Global credit risk hits 20%, tops risk mgt concerns
Credit risk has become number one source of risk management concerns for financial institutions globally as it hit 20 per cent in 2020 from a paltry 3 per cent in 2018, a new report has shown.
The report, a biennial survey on the state of risk management in the financial services industry globally was conducted by Deloitte &Touche between March and September 2020.
Investopedia defined credit risk as the possibility of a loss resulting from a borrower’s failure to repay a loan or meet contractual obligations.
Traditionally, it refers to the risk that a lender may not receive the owed principal and interest, which results in an interruption of cash flows and increased costs for collection.
Now in its twelfth edition, the report put into consideration the views of contract research organizations (CROs), or their equivalents, and focused on 57 financial services institutions around the world, representing a total of $27.2 trillion in aggregate assets.
According to the survey, the chief risk officers in all of the institutions, reportedly increased in 2020 from 95 per cent in 2018 and 86 per cent in 2010.
The novel Coronavirus pandemic (COVID-19) has been blamed for the development as a result of global economic downturn that trailed its outbreak.
The measures taken by governments, businesses, and consumers to restrain the spread of the novel coronavirus triggered a sharp economic downturn and far-reaching social impacts.
According to the report, COVID-19 has also had direct financial impacts on financial institutions.
“The economic contraction significantly increased credit risk from both retail and commercial customers, and many institutions responded by tightening credit standards.
“In addition, there may be greater potential for fraud such as from misuse of customer data, invoicing for work not completed, or collusion with disreputable third parties,” the report read.
The pressure on revenues is likely to intensify the drive at many institutions to reduce ever-increasing expenditures on risk management.
Several key risk management trends emerge from the survey results:
- Increasing credit risk. Concerns over credit risk typically peak during economic contractions and, as expected, 20% of respondents named credit risk as the most important risk type for their institutions over the next two years, and 62% said that credit risk measurement will be an extremely or very high priority for their institutions.
- Greater focus on nonfinancial risks. While almost all respondents rated their institutions as extremely or very effective at managing financial risks, the figure dropped to 65% for nonfinancial risk overall and was even lower for specific types and aspects of nonfinancial risk. Many institutions have work to do to enhance their capabilities in this area.
- Continuing concerns over cybersecurity. Institutions have faced cyberattacks for a number of years, but the threat has only grown with many employees working at home. Only 61% of respondents considered their institutions to be extremely or very effective at managing cybersecurity risk, and 87% said that improving their ability to manage cybersecurity risk will be an extremely or very high priority over the next two years.
- Addressing risk from third parties. Third-party relationships present a distinctive set of risks including data privacy, nonperformance, unethical conduct, and the loss of business continuity. Yet, only 44% of respondents rated their institutions as extremely or very effective in managing third-party risk.
- Spotlight on environment, social, and governance (ESG) risk. With growing concern over climate risk and increasing attention on the social responsibility of business, 47% of respondents said it will be an extremely or very high priority for their institutions to improve their ability to manage ESG, including climate risk.
- The potential of digital risk management. There has been increasing recognition of the potential of digital technologies to reduce risk management expenses while simultaneously boosting effectiveness. Yet, despite their expected benefits, most institutions have not yet implemented these technologies.
- Substantial challenges of risk data management. Leveraging emerging technologies requires comprehensive, high-quality, and timely risk data. But many institutions continue to face challenges in obtaining this data, especially for nonfinancial risks. In this regard, most respondents said their institutions found two issues to be extremely or very challenging: maintaining reliable data to quantify nonfinancial risk and drive risk-based decisions, and the ability to leverage and source alternative data such as unstructured data.
- Clarifying the three lines of defense model. All the institutions surveyed reported using the three lines of defense risk governance model, but many reported significant challenges. The challenges cited most often concerned the responsibilities and capabilities of the first line (business and functions).
- Greater focus on stress testing. A majority of respondents reported that their institutions employed stress tests for capital and for financial risks such as liquidity, market, and credit. However, regulators are now expanding stress tests to include nonfinancial risks, such as climate, but only 38% of institutions reported conducting stress tests for nonfinancial/operations risk.
- Continued progress on risk governance. At the level of the board of directors, 72% of respondents said that one or more board committees is responsible for risk oversight, which is a sign of progress in effective governance. Eighty-seven percent of institutions reported that their board risk committees have independent directors, and 82% said these committees have one or more identified risk management experts.
- Universal adoption of the chief risk officer (CRO) position. The percentage of institutions with a CRO position or equivalent has increased over the course of Deloitte’s global risk management surveys, and all the institutions participating in the current survey reported having this position. However, the CRO is not always given appropriate authority to effect change.
The report concluded that risk management functions will need the flexibility to respond quickly to volatile economic conditions and changing work practices, while continually monitoring which changes are temporary responses to the pandemic and which are destined to become permanent.