As a result of the 2008 financial crisis, the risk management strategies used by banks have undergone a significant change. While many of those changes resulted from new financial regulations designed to prevent another crisis, technological advancements have raised customers’ expectations and created new risks.
Banking risk management responsibilities expand far beyond the area of limiting credit risks and implementing procedures to monitor those risks. Changes in banking regulations and reliance on new technologies bring novel challenges in addressing the risks associated with banks.
Surveys of bank executives and banking experts list cybercrime as the leading risk for banks. Mark Cooke, group head of operational risk at HSBC, warned that expanding digital banking service channels and the increasing sophistication of cyberattacks have exacerbated rising vulnerabilities to cyber risk. Cooke noted that banks could experience reputational damage as a result of lost client information or denial of customer services.
When a bank data breach appears in news reports, many of the targeted bank's customers respond by transferring their accounts to other institutions out of concern that their bank’s security controls are not adequate to protect confidential customer data. Consumers grow resentful of banks when it becomes necessary to change bank cards and update their online accounts with new numbers. The costs expand beyond those incurred for the re-issuance of new cards.
In late 2015, the Federal Reserve Bank of New York identified cybersecurity as one of its foremost risk priorities. Nevertheless, in July 2016, the New York Fed faced ongoing criticism for having been tricked by hackers into transferring $101 million from Bangladesh Bank to accounts in the Philippines and Sri Lanka on Feb. 4, 2016.
A Reuters investigative team obtained documentation from cybersecurity firm FireEye (NASDAQ: FEYE) revealing that the hackers were able to access the Bangladesh Bank’s computer system with stolen credentials. The fact that hackers could deceive the New York Fed sends a dire warning to the banking industry about the need to verify credentials used in processing online transactions.
Stolen credentials can also be used in constructing completely synthetic identities for obtaining loans and conducting fraudulent online transactions.
Another significant risk confronting the banking industry is known as conduct risk. Conduct risk concerns the consequences resulting from how banks deliver services to their customers and how those institutions perform in relation to their competitors. In the wake of the 2008 financial crisis, the Consumer Financial Protection Bureau (CFPB) was created to educate and inform consumers about abusive banking practices.
Inappropriate conduct, such as making misrepresentations about financial products and bank services, can result in lawsuits and regulatory sanctions arising from claims of fraud. Exposure for claims of market abuse can arise from such oversights as the failure to implement adequate safeguards to prevent money laundering. The CPFB is levying significant fines for market abuse and poor conduct. Banks should be mindful of the consequences resulting from failure to provide employee awareness programs for avoiding conduct risk.
The increased regulation of the banking industry since 2008 has brought risks of misinterpretation of new regulations as well as risks arising from failure to implement the necessary changes to keep up with regulatory expectations. Banks must comply with the statutory requirements set forth in the Dodd-Frank Wall Street Reform and Consumer Protection Act as well as the regulations established by the CFPB. Banks must devote time, effort, and resources toward understanding and complying with these new regulations.
Banks can become faced with the challenge of resolving conflicts in their business priorities as a result of new rules. Smaller banks experience greater infrastructure pressures when attempting to keep up with these regulatory changes. Managers must sacrifice time from other tasks and change their focus toward addressing regulatory compliance.
Transnational banking regulations, such as Basel III, which established new bank capital requirements, can create new challenges when a conflict or lack of consistency between overlapping regulations from different jurisdictions arises.
Inadequate protocols for ensuring compliance with new regulations can result in fines and other sanctions.