The 2016 Risk Practices Survey was published earlier this year by BankDirector in partnership with FIS, a NYSE listed financial services technology firm. I have always enjoyed reading these reports and the 2016 version is no exception. Some highlights are noted below. The survey results are based on replies from 161 governance actors, including NEDs, chairman, CEOs, CROs, and other senior executives of banks located in the US with assets greater than $500 million.
Cyber security is at the center of this study, with many banks yet to fully utlize the Cybersecurity Assessment Tool provided by the FFIE in 2015, according to the survey. Some 61% of bank respondents have indicated that they have yet to validate the results of this tool, which is used by supervisors in their bank exam processes.
In terms of risk governance, only 48% of total respondents report a the establishment of a board-level risk committee while 65% reported the existence of at least one member that could be identified as a risk expert on the board. Seventy-two percent of respondents reported that the firm's CRO reports to the CEO while only 20% report to the board. Lastly, 41% of respondents report that risk appetite arrangements/limit structure are reported (or cascaded down) to all employees. This last point is an interesting one and perhaps one means to be begin to translate risk appetite arrangements into building a more robust bank-wide risk culture. The full report can be assessed today at: http://www.bankdirector.com/issues/risk/2016-risk-practices-survey-banks-beef-up-on-cybersecurity/.
Comments
Post a Comment