Risk oversight: Challenges and a new approach

Risk oversight: Challenges and a new approach

By Richard Pike, CEO, Governor. 

Richard, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

I have a number of roles at the moment. I am an independent non-executive director at three financial institutions (permanenttsb bank, JPMorgan fund administration and JPMorgan hedge fund administration), I teach risk and compliance management at various levels (bank director, MSc and diploma) and I am the founder and CEO of Governor Software. My real focus right now is on improving governance and oversight of risk and compliance within financial institutions.

At Risk EMEA 2018, you will be discussing ‘Risk Oversight: Challenges and a New Approach’ – Why is this a key talking point in the industry right now?

The role of Chief Risk Officer has evolved significantly over the last decade with a new level of complexity applied to portfolio’s and KPIs.  As a result, maintaining an overview of risk related projects is challenging and the current structure can often mean that the CRO’s lacks transparency and oversight of the banks position. Current structures can mean organisations can end up managing risk in disconnected silos instead of thinking of the bigger picture.

What are the key considerations that need to be made with risk oversight approaches?

A key goal of firms is to develop a mature approach to Governance, Risk and Compliance (GRC) that measures and understands risk.  Organisations need to understand, map, and monitor the complex inter-relationship of risks, objectives, regulations, and frameworks across an organization. During my presentation, I will discuss how using the latest visualisation technology, can help CRO’s maintain clear oversight of their risk framework coupled with the ability to drill down into the detail when required.

 What in your opinion are the key risk challenges for FIs in 2018?

Clearly in the external environment things like Brexit, cyber risk and inflation are key challenges. Regarding internal risk challenges, the constant focus on cost and efficiency will focus minds on the area of non-financial risk and how it aligns with the other parts of the assurance framework. There is an increasing view that many firms can be more efficient in providing assurance as to the operation of controls and the management of operational risk. Another area of concern I hear is that many risk frameworks and team cannot effectively manage the interrelationships between risks. So both the regulator and the senior execs are starting to look to risk organisations to show them how they can understand and manage these linkages.

 

Finally, what challenges do you foresee in the future? And have you got any advice for your peers on how to best handle them?

External challenges will always arrive, but in terms of risk function challenges, I see the increasingly intrusive nature of the regulators. Where I see this challenging the risk teams is the amount of resources they need to allocate to regulatory reviews and the amount of evidence they need to retain concerning oversight and governance activities. These challenges are all happening against a backdrop of cost challenges from the business.

As to my advice, I would say that risk managers need to be clear on the obligations they have to their stakeholders and for each obligation have a clear set of data and evidence to show that they have achieved those obligations (or where they haven’t what they are doing about it). This will also help with their requirements under SMCR in the UK and similar regulatory focus in other jurisdictions.