- Corporate Security
- Governance, Risk and Compliance
- Information Security
Governance, Risk and Compliance
By Diana Buccella Modified November 8, 2019
Late last year, we conducted a survey where we asked professionals in the financial sector about what they identify as the top risks that will impact their organizations. While the answers varied widely in scope depending on the industry of the specific respondent, there were a few common responses that we continued to come across. Below are the top 12 risks that financial institutions should be aware of as identified by risk managers.
One of the most commonly cited fears was damage to their company’s reputation. This is not surprising, as reputation is a vital ingredient to business success, whether in regards to customer trust or employee loyalty. Companies that inspire employees and customers alike find great success today, as was the case with the Massachusetts-based supermarket chain Market Basket, which has continued to flourish following mass protests in 2014 involving the ousting of a beloved CEO.
While key ingredients for acquiring a good corporate reputation, such as high quality, outstanding service, and competitive prices, are relatively well understood, there are seemingly countless ways in which a brand might be damaged. It could be the result of unethical conduct, like what happened to the Volkswagen brand following the reveal of its so-called emissions scandal in 2015. Reputational damage could also result from poor security practices, as evidenced by the 2017 Equifax data breach, which exposed the sensitive data of over one hundred million people and caused heavy damage to its reputation.
Speaking of data breaches, the fear of cybercrime also commonly appeared as a separate response in our survey. And that is no wonder, as cyberattacks like distributed denial of service (DDoS) attacks are increasing in frequency every year. Such attacks can wreak havoc on a company’s internet infrastructure, potentially sending domains and web-based services offline for hours at a time and breaking functionality for their users.
Cybercrime can have serious consequences for a company’s bottom line in several ways, whether measured in lost time and productivity, cost necessary to fight the attacks, or simply in the loss of customer trust following a leak of sensitive data or failure to provide services according to expectations. The above-mentioned Equifax breach resulted in considerable brand damage, and DDoS attacks can easily result in thousands of dollars in damages stemming from a lower credit rating or higher insurance premiums.
It seems that no matter where you turn for news, there is discussion about worldwide economic stagnation. Whether focusing specifically on Europe or China, Japan or the United States, the one constant seems to be the belief in some kind of synchronized global economic slowdown.
In modern financial theory, a firm’s exposure to general market risk is known as its “beta.” Although the betas of banks and financial service companies are relatively low compared to other industries, they are still correlated in a positive direction, meaning that they are still expected to be negatively impacted in response to a fall in the overall market.
Few financial organizations outside the biggest banks can hope to achieve any kind of influence over fiscal and monetary policy, making the signs of an impending global economic slowdown concerning for financial professionals who are otherwise mostly powerless in the face of an economic downturn. With that said, there are ways for a company to prepare for widespread economic turbulence. Useful strategies include addressing the possibility of facing a poor economy well in advance, maintaining a long-term orientation despite rocky short-term performance, and making decisions based on growth prospects as well as cost reduction. Planning well in advance and building financial buffers will go a long way towards mitigating the effects of a coordinated economic downturn.
Similar to fears of general economic slowdown, a good number of financial professionals responded that regulatory and legislative changes pose a risk to their companies in 2019. Much talk has already been generated about the exceptionally high costs of compliance for companies in the financial industry, with overall regulations seemingly doubling every few years and costing banks upwards of one hundred billion dollars annually.
For an example of legislation significantly impacting the business operations of financial institutions, look no further than the Dodd-Frank Wall Street Reform and Consumer Protection Act. Passed in 2010 while still on the heels of the financial crisis and rolled out over several years, the legislation placed restrictions on the way banks could engage in investments and speculative trading, and once again eliminating proprietary trading altogether. While the ostensible purpose of the legislation was to reduce systemic financial risk and protect consumers, it also strained the profitability of small community banks and drove some out of business altogether, with the US losing 14% of such institutions between 2010 and 2014. An understanding of these consequences resulted in a partial Dodd-Frank rollback in 2018, where small lenders were exempted from certain loan disclosure requirements.
Looking outside the US, the European General Data Protection Regulation (GDPR), enacted in 2016 and implemented in 2018, is perhaps the most high-profile example of online data privacy regulation. The GDPR places many requirements on how companies are to treat consumer data, individually costing companies millions of dollars in compliance worldwide and imposing serious costs on small and medium-sized businesses. Now, many believe that the US will soon follow suite in enacting data privacy legislation, especially on large technology companies like Facebook, undoubtedly adding further to compliance costs.
In an economic system marked by competition, successful companies cannot simply sit on their laurels, lest an ambitious industry upstart appear and offer superior products or lower prices to entice customers away. This is no different in the financial industry, with the advent of financial technology and new means to invest and save appearing along with the proliferation of smartphones and other mobile internet-connected devices.
Indeed, traditional financial institutions have encountered competition in recent years from smartphone stock trading apps like Robinhood, as well as from online loan and impact investing platforms. Meanwhile, tech giants like Amazon and Google always pose an outside threat to disrupt virtually any industry, including financial services. Just look at Apple Pay, which allows iPhone users to achieve common banking functions like swiping a credit card or sending money to family or friends.
And this is all to say nothing about the potential for cryptocurrencies to one day gain more traction and cause a huge upheaval in the way financial intermediaries operate. While anyone who has followed the cryptocurrency scene over the past few years can attest to the significant volatility in the sector, that has not stopped large financial institutions like Bank of America from expressing worry about their growing popularity and seeking ways to stay ahead of potential developments in blockchain technology.
In the face of such increasing competition in the financial sector, it is necessary for companies to be able to innovate to continue to prosper. In technology, Apple was a dominant force for innovation during the time of Steve Jobs, but recent sales decline has come along rumblings concerning a lack of innovation coming out of the company.
Of course, Apple is still an industry giant and will not be going away anytime soon, as has been demonstrated by the reveal of the Apple Card, a partnership with Goldman Sachs and Mastercard that offers a credit card integrated directly into the iPhone’s Wallet app, as well as new subscription services in news and television programming. Apple stock has continued to rise despite poor headlines earlier in the year, serving as a reminder that even the most successful companies must innovate to stay ahead of the competition.
Innovation that lets one company stay ahead of the competition could end up changing the way the entire industry operates, leaving those slower to adapt behind. Disruptive technologies can take the form of service ecosystems like Apple Pay, new investing platforms like the Robinhood app, or even would-be money of the future like cryptocurrencies.
In such a constantly changing industry as finance, there is always the threat of new technologies that could draw consumers away from traditional practices. For organizations to be successful and survive long into the future, such changes must either be anticipated or adapted to as well as possible. Apple Card, for instance, promises to attract existing Apple users with its ease of use and lack of annual fees, which has undoubtedly already spurred other major credit card companies to evaluate and improve their own offerings where they see fit.
The problem of attracting and retaining quality talent was another common refrain from the financial professionals we surveyed. High turnover rates require resources to be devoted to hiring and training employees rather than put towards other valuable business development goals. It also can affect employee morale and make it difficult to create a positive company culture, where employees understand and share the organization’s values and mission.
With unemployment low across the US, companies must work hard to attract the best and brightest, offering perks such as professional development program, an appealing workplace culture, and sometimes simply just more money than competitors.
“Time is money,” and nowhere is this more true than in the financial sector. Business interruptions result in lower productivity, lower profit, and, depending on the situation, potential brand damage. Such interruption could come as a result of cyberattacks, as outlined before, or may be simply caused by extreme weather events.
Purchasing business interruption insurance is one option some companies use to mitigate such a risk, although such policies cover only loss or damage to tangible items and not lost profits. In any case, there is no doubt that business interruptions are best to be avoided.
Similar to the fear of regulatory or legislative changes, political risk and uncertainty also factored among the twelve most common survey responses. Sudden changes in the political winds can have very real consequences for companies, as has been illustrated clearly with the recent arrest of Huawei’s CFO in Canada.
Furthermore, recent threats of tariffs to be imposed against China and Europe by the United States also impacts business prospects for many companies operating within their borders. As with the fear of economic slowdown, the best way to deal with political risk is to make contingency plans well in advance regarding how to deal with potential disturbances to certain markets or supply chains. While no single company can control such systematic risks, those that position themselves to be resilient in the face of external shocks have the best chance to handle political uncertainty in stride.
Speaking of lack of control, respondents also mentioned third party liability as a major risk that they fear in 2019. While the exact situations where third party liability arises may vary between different industries, it can occur whenever a firm uses an outside company to provide some kind of service. Third party liability risk is especially important in the financial industry, where financial service firms face liability for the actions of vendors. As a result, it is vitally important for financial firms to thoroughly evaluate third parties before entering into official partnerships.
The banking industry in particular has been ahead of the pack in establishing systems for addressing third party liability risk. Motivated by the aforementioned increase in frequency and severity of cyberattacks, banks have increasingly integrated vendor risk management into their operations. Processes commonly used to address third party liability include preliminary risk assessments, careful drafting of contract provisions, and ongoing oversight and monitoring of third party vendors.
While it is impossible to fully eliminate third party liability except by deciding to not engage in partnerships entirely, the best way to mitigate third party risk is to select opportunities carefully and exercise prudence in all dealing with outside business partners.
Rounding out the list of the 12 most common survey responses is commodity price risk. Commodity price risk is defined as “the price uncertainty that adversely impact the financial results of those who both use and produce commodities.” Notable commodities that cause price risk for companies and consumers alike include oil, corn, cotton, aluminum, and steel. Firms facing significant commodity price risk usually engage in hedging through the use of futures contracts on global exchanges like the Chicago Mercantile Exchange.
The recent steel and aluminum tariffs imposed by the United States illustrate how commodity price risk may manifest and negatively impact companies involved. Following the enactment of the tariffs, publicly traded steel companies have suffered in terms of stock valuations and general company health as they face higher prices, lower output, and lower sales.
While few of these risks can be fully eliminated, having a complete risk management program in place can go a long way towards mitigating catastrophic events.