Fuente: The Wall Street Journal
Only 60% of chief risk officers (CROs) at global financial institutions say their boards have worked at embedding the organization’s risk culture across the enterprise, and about the same percentage say their boards have reviewed incentive compensation plans to consider alignment of risks with rewards, according to the ninth biennial Global Financial Services Risk Management Survey from Deloitte Touche Tohmatsu Limited (DTTL).
“The survey finding means that 40% of boards at global financial services organizations have more work to do establishing and embedding the risk culture of the enterprise and promoting open discussions regarding risk,” says Edward Hida, a Deloitte Advisory partner in Deloitte & Touche LLP, and global leader, Risk & Capital Management. “This shows that focus is needed on the issue of setting the tone of risk culture at the board level,” he adds.
The survey, representing opinions from 71 financial institutions from around the world with aggregate assets of almost US$18 trillion, found that 63% of CRO respondents say their board reviews incentive compensation plans to consider alignment of risks with rewards. In addition, only about half of respondents say that it is a responsibility of their institution’s risk management program to review compensation plans to assess their impact on risk appetite and culture.
Regulators’ have been focusing on how boards communicate to their organizations the importance of risk management, governance, broader ethical standards and compensation practices, although the level of focus varies by country. In April, Mark Carney chair of the Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, told G20 finance ministers and central bank governors that “the scale of misconduct in some financial institutions has risen to a level that has the potential to create systemic risks.” He specifically flagged risk governance and compensation structures as areas the FSB will be focusing on in the future as part of that broader sweep.
The survey also found that 85% of respondents report their board currently devotes more time to oversight of risk than it did two years ago. This continues a trend of ratcheting up involvement by boards in providing risk oversight, which is expected to continue.
“Regulators are looking beyond solely quantitative measures of market, credit and liquidity risk to evaluate risk programs and assess whether institutions have created a culture that encourages employees to take appropriate risks and that promotes ethical behavior more broadly,” Mr. Hida adds. “Banks are responding to the regulatory focus on culture by establishing new oversight committees, offices and policies, while also struggling to develop the right approaches to measure and assess risk culture.”
There is widespread adoption when it comes to mainline measures designed to align employee incentives with the institution’s risk management objectives, like requiring that a portion of the annual incentive be tied to overall corporate results, the use of multiple incentive plan metrics and deferred payouts linked to future performance. Relatively few respondents, however, say their institution uses other compensation practices according to the survey results. For example, 30% of respondents say their organization imposes caps on payouts and 29% establish a maximum ratio between the fixed and variable component of total remuneration for employees identified as material-risk takers. Further, 28% use individual metrics tied to the implementation of effective risk mitigation strategies, and 19% match the timing of payouts with the term of the risk. “There is every indication that the next few years will bring further regulatory change, including in the incentive compensation area—and it is likely that many of these other practices will become more widespread over time,” adds Mr. Hida.
Other Survey Findings
Operational risk—Roughly two-thirds or more of respondents say their institution was extremely or very effective in managing traditional types of operational risks, like those related to legal and tax. While those numbers should be higher given the regulators’ specific focus on such areas, far fewer respondents believe their institution was extremely effective or very effective when it came to managing risks around third parties (44%), cybersecurity (42%), data integrity (40%) and risk and capital models (37%).
Regulatory reform impacts—When asked about the impacts of regulatory reform on their institution, respondents most often cite an increased cost of compliance (87%, up from 65% in 2012). Other impacts cited often were maintaining higher capital (62% up from 54% in 2012) and adjusting certain products, lines and/or business activities (60% up from 48% in 2012).
Securing talent—The greater attention by regulators on stress testing and its expanded use by financial institutions have created a large body of required work which has made it more difficult to secure professionals with the skills and expertise required. Eighty-eight percent of respondents say attracting and retaining risk management professionals with the required skills is at least somewhat challenging, including 32% that considered securing talent to be “extremely challenging” or “very challenging.”
Risk technology systems—Risk data and technology continue to pose big challenges, with 48% of respondents extremely or very concerned about the ability of the technology systems at their institution to respond flexibly to ongoing regulatory change. Sixty-two percent of respondents say that risk information systems and technology infrastructure were extremely or very challenging, and 46% say the same about risk data.