26/53
  • Pages
  • Editions
01 Cover
02 Contents
03 Introduction
04 Executive Summary
05 Respondent Profile
06 Top 10 Risks
07 1. Cyber Attacks/Data Breach
08 2. Business Interruption
09 3. Economic Slowdown/Slow Recovery
10 4. Commodity Price Risk/Scarcity of Materials
11 5. Damage to Reputation/Brand
12 6. Regulatory/Legislative Changes
13 7. Pandemic Risk/Health Crises
14 8. Supply Chain or Distribution Failure
15 9. Increasing Competition
16 10. Failure to Innovate/Meet Customer Needs
17 Top Risks in Previous Years, by Region, and by Industry
18 Risk Readiness for the Top 10 Risks
19 Losses Associated with Top 10 Risks
20 Mitigation Actions for Top 10 Risks
21 Top 10 Risks in the Next 3 Years
22 Underrated Risks
23 Industry Views
24 Construction and Real Estate
25 Energy, Utilities and Natural Resources
26 Financial Institutions
27 Food, Agribusiness and Beverage
28 Healthcare Providers and Services
29 Hospitality, Travel and Leisure
30 Industrials and Manufacturing
31 Insurance
32 Life Sciences
33 Professional Services
34 Public Sector Partnership
35 Retail and Consumer Goods
36 Technology
37 Telecom, Media and Entertainment
38 Transportation and Logistics
39 Regional Views
40 Asia
41 Europe, Middle East and Africa
42 Latin America
43 North America
44 Pacific
45 Risk Management In-Depth: Key Findings
46 Approach to Risk Management, Risk Assessment and Cross-Functional Collaboration
47 Key Controls and Mitigation
48 Captives
49 The Role of Risk Management in M&A and Divestitures
50 Risk Management Department and Function
51 People Risk
52 Methodology
53 Contact

Industry Views

Financial Institutions

Key Issues for the Industry Currently Reflected in the Risk Selection

Risk profiles of financial institutions are rapidly evolving due to changes in their operating models and client offerings, as well as because of accelerating competition from digital challengers, including fintech companies. Moreover, the costs associated with these digital transformations present risks of their own, placing pressure on profit and loss statements, especially if low interest rates continue.

Survey results reveal a broad stakeholder focus on potential losses from rare events, known as long-tail risk, related to climate, credit and cyber, among other areas. Regulatory or legislative change (number five) is also a highly rated risk — related to issues such as climate change, ESG, digital assets and resiliency —and also compounds some other risks (for example, data privacy).

Surprises in the Top 10 Risks Selected

With cyber attacks ranking as the number one risk by financial institutions, it is surprising that related risks, including supply chain or distribution failure, vendor risk, conduct risk and fraud, didn’t make the top 10. Industry data suggest that fraud has risen significantly since lockdowns began. Other noticeable omissions from the top 10 are political risk, credit risk and climate change, a concern that dominates board rooms. Arguably, credit risk should rank higher, especially given its prevalence in Europe, the Middle East and Africa, which accounted for 42 percent of respondents.

Most Underrated Risks

The most underrated risks are non-financial, particularly fraud, embezzlement and other misconduct. Among banks, the most frequent and severe losses have historically occurred as a result of these types of conduct risks. The current environment — with legions of employees working from home — increases the potential for more longer-tail losses during the next three to five years and for incidents that could go undetected for periods of time.

Challenges the Industry Will Face in the Next 3 Years and What Organizations Can Do to Address Them

Transition risk associated with meeting stakeholder demand for ESG is among the biggest challenges facing the industry. In addition, risk departments will be challenged to ensure they have robust frameworks in place to quantify and mitigate long-tail risk exposure.

Adoption of new technologies and the need to innovate at scale must be accompanied by plans to mitigate associated cyber and litigation risk. According to VMWare, in the three-month period from February through March 2020 cyber attacks targeting the financial sector increased 238 percent; ransomware attacks increased nine fold during the same period. Cyber risk governance practices need to keep pace with the threat landscape.

How New Challenges Will Require Companies to Change Their Approaches to Risk Management and Mitigation

Financial institutions will need to ensure they have a structured approach in defining cyber and other non-financial risks. This includes developing a detailed understanding of key risks — quantified at increased confidence levels — in the context of an institution’s risk appetite and tolerance. Additionally, financial institutions must increase their reliance on risk transfer as a tool to manage volatility. Broad stakeholder focus on climate risk, coupled with more climate-related losses, will require financial institutions to forge tighter linkages between corporate strategy and climate risk management. This effort will include incorporating new modeling techniques into risk frameworks and evaluating new sources of capital, such as insurance-linked securities, to transfer or mitigate retained risk.

Current Top 10 Risks

Predicted Future Risks

By 2024

Have a question? Contact us.

Industry Views

Financial Institutions

Current Top 10 Risks

Predicted Future Risks

By 2024

Key Issues for the Industry Currently Reflected in the Risk Selection

Risk profiles of financial institutions are rapidly evolving due to changes in their operating models and client offerings, as well as because of accelerating competition from digital challengers, including fintech companies. Moreover, the costs associated with these digital transformations present risks of their own, placing pressure on profit and loss statements, especially if low interest rates continue.

Survey results reveal a broad stakeholder focus on potential losses from rare events, known as long-tail risk, related to climate, credit and cyber, among other areas. Regulatory or legislative change (number five) is also a highly rated risk — related to issues such as climate change, ESG, digital assets and resiliency —and also compounds some other risks (for example, data privacy).

Surprises in the Top 10 Risks Selected

With cyber attacks ranking as the number one risk by financial institutions, it is surprising that related risks, including supply chain or distribution failure, vendor risk, conduct risk and fraud, didn’t make the top 10. Industry data suggest that fraud has risen significantly since lockdowns began. Other noticeable omissions from the top 10 are political risk, credit risk and climate change, a concern that dominates board rooms. Arguably, credit risk should rank higher, especially given its prevalence in Europe, the Middle East and Africa, which accounted for 42 percent of respondents.

Most Underrated Risks

The most underrated risks are non-financial, particularly fraud, embezzlement and other misconduct. Among banks, the most frequent and severe losses have historically occurred as a result of these types of conduct risks. The current environment — with legions of employees working from home — increases the potential for more longer-tail losses during the next three to five years and for incidents that could go undetected for periods of time.

Challenges the Industry Will Face in the Next 3 Years and What Organizations Can Do to Address Them

Transition risk associated with meeting stakeholder demand for ESG is among the biggest challenges facing the industry. In addition, risk departments will be challenged to ensure they have robust frameworks in place to quantify and mitigate long-tail risk exposure.

Adoption of new technologies and the need to innovate at scale must be accompanied by plans to mitigate associated cyber and litigation risk. According to VMWare, in the three-month period from February through March 2020 cyber attacks targeting the financial sector increased 238 percent; ransomware attacks increased nine fold during the same period. Cyber risk governance practices need to keep pace with the threat landscape.

How New Challenges Will Require Companies to Change Their Approaches to Risk Management and Mitigation

Financial institutions will need to ensure they have a structured approach in defining cyber and other non-financial risks. This includes developing a detailed understanding of key risks — quantified at increased confidence levels — in the context of an institution’s risk appetite and tolerance. Additionally, financial institutions must increase their reliance on risk transfer as a tool to manage volatility. Broad stakeholder focus on climate risk, coupled with more climate-related losses, will require financial institutions to forge tighter linkages between corporate strategy and climate risk management. This effort will include incorporating new modeling techniques into risk frameworks and evaluating new sources of capital, such as insurance-linked securities, to transfer or mitigate retained risk.

Industry Views

Food, Agribusiness and Beverage

Keep reading >

©2021 Aon plc. All rights reserved | Contact Us | Privacy Policy | Legal