I’m heading out to Chicago and Bank Director’s annual Bank Audit & Risk Committees Conference. The agenda — focused on accounting, risk and regulatory issues — aligns with the information needs of a Chairman of the Board, Audit and/or Risk Committee Chair and Members, Internal Auditors, Chief Financial Officers and Chief Risk Officers. Before I welcome some 300 attendees (representing over 150 financial institutions from 39 states) to the Palmer House, I thought to share three things that would keep me up at night if I traded roles with our attendees.
(1) The Risk of New Competition
For bank executives and board members, competition takes many forms. Not only are banks burdened with regulation, capital requirements and stress testing, they now have the added pressure of competition from non-financial institutions. Companies such as Paypal, as well as traditional consumer brands such as Walmart, are aggressively chipping away at the bank’s customer base and threatening many financial institutions’ core business — a fact made clear by Jamie Dimon, the CEO of JPMorgan Chase, at a shareholder meeting this February.
“You’d be an idiot not to think that the Googles and Apples . . . they all want to eat our lunch. I mean, every single one of them. And they’re going to try.”
To this end, I find myself agreeing with Accenture’s Steve Culp, Accenture’s senior managing director of Finance & Risk Services, when he writes “banks need to keep developing their risk capabilities, skills and talents, and align these skills with their agenda around future growth. If they don’t align their growth agenda with their risk capabilities—building a safe path toward growth opportunities—they will miss out on those growth opportunities.” While I plan on diving much deeper into this topic following the conference, I definitely welcome feedback on the issue below.
(2) The Risk to A Reputation
While the Dodd-Frank Act requires publicly traded banks with more than $10 billion in assets to establish separate risk committees of the board, and banks over $50 billion to additionally hire chief risk officers, I’m seeing smaller banks proactively following suit. Such additions, however, does not absolve directors and senior managers of financial institutions from preparing for the worst… which is easier said then done. In some ways, a bank’s reputation is a hard-to-quantify risk. Anyone can post negative comments online about an institution’s products, services or staff, but one only needs to look at Target’s financial performance post-cyber hack to realize that revenue and reputation goes hand-in-hand.
(3) The Risk of Cyber Criminals
Speaking of Target, earlier this year, Bank Director and FIS collaborated on a risk survey to pinpoint struggles and concerns within the boardrooms of financial institutions. As we found, tying risk management to a strategic plan and measuring its impact on the organization proves difficult for many institutions, although those that have tried to measure their risk management program’s impact report a positive effect on financial performance. What jumps out at me in the results of this research are the concerns over cyber and operational security. Clearly, the number of “bad actors” who want to penetrate the bank’s defenses has increased exponentially, their tools have become remarkably sophisticated, and they learn quickly. I read an interesting piece by an attorney at Dechert (sorry, registration required) that shows the analytical framework for cyber security is very similar to what most directors have focused on in their successful business careers: people, process and technology. But theory is one thing, putting into practice a plan to protect your assets, entirely different.
To comment on today’s column, please click on the green circle with the white plus sign on the bottom right. If you are on twitter, I’m @aldominick. Aloha Friday!