More Risks, On More Fronts: Credit Risk, ESG and Cybersecurity Top Risk Concerns for Financial Institutions -Deloitte Survey

With economies contracting and unemployment rising, credit risk has moved to the top of the risk management agenda, according to Deloitte’s biennial survey on the state of risk management in the financial services industry globally.

Twenty percent of the chief risk officers at financial institutions surveyed identified it as the No. 1 risk they see increasing in importance for their business over the next two years, a plurality among 16 different risk categories. That is a sharp increase from 3% in 2018.

In addition, 62% of those senior executives surveyed by Deloitte said that credit risk measurement will be either an extremely or very high priority for their institutions over the next two years. Credit risk management is the practice of mitigating losses by understanding which potential clients may come at too high a risk and above an institution’s pre-identified risk tolerance at any given time. The areas that are tipped by senior executives as being particularly challenging for their institution to measure include collateral valuation, commercial credit, commercial real estate, unsecured credit, leveraged lending and middle-market lending.

“Financial institutions are seeing more risk from more sources than ever before,” said J.H. Caldwell, a partner with Deloitte Risk & Financial Advisory, Deloitte & Touche LLP, and the principal author of the survey. “The COVID-19 pandemic has changed the risk management environment and presents an extraordinary set of new challenges for financial institutions — everything risk-related has been pressure-tested and challenged.”

He notes that 66% of banking executives surveyed believed that credit quality deterioration would be one of three macrotrends having an impact over the next two years.

“The rapid economic downturn, coupled with abrupt changes in consumer and business behavior, may mean that systems, programs and models based on pre-COVID-19 data may no longer accurately reflect the post-COVID-19 reality,” said Caldwell. “Institutions will need strong risk management governance while having the agility and willingness to rethink their traditional approaches in a fundamentally altered business environment.”

The 12th edition of Deloitte’s biennial survey — titled “A Moving Target: Refocusing Risk and Resiliency Amidst Continued Uncertainty” — gathered the views of chief risk officers or their equivalents at 57 financial institutions globally, including banks, investment managers and insurers. Conducted from March to September 2020, the institutions surveyed have total combined assets of $27.2 trillion; institutions that provide asset management services have a total of $16.1 trillion in assets under management.

Among other findings:

  • While almost all of those surveyed rated their institutions as extremely or very effective at managing financial risks — with the single exception of credit risk — the figure dropped to 65% for nonfinancial risks, an area that can have wide-ranging financial and reputation impacts. That number stood even lower for specific types and aspects of nonfinancial risk such as conduct and culture (55%), geopolitical (42%), and data quality (26%).
  • Only 61% of respondents considered their institutions to be extremely or very effective at managing cybersecurity risk, and 87% said that improving their ability to manage cybersecurity risk will be an extremely or very high priority over the next two years.
  • With growing concern over climate risk, environment, social and governance risk concerns were named by 38% of survey respondents as being one of the three risk types — alongside credit and cybersecurity — that will increase the most in importance for their institutions over the next two years. That is more than any other risk type when the top-three risks are combined — yet only 33% of executives considered their institutions to be either extremely or very effective at managing this risk.
  • Most institutions recognize that they have more work to do to improve data management, with 69% of those surveyed saying that enhancing the quality, availability, and timeliness of risk data will be an extremely or very high priority for their institution over the next two years. Only 26% believed their institutions are extremely or very effective at managing data quality, and just 8% of respondents considered their institution to be effective at use and management of unstructured data.
  • Institutions are under pressure as the target date for cessation of publication of LIBOR rates (end of 2021 for most cases) approaches. According to the report, financial institutions “may have underestimated the work required and would be well advised to prepare for the transition.” Only 24% of those surveyed considered technology/applications updates and development to be extremely or very challenging, while 22% said the same about processes and controls updates and development.

Forty-five percent of those surveyed expected their institutions’ annual spending on risk management would increase over the next two years. The report highlights, though, that pressure on revenues is likely to intensify efforts to “reduce ever-increasing expenditures on risk management.”

To that end, 50% of those Deloitte surveyed reported that efficiency-focused technology tools will be an extremely or very high priority for their institutions over the next two years. As the survey has found in past years, though, most institutions have not yet implemented these technologies. Cloud computing (46%) was used most often, with fewer institutions saying they use RPA (29%), machine learning (27%) or cognitive analytics (13%).

“There are five things that financial institutions of all stripes are trying to get their heads around when it comes to risk management: talent challenges, remote working, data protection, the shift to digital, and systems and program security,” said Caldwell. “Risk leaders will need the flexibility to respond quickly to volatile economic conditions and changing work practices, while continually monitoring which changes are temporary responses to the pandemic and which are destined to become permanent. The challenges have not been this great in recent memory, especially of such uncertain and dynamic magnitude.”

The report can be found online here:

Image licensed by

Related News:

CipherCloud Introduces Zero-Trust Remote Access

Oracle Helps Organizations Optimize Logistics Across Global Supply Chains


About Author

Leigh Porter's first love is to love people. Beginning her career as a neonatal RN was an obvious choice until life threw the curve ball to embark on a new IT endeavor. Pursuing this fresh career was a piece of cake with her resilient and steadfast character. Outside of the office, Leigh also diligently gives much of her time faithfully as a nationally awarded volunteer leader to a very dear to her heart organization.