Risks and Strategies for Banks in 2016

SMITH BRAIN TRUST — In a recent ABA Banking Journal piece, professor Clifford Rossi at the University of Maryland's Robert H. Smith School of Business contributes risk-managing guidelines for banks. Rossi, author of “A Risk Professional’s Survival Guide” and former Citigroup senior risk executive, sorts the guidelines according to high-risk categories, starting with the type associated with cyber protection:

• Operational Risk: “With cybercrime constantly evolving, the financial services industry should be prepared larger-scale, coordinated cyberattacks,” Rossi says. Banks should be thoroughly evaluating their internal vulnerabilities and developing a “playbook” that outlines a response plan for a variety of different scenarios. “Having the right security protocols in place to understand what’s coming at you in this day and age is vital.”
• Credit risk: Managers must have a good “situational risk awareness” of current market conditions, monetary policy and potential sector-specific disruptors, and understand how those factors affect the bank’s balance sheet. … It’s important to constantly refresh the information that you’re getting,” Rossi explains. “These things can come home to roost very quickly within your own balance sheet from a credit risk standpoint if you don’t focus on understanding how [they] can actually migrate into your portfolio.”
• Market risk: Uncertainty surrounding the current rate environment is among the top concerns related to market and liquidity risk. “[Global] markets are realizing that since the crisis, central banks don’t have a lot of policy ammo left to tackle emerging crises as they happen,” Rossi says, pointing out that some overseas economies are starting to see negative interest rates, and that there has been speculation in the U.S. that the Federal Reserve could explore that option at some point in the future.
• Compliance risk: Compliance has become a central point of focus in the years since Dodd-Frank, says Rossi, and as a result, bankers have become so concerned with “crossing the T’s and dotting the I’s on the regulatory side that they may be distracted from other areas that could impact the institution down the line. With more staff time and resources being diverted to compliance functions, “there is an underlying risk of what’s not being focused on as a result of focusing on all the rules and regulations [banks] have to comply with,” he cautions.

Broadly, enterprise risk management will take on even greater regulatory significance for institutions of all sizes in the months ahead, and it’s essential for banks to understand the risks related to specific areas and how those risks intersect and affect the entire enterprise. While banks are building out their risk management systems and practices to satisfy regulatory expectations, Rossi says a strong risk management culture should be first and foremost a business priority. “Do [ERM] for your firm first, and secondarily for any regulatory requirements," he says. "If you focus on it at the firm level, you’re going to build the right culture and instill the right discipline that goes all the way for the board level down.”