The regional banking sector has grappled with several high-profile failures and ongoing volatility stemming from commercial real estate losses and accelerated M&A growth. One persistent issue that continues to haunt mid-tier financial institutions is the disconnect among risk functions.
Financial institutions across the U.S. are recognizing that traditional risk management strategies no longer suffice in today’s rapidly evolving macroeconomic landscape, with many preparing to implement significant changes accordingly. Such overhauls demand that organizations conduct routine evaluation of risk infrastructure to ensure they have the right expertise and governance in place.
Here are three of the biggest challenges that banks continue to face as they seek to better manage interconnected risks, and best practices to navigate them successfully.
Merging new risks with old infrastructure
The biggest challenge facing banks of all sizes is the need to integrate new risks into existing risk infrastructure and old frameworks. Large banks already subject to more stringent risk requirements will continue to face greater scrutiny from regulators as they place greater focus on ensuring institutions have the proper systems in place to identify and manage their risks.
For example, in testimony about 2023’s bank failures, top Fed regulator Michael Barr – who oversees the supervision of financial institutions – highlighted the need for adjustments to liquidity rules in response to recent abrupt bank failures. These changes, aimed at larger banks, focus on enhancing resilience under stress. Barr’s proposals include requiring minimum collateral at the Fed’s discount window and ensuring sufficient liquidity to cover uninsured deposits. Additionally, regulators are reevaluating treatment for deposits prone to runs, such as those tied to venture capital and cryptocurrency businesses.
Barr’s insights underscore the urgency for banks to adapt their risk management strategies as they grapple with how to prioritize non-financial risk vis-à-vis financial risk. In theory, financial risk is going to be more mature than non-financial risk but when considering how to integrate old and new processes, they’re carrying equal weight right now.
Financial leaders must determine how to operationalize and manage emerging risks and identify themost accessible starting points in integrating old and new processes. Leaders must ask themselves:
- How does credit intersect with liquidity?
- How does liquidity intersect with operations?
- How do both tie into financial risk and non-financial risk?
Financial institutions have been embedding cybersecurity and privacy into their existing risk management frameworks for some time now. Banks need to start thinking about resiliency from that same perspective and identifying where these risks intersect.
Having the right data and processes in place
Data is the lifeblood of any financial organization, and it is critical for banks to ensure they have the right data to embed emerging risks within their existing frameworks or ways of getting things done. A recent survey found that two-thirds of investment banks continue to struggle with data quality and integrity.
Data governance, data integration tools and business intelligence tools are all crucial elements of data management that must be deployed to ensure your organization is able to make accurate and timely decisions.
Regulators are also taking a closer look to see if banks are conducting adequatestresstesting. Barr affirmed that the Fed has increased issuance of supervisory findings and enforcement actions and has downgraded supervisory ratings at a higher rate than in the previous year. With new capital requirements and new guidance from the Office of the Comptroller of the Currency (OCC) on third-party risk management, we expect to see the Fed continue to increase issuance of MRAs (matters requiring attention) and MRIAs (matters requiring immediate attention) when they are falling short.
Prioritizing organizational change
Broader organizational change is required to ensure effective risk visibility across all functions in financial institutions. The need for liquidity risk experts will always be essential, but organizations also need to find people who understand both liquidity risk and credit risk to bring the fundamental change that’s needed. That organizational change may require having a head of non-financial risk as well as a head of financial risk.
C-suite roles continue to evolve in an increasingly complex, global environment, and we expect the responsibilities of the Chief Risk Officer to grow exponentially in the near term. Organizations need someone in this role to think about these emerging risks and how to increase their resilience against them, to ensure collaboration and communication across functions and risk stripes, and to recognize interdependencies rather than working in silos.
The need to better manage interconnected risks will only increase as more regional banks expand to near or above the $100 billion asset threshold. We also may see greater emphasis on risk management due to the uptick in acquisitions and consolidations that took place in 2023, as some institutions may be forced to modernize risks and controls as part of their post-M&A integrations.
One thing is clear: regulators will continue to exercise greater scrutiny around data, security and liquidity requirements, and banks must ensure they are evaluating risk holistically, and not in a siloed manner.
Cindra Maharaj, Partner at Baringa, is an experienced corporate treasury and risk consultant.