A scaling up of the risk manager’s profile

The way banking is conducted has changed considerably in the last decade, bringing numerous challenges to the people who manage it.

In a fast changing world with less risk appetite, increased banking digitisation and different regulations, risk managers are always grappling to understand, mitigate and manage risks because of the complexity of transactions and the speed at which they are being executed. The risk manager plays an important role in the business chain within banks, supporting growth while ensuring adherence to the board’s directives and regulatory compliance.

The first and most important challenge of the risk manager is defining the risk appetite, in terms of various risks undertaken by a bank and communicating them across different stakeholders in the form of policies, programmes and procedures. In many instances, the policy and strategy of banks do not correlate, which can result in multiple interpretations and can cause confusion among stakeholders.

The strategy generally defines a bank’s plans in terms of growth in balance sheet and profitability without sufficiently covering the risks arising from such growth. Hence it is imperative risk managers work closely with other functions to align the board’s policy with a bank’s strategy, allowing all stakeholders to work together on the aligned objectives.

In achieving this, the risk manager’s role is integrated in the entire network chain — from setting the limits, evaluation, mitigation, monitoring, reporting, governance and ongoing review of the process — to ensure smooth activity while complying with the regulations.

Another important challenge for a risk manager is to enhance shareholder value by linking the risk metrics to performance measurement. But to have a positive impact on the profitability of a bank, there are three major tasks risk managers must manage effectively.

The first task is to reduce the impact of divergence between the cost of funding and financing. Historically low global profit rates have put a downward stress on market asset yields, while any changes in the economic conditions, particularly those that are local or regional, increases the cost of liabilities abruptly.

The risk manager, therefore, should try to establish a good pricing mechanism to avoid mispricing of both assets and liabilities of a bank.

The second task is to implement relevant scoring models and portfolio analytics across the various types of credit exposures in a bank. This helps in pricing credit risk correctly and assists in assessing the financing trends, which will facilitate the monitoring and maintenance of quality in the credit book.

The third major task is to ensure efficient utilisation of capital in a bank. Capital is increasingly becoming a scarce resource, as the returns demanded by shareholders are high due to its limited availability. As a result, risk managers need to optimise the utilisation of capital, seeking a balance between capital consumption and returns earned on the assets.

Risk can also occur as a result of technology. The digitisation of banking activities, to meet customer demands, has increased the probability of data being compromised. The number of cybercrimes in the banking industry has increased globally and a minor threat can have a serious impact on core operations and damage brand image. Indeed, the increase in the number of different electronic banking channels has added to the risk levels faced by banks.

It is imperative that banks consistently update and protect themselves against these cyberattacks, which can occur in various forms on an ongoing basis. Banks should regularly perform vulnerability assessment — including penetration testing and application security testing — to assure data protection. This should be done independent of Information Technology.

This has widened the spectrum of a risk manager’s role to include management and governance of information security. Banks, thus need to deploy adequate resources to ensure that privacy and confidentiality of clients’ data is maintained at all times.

Traditionally, the risk manager is focused on developing a framework for the management of reporting to the UAE Central Bank on risk-related matters. This role needs to be enhanced from just reporting to managing the relationship, as banks face the challenges of many new regulations, such as Basel III, IFRS 9 and other reporting requirements.

This will be critical if these regulations are to be implemented without delays, while at the same time, monitoring and assessing their implications on different areas and providing continuous feedback to regulators.

The risk manager should conduct a continuous assessment of regulatory changes and take the necessary steps to minimise any impact. This can be best achieved if there is continuous and value added communication between the risk manager and regulators.

It is proven that high performing banks generally have a stronger risk management culture as they understand the risks better and the ways to deal with it. There is a thin line between the role of a risk manager supporting business growth and managing the risk appetite of a bank.

In principle, the risk manager should always take a balanced and mature approach in addressing risk related issues. While the emphasis remains on business growth, there should be no compromise on the robust risk management in a bank.

The writer is Head of Financial Risk Management and Basel II, Noor Bank. Views expressed in the column are the writer’s own and do not reflect that of the newspaper.