02:12 PM
Connect Directly

Financial Industry Most Cognizant of Need to Overhaul Risk Infrastructure

Eighty-five percent of corporate executives told Accenture they need to overhaul their approach to risk-management if the lessons of the economic crisis are to be used to improve business results. Accenture's 2009 Global Risk Management Study is based on a survey of 260 chief financial officers, chief risk officers and other executives with risk management responsibilities at large companies in 21 countries. Seventy-four were financial services firms, of which more than three-quarters have annual revenues greater than $5 billion.

In addition to acknowledging the need to remake how they look at risk, respondents also said they are increasing or plan to increase their investments in risk management capabilities in the next six months (40 percent). Nearly another third (31 percent) of respondents said their companies are currently considering increasing their future investment in risk management capabilities.

There were some areas in which the financial services participants stood out from those in other industries, according to Eva Dewor, head of Accenture's risk management practice within finance and performance management based in Munich.

"A greater proportion of financial services industry executives expressed strong feelings about the need for change in their risk management operations compared to executives in other industries," Dewor told BS&T. "For example, 54 percent of financial industry respondents felt their companies needed to make significant changes to improve enterprisewide risk awareness, compared to only 38 percent of overall respondents. Half of financial industry respondents cited a significant need to improve alignment of their companies' business strategies and risk appetites, compared to 40 percent of overall respondents."

The general findings that most financial services firms felt they needed to reform their risk management operations were in line with what Accenture expected, based on its experiences with its clients throughout the year.

"In general, banks' risks must be better aligned to their business strategies and their risk management needs to be better integrated with their cultures and across the various types of risk," Dewor explains. "They need to bolster their risk management capabilities, which are not sufficiently responsive to meet regulatory demands. Risk systems must become more flexible, as regulators increasingly require specific and detailed information on a firm's risk profile, as has been shown with recent stress-testing initiatives."

Expect a corresponding increase in tech spending around risk too, Dewor comments. She says that issues such as the great complexity of the business, poor data quality and fragmented internal processes and IT systems will drive banks to spend more to better comply with new and existing regulations.

"That is why we expect firms to fundamentally change their risk architecture," she explains. "Simplifying redundant front-office systems, creating a single source of position and market data, and standardizing valuation models is critical. Also, moving analytics to the front office—rather than moving data to the middle office—is essential. Firms will increasingly need to leverage front-office analytic technologies and more advanced data management capabilities. Standardized technologies will improve the ability of firms to get a consolidated view of their aggregate asset bases and consistent valuations of those assets. Better data management will give firms much needed clarity on securities master information, and allow for more consistent internal pricing and extracts of market prices. In addition, regulatory reporting platforms, which have traditionally been report-based, will need to be revised so they can provide underlying data on all positions in order to accommodate the flexibility required to run regulatory stress tests."

Still, there were some surprises for the report's researchers. For example, Dewor says they found a large gap between the risk management vision that companies have set for themselves and the role that their risk functions actually play in practice.

Although 48 percent of respondents said that their company's risk management function is involved to a great extent in strategic planning or in investment and divestment decisions (45 percent), only 27 percent said the risk management function was involved to a great extent in objective-setting and performance management.

"A large majority of companies said that they want their risk management functions to contribute to sustainable profitability and better decision-making," she notes. Yet the survey also revealed that these functions are not very involved in key strategic areas like setting objectives, defining incentives to get the desired behaviors and performance management."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.