Many financial institutions view risk management as primarily a regulatory compliance matter. Whether it is complying with prudential standards, banking or insurance regulation, or consumer law, risk management is often looked at through the single lens of compliance. The benefits of having effective risk management programs go far beyond regulatory compliance, however.
There are compelling strategic, financial, and operational reasons for investing in risk management. Risk management brings an organisational discipline that can create long-term value. It can play a pivotal role in ensuring the stability, growth, and sustainability of an institution. A disciplined approach to risk management will assist in identifying emerging risks and opportunities, inform boards and executives on strategic shifts in the market, and enable a more customer-centric and dynamic mode of operating.
Lianne Bolton, Chief Financial Officer of Findex Group and a Non-Executive Director of Gateway Bank agrees that risk management can be a key business enabler. Bolton stated that “risk management transcends compliance; it's a compass that guides solid long-term decision-making, managing emerging challenges collectively, shaping business-wide behaviours, protecting the balance sheet and with the ultimate goal of safeguarding our customers and the communities in which organisations operate.”
There are eight key areas in which the implementation of appropriate and fit-for-purpose risk management frameworks and systems can deliver tangible strategic and financial benefits to an organisation, beyond regulatory compliance.
Embedding risk management thinking and practices in key decision activities in a financial institution leads to better decision making and business outcomes. This can include the practice of completing risk assessments on projects or new business initiatives in a structured manner, and consideration of the strategic threats to a business or segment.
Risk management can provide a framework for making informed decisions about the risks that an institution faces. By identifying and assessing risks in a structured manner, financial institutions can better manage and operate their businesses, manage a myriad of financial risks, allocate capital, price their products and services, and build short-, medium- and long-term resilience.
Lianne Bolton highlighted the importance of risk management being involved early in key strategic decisions. Bolton stated that it was important “that businesses have risk at the forefront of decisions and consider the risk team as business partners / trusted advisors not merely as overheads looking after compliance. I only sleep well at night because I know that my risk team is close to the business and is involved upfront in all strategic decisions and become aware of emerging issues early.”
Risk management can support decision-making that is based on robust data. Through advanced risk analytics, institutions can assess the potential impact of decisions on their risk profile, allowing for the optimisation of risk-return trade-offs, and making informed strategic decisions.
Paul Riordan, Executive, Chief Credit & Market Risk Officer, National Australia Bank and Non-Executive Director of FINSIA, strongly supports a risk-based approach to decision-making. Riordan stated “I am always of the view that it’s not about avoiding risk. Life is a mix of risk and reward. It is important to get the risk-reward balance right – sometimes you consciously take risks, other times risks are thrust upon you.”
Riordan added that it was important to consider upfront the downside risks and scenarios. He favoured undertaking an assessment of “what is the worst thing that can happen” to an initiative or investment. From this analysis, you then "work backward to understand fully the downside risk and consider what mitigation may be possible”.
Enhanced Financial Stability
Financial stability is the foundation upon which all financial services firms are built – be they banks, insurers or superannuation funds.. Firms must identify, measure, and manage financial risks and threats to financial stability. This enables them to better withstand economic downturns, market shocks, and unforeseen events. It is often taken for granted that it is strong, embedded risk management practices that deliver these outcomes.
By developing and successfully implementing risk management practices, financial institutions can avoid exposure to excessively risky financing strategies, investments, or ventures. This leads to more prudent lending and investment practices, a better allocation of resources, and improves the ability to take advantage of opportunities that may arise.
The 2008 global financial crisis serves as a stark reminder of the consequences of inadequate risk management. Banks, insurers, and investment firms that had neglected risk management found themselves either collapsing or needing a bailout. Those with robust risk management systems made it through and even prospered.
Prudential supervisory practices have been significantly enhanced since the global financial crisis and with it has risk management practices to comply with these increased expectations. Today, financial services firms have sophisticated and advanced tools to manage risk and continually monitor their financial health. The practices include creating comprehensive risk assessments, stress testing, and scenario analysis. This ensures that the institution can withstand adverse market conditions. This in turn, ensures that banks and other financial services companies can maintain investor confidence and protect the interests of depositors and other stakeholders.
Enhanced Risk Culture
Embedded and effective risk management practices can produce a more positive risk culture. This, in turn, leads to more risk-aware and resilient businesses.
Many sectors of the financial services industry were found wanting during the Hayne Royal Commission in 2018. The importance of risk culture was highlighted in the Final Report of the Hayne Royal Commission. The report stated that the "financial services industry has a culture problem. There is a culture of greed, arrogance and entitlement. This culture must change."
Many banks and other financial institutions have now reset the dial on risk culture as a result. Lianne Bolton supports this position also and states that "in today's fast-paced world, building a robust risk culture is not a choice; it's the organisation's license to operate.”
As noted earlier, a well-understood and highly regarded approach to risk management can enhance an institution's reputation. This includes building strong risk culture attributes. In an ESG-driven era in which customers, investors, and other stakeholders increasingly scrutinise a business’ ethical and risk-related practices, an institution that demonstrates a commitment to ethical conduct is more likely to attract and retain stakeholders. Ultimately, a strong risk culture not only protects the institution but also serves as a competitive advantage.
Data analytics and risk management are inextricably linked. A deep understanding of portfolio data, customer segments, and business trends can create a competitive advantage. Risk data and insights can identify new market opportunities and tailor products and services to meet the evolving needs of customers. This can assist with customer acquisition and retention.
In times of market volatility and economic distress, sound financial risk management practices can also be a source of competitive advantage, separating less financially sound institutions apart from others. A financial institution with a reputation for robust risk management is often seen as a safer and more reliable partner by customers and investors. The collapse of Silicon Valley Bank in early 2023 is the most recent example of the downside risks of not having a disciplined approach to risk management.
Institutions that can identify and manage emerging strategic risks are better positioned to capitalise on new opportunities. Undertaking scenario analysis on future market developments – looking at strategic threats – can transform risk management into a strategic tool for gaining an edge in a crowded marketplace.
Increasingly, the implementation of a range of risk management tools, customer identification, and information security practices is assisting banks and financial services firms to achieve better and more customer-centric outcomes. A disciplined approach to managing a range of risks lessens the incidence of fraud and other financial crimes. Sophisticated fraud detection systems, anti-money laundering controls, and Know Your Customer or KYC requirements require a detailed understanding of business processes. These practices help institutions identify and mitigate the risks of fraud, money laundering, and other financial crimes. By protecting customers from these crimes, banks can improve their customers' financial well-being and peace of mind.
A disciplined approach to operational risk can also improve customer outcomes. Improving the efficiency and effectiveness of front- and back-office operations reduces errors and improves customer satisfaction. This can lead to lower costs for banks, which they can pass on to their customers in the form of lower fees and better rates.
Sound risk management practices play important leading and supporting roles in building trust. When customers know that financial institutions are taking steps to protect their investments, transactions, and other customer data, they are more likely to trust and do business with the institution.
As noted earlier, risk management failures, breaches, or regulatory non-compliance can result in severe financial consequences. This can include hefty fines, remediation costs, and reputational damage. Financially many institutions can withstand the financial impact of this in the short term. It can take longer however to regain the trust of customers, investors, regulators, and the community.
Jade Ibrahimovic, Chief Risk Officer at the Victorian-based health fund, GMHBA sees trust being built on sound risk management foundations and decision-making. Ibrahimovic believes that “risk management is fundamental in ensuring decision makers are making better and more informed decisions. Our leaders need to consider all potential consequences and alternatives of a decision before making an informed and intelligent judgement.”
By placing risk management front and centre in the way of doing business, institutions can not only avoid adverse financial, regulatory, and legal consequences - they can also demonstrate their commitment to ethical and transparent business practices. This builds trust and confidence in all stakeholders and can create long-term shareholder value.
Dan Bennett, General Partner, National Resilience Venture Capital Fund and well-known Sydney-based venture capital investor, acknowledges the value creation that risk management can deliver. Bennet stated that “we carefully manage risk during three key stages of our fund lifecycle. Initially, we undertake robust due diligence including specific analysis of a multitude of risks… We then work closely with portfolio companies to ensure that each has appropriate risk management systems in place to address sector-specific nuances. Finally, during a subsequent fundraise or an exit process for portfolio companies, there are various mechanisms [that] we work with the companies to adopt to best risk manage these processes.”
The experiences during the pandemic in 2020 and 2021 highlighted, yet again, that crises are not a matter of ’if’ but ‘when’. Risk managers now play an integral role in assisting organisations to develop financial playbooks and business continuity plans for a range of potential scenarios that may unfold. Regulator-mandated recovery and resolution plans take this even further to ensure that both customers and the financial system have a clear path out of any crisis. The development of these playbooks and plans can often uncover previously unidentified causes of weakness in a financial institution.
Paul Riordan highlighted the importance of all business leaders and managers understanding the risks in their business or area. He stated that “today there are risks everywhere and it is important to have robust risk management plans in place. What is not OK is for people to be sleepwalking into risks.”
Financial risk management practices such as stress testing are also instrumental in preparing financial institutions for times of financial and economic instability and the inevitable challenges that may arise. By stress testing portfolios and conducting scenario analyses, institutions can simulate adverse conditions and evaluate their ability to withstand them.
This crisis preparedness needs to consider a wide range of potential issues. These can now include cyber security incidents and outages, data breaches, business disruptions caused by third parties, or a conduct and reputation-driven crisis. A well-prepared institution is more likely to respond effectively and weather any storm.
Losses avoided loom large in the list of benefits that can accrue from a disciplined approach to risk management. From the fines paid by Commonwealth Bank and Westpac for AML/CTF non-compliance in 2018 and 2020, respectively, to the multi-billion-dollar fines paid overseas by the likes of Deutsche Bank or Credit Suisse, there are compelling financial reasons to ensure that sound risk management practices are in place. Beyond the direct costs, there are also consequential restrictions on business, reputation damage, and loss of market share from risk management failures.
Demonstrating effective and robust risk management practices can assist also in improving credit ratings. This, in turn, can lead to lower borrowing costs as institutions with robust risk profiles are often perceived as less risky by rating agencies, lenders, and investors. In the long run, lower costs are the return from implementing sound risk management practices.
A focus on operational risk can also yield cost savings. By proactively identifying and addressing operational risks such as technology outages, cyber security vulnerabilities, or process inefficiencies, financial institutions can prevent costly disruptions, remediation and rectification costs, and damage to their reputation.
In summary, the benefits of a disciplined approach to risk management are numerous. They are both qualitative and qualitative. If ever asked the question of what the value of risk management is, the answer can simply be ‘too numerous to mention.’
About the Author
Peter Deans is a Director of Notwithoutrisk Consulting and Non-Executive Director of NerdWallet Australia, Trade for Good, and The RegTech Association. Peter is a leading authority on risk management and the Creator & Founder of the 52 Risks® management framework.