprise risk management. In 2021 many firms will be engaging in new technology change management programmes, but with continued working from home and reduced workforces, firms need to be sure they are managing the risks associated with digital transformation adequately.
- Compliance risk – While regulators eased up during 2020 in terms of enforcement, they are already giving signs that things are back to normal in 2021. For example, the UK Financial Conduct Authority released Market Watch 66, which made it clear that reduced monitoring of voice and electronic communications was no longer acceptable. Firms may have cut corners in 2020 as they scrambled to adapt to the pandemic lockdowns, but it’s clear that want to see firms fully complying in 2021.
- Personal accountability risk – In the UK, the Senior Managers & Certification Regime (SMCR) will be fully in place by the end of March for all firms, and other jurisdictions are beginning to develop their own personal accountability regimes too. These regulatory requirements are creating a fresh need for the ability to connect governance, risk and compliance (GRC) data to the responsibilities assigned to individual senior managers. In this way, senior managers can better understand how well the risk and control frameworks are working in the areas they are responsible for, and whether these areas are compliant
- Climate change risk – Although 2020 seemed to be all about pandemics, the World Economic Forum , including extreme weather, climate action failure, human environmental damage and biodiversity loss. For financial services firms, there are a growing number of regulations designed to increase sustainability disclosure, such as the EU’s taxonomy and Sustainable Finance Disclosure Regulation, which has a 10 deadline for many of the disclosure elements. With the political ascendancy of the Democrats in the US, more sustainability regulation can be expected there in the coming months ahead, too.
- Benchmark transition risk – Although the UK FCA announced that most tenors of US Dollar LIBOR would continue to be published through 30 , other regulators have said that they wish to see the transition continue to progress to the original 31 December 2021 final transition date. Significant concerns remain about the readiness of firms, trading data and technology vendors, and even the regulators themselves to hit the earlier target data, particularly in context with the range of other difficulties that hit the financial services industry in 2020. Enterprise, in particular around change management risks to processes and technology.
- Regulatory risk – Regulatory risk is the risk that a change in regulations or legislation will affect a firm. Looking ahead, firms should be prepared for considerable change in 2021. Several initiatives have already been mentioned, including operational resilience, climate change disclosures, and benchmark transition. Of course, there is also the Revisions to the principles for the sound management of operational risk consultation from the Basel Committee, which could be finalized in 2021, which could see significant changes embedded into enterprise risk frameworks. Brexit will likely result in continued regulatory change as the situation for the financial services industry both in the EU and the UK continues to unfold. And in the US, with Biden as president, there may be a new focus on social justice within the financial services industry, and there is speculation that there could be attempts to break up some of the larger financial services firms, too.
The key to managing the diversity of risks that firms face today – of which an emerging subset is identified above – is enabling the linkage of GRC activities and events within an integrated GRC platform. The interdependence of, for example, operational risk events with their impact on compliance obligations and operational resilience is clear. What is also clear is that scenarios need to be modelled at a granular level to truly understand the interrelationships between emerging risks and events.
Firms, above all, need to manage the growing complexity and the interrelated risk environment they face by maintaining a centralised control of information and consolidation of data linkages, while allowing a decentralised expansion of specialist risk oversight.
Learn more about how an integrated, multi-application GRC Platform with scenario modelling can provide solutions to many of the issues faced by firms in effectively managing their risks and gaining a competitive advantage from risk management.