• Regulators focus on stability during the COVID-19 pandemic
  • Banks have launched more digital initiatives to improve risk control and efficiency
  • Leading risk management practices embody technology-driven prevention efforts

While financial and non-financial sources of risk continually shape risk management decision-making, the dramatic effects of COVID-19 on the banking industry will test the operational resilience and agility of banks. There are significant learnings from the Global Financial Crisis in 2007 to 2009 that can help complement industry efforts on shoring up capital to strengthen balance sheets with a particular emphasis on improving credit quality. Similarly, emerging digital fraud will also require robust security protection and governance practices to protect customer data and trust which are essentially any bank’s most precious assets. 

Regulators focus on stability during the COVID-19 pandemic

Instilling trust in the strength and resilience of the banking industry has become a dominant focus for regulators. Banks must continue to improve the quality and efficiency of regulatory compliance by working in collaboration with regulators to achieve both financial and operational stability. Achieving this will require finding leaner and smarter ways to manage evolving sources of risk.

For instance, the Australian Prudential Regulation Authority’s (APRA) emphasis has been on operational and financial resilience. Bank Indonesia undertakes an accommodative macroprudential policy. The People’s Bank of China reinforces policy flexibility to support the broader economic recovery. The consistent underlying thrust of regulators has been one of providing an enabling environment for stability as banks grapple with multiple risks and threats.   

Banks have launched more digital initiatives to improve risk control and efficiency across the enterprise

Almost 40 submissions from banks located across the Asia Pacific (APAC) region were evaluated this year. The key focus areas for various players in 2019 to 2020 centred on compliance risk, operational risk, and anti-money laundering (AML) including related technology implementation projects. Over a quarter of the submissions fall under this bucket (see Figure 1), which has seen an uptick in terms of priority areas when compared to previous years.

New opportunities for risk control and efficiency are now predicated on the ability to confirm with the highest standards and best practices in meeting various regional and local compliance mandates. Similarly, most institutions assessed have begun to digitise their risk functions by taking an integrated approach to specific risk functions. A few have also undertaken broader digitally-based risk transformation that materially impacted risk control and mitigation capabilities.

Leading risk management practices embody technology-driven resilience and prevention

Establishing enterprise-wide resilience has shifted to an increased reliance on technology-driven intelligence in the risk management arena. Financial institutions (FI) that have a longer and more established digital transformation and automation journey have proven to be far more effective in surviving during the pandemic due to operational preparedness and early warning risk indicators of potential disruption.

China Minsheng Banking Corporation (CMBC) is one of the banks that has embedded resilience in every aspect of its organisation.  The bank identified dimensions of resilience including culture and brand, talent, the adoption of data and digital platforms, cybersecurity and financial improvements.  CMBC has built a risk adjusted return on capital (RAROC) system to improve its enterprise risk management (ERM) framework coupled with efficient capital usage, while pushing forward a customer-centric and risk-based management system. CMBC implemented the ERM transformation covering all risk dimensions namely credit, market, operational, strategy, liquidity, IT, reputation and compliance. Ultimately, this resulted in prudent portfolio management, a more optimal asset structure reflective of its business strategy and a better understanding over key quality risk indicators ensuring institutional stability.

Similarly, Maybank’s non-financial risk management framework, C-InSIGHT, coupled with the launch of its NFR Practitioner’s Certification Programme in 2019 have led to greater risk awareness and culture among stakeholders and fostered further collaboration across all lines of risk defence. Furthermore, the establishment of CARisMa, a group-wide programme that provides the bank with strategic advantages in the areas of capital adequacy and risk management, has also enabled the digitisation of non-financial risk analytics and corresponding processes. This allows tools like C-InSIGHT to leverage current data to facilitate more informed risk management decision-making. More importantly, Maybank’s operational loss in gross income eased to 0.06% in 2019.

CTBC Bank developed a smart KYC solution validation standard providing consolidated customer information across each AML contact point globally. The smart KYC solution has helped the bank break siloed data approach and enabled the application of a consistent global KYC standard. Effectively, the bank is now able to identify the same customer operating separate accounts in different parts of the world while reducing its reliance on manual investigations and performing rules-based decision-making. It also ensures that the data on each customer is consistent, timely and accurate. CTBC also applies biometric verifications during the customer onboarding process and uses facial recognition in branches to detect suspicious behaviour. The bank has also built a propensity score model, a correlation score model and smart process automation (SPA) technology to facilitate risk-based CDC reviews. This reduced time spent on verification and investigation by 65%. The entire onboarding process of offshore banking unit customers has also been reduced to within three weeks.

Technology as a key differentiator in managing non-financial risks

Digitisation has become instrumental in banking strategy as nearly all functional areas have been slated for digital transformations. Indeed, we are starting to see digital transformations in risk create real business value by improving operational efficiency and the quality of risk decision-making. While a digitised risk function provides better monitoring and control, it has also proven to be a central plank for the institutional success in business continuity planning and disaster recovery management efforts.

The cost of errors in a risk environment can make chief risk officers (CRO) more wary of the wait-and-see approaches characteristic of digital transformation. But this will need to change as the demands for agility in periods of prolonged crisis continue to test institutions globally. It will also require experimenting with innovative technologies such as artificial intelligence (AI), cloud services, and forming partnerships with fintechs imperative to drive down risk management costs.