Navigating risks in the financial sector

High focus on Risk might be misguided : Insights from Jean-Philippe Thirion and Nathalie Gys

Jean-Philippe Thirion is Business Unit Leader Financial Institutions at TriFinance. The common thread throughout his twenty-year career is a guiding role in transformations of clients in the banking and insurance sectors. His team makes the connection between finance and risk management.

Nathalie Gys is an expert in integrated, financial and non-financial risk management. She built up ten years of experience in the banking sector, where she focused on all kinds of risk types at different financial institutions. She recently joined TriFinance and is an active member of the Risk Management & Compliance Practice at TriFinance.

How do you see the role of risk management evolving within financial institutions to adapt to a rapidly changing landscape ?

Jean-Philippe Thirion: "Let's start by setting the scene: financial institutions face a wide range of risks requiring constant attention. But we don’t always see that the optimal attention to risk is given or that the right measures are being taken.

What matters is that risks are managed in an efficient and effective way. Recent examples of fines, penalties, and management changes in banks underscore that risks aren't always managed appropriately:

• BNP Paribas (BNPP): In 2014, BNPP was fined $9 billion for conducting transactions with blacklisted countries, with U.S. authorities mandating the resignation of certain senior staff members.
• ING: In 2018, ING was fined €775 million for failing to apply anti-money laundering (AML) procedures, leading to the resignation of the Chief Financial Officer (CFO) and no discharge of Board members.
• Crédit Agricole: In 2022, Crédit Agricole faced a €4.6 million fine for the incorrect presentation of its own funds. This followed a previous penalty in 2018 for similar issues.
• ECB Climate Risk Warnings: More recently, the European Central Bank (ECB) has threatened to fine 20 banks for not meeting green financing targets and for providing potentially misleading disclosures regarding climate risk.

The financial landscape has shifted due to events like COVID-19, geopolitical tensions, supply disruptions, the uncertain economic outlook and a ‘low for long’ interest rate environment followed by abrupt rate increases driven by restrictive monetary policies. 

Already existing concerns about structural vulnerabilities including the sustainability of the business and operating models of banks have been aggravated and impair the overall resilience of banks.  Appropriately managing the different emerging and evolving risks is the top priority of the Chief Risk Officers of financial institutions. Examples are:

• ESG Risks: While ESG opportunities are positive, regulatory penalties for non-compliance can be severe.
• Technology Risks: AI introduces risks related to data security, ethical behavior, information security vulnerabilities and the need for enhanced governance of digitalization strategies.
• Geopolitical Risks: Supply chain disruptions and political instability impact financial stability.
• Outsourcing Risks: Deficiencies in IT outsourcing might hurt in terms of business continuity and reputation risk.
• Talent Management: In today's rapidly changing business  environment, traditional approaches to talent management are no longer sufficient. The need to attract talent that is "fit for purpose" has become more critical than ever: organizations must seek out and hire individuals whose skills, experiences, and attributes align precisely with the current and future needs of the business.

Nathalie Gys: "Uncertainty, data reliability, and regulatory pressure are setting new challenges for risk managers. The effects of certain events and disruptions on the global economy are not as predictable as they used to be. Moreover, there is a vast amount of data available, but it's not always reliable, which can undermine forecasting and decision-making. Supervisory Authorities are also putting pressure on financial institutions to focus on effective risk management and enhance transparency via timely and qualitative disclosures, often using both carrot and stick approaches."

Risk management involves the idea of maintaining control - How the interconnectivity of our economies plays a critical role in it?

Jean-Philippe Thirion: "The modern world is characterized by an unprecedented level of interconnectivity, driven by globalization and amplified by the pervasive influence of social media. These elements intertwine to create a complex and dynamic global landscape, influencing economies, cultures, and societies worldwide. This Interconnectivity and rapid information flow heighten systemic and reputational risks, requiring continuous agility. In that sense, a robust and effective risk management approach should enable organizations to maintain control while also generating business opportunities. This dynamic approach must adapt to the fast-changing environment and the heightened uncertainty faced by financial institutions. In such a VUCA (volatile, uncertain, complex, and ambiguous) context, numerous opportunities can arise, and the risk management function plays a critical role in guiding management teams to focus on the right areas.

Does that mean that risk is a more critical topic in the financial sector than elsewhere?

Nathalie Gys: "Risk transformation is fundamental to the business model of financial institutions. It involves converting potential exposure to unpredictable internal/external influences into more predictable or preferred financial outcomes. Any alteration in underlying risks can directly impact profitability and threaten the stability of the business. This concept is essential to ensuring the stability and profitability of banks, insurance companies and investment firms.

For banks, maturity transformation - which is a key aspect of the Risk transformation - involves managing the interest rate spread between short-term deposits and long-term loans. Insurance undertakings mitigate potential losses by converting them into fixed premiums for the client. Investment firms trade in products and services to create value while transforming or reducing various risks, including valuation risk, currency risk, volatility risk, and concentration risk."

What is the impact of the increased interest rates on credit risk and the performance of the real estate sector?

Nathalie Gys: "The rising interest rate environment presents both opportunities and challenges for financial institutions. On one hand, rate increases are beneficial for the risk transformation function. For banks, this upward shift of the yield curve has led to a substantial rise in net interest income. Higher rates also provide more maneuverability on pricing and opportunities created by increased volatility. During periods of low and negative rates, banks were driven to diversify their income streams to fee income and engage in more cross-selling. Institutions that invested in these strategies are now seeing the benefits.

However, it's not entirely positive. Credit risk is currently at a tipping point, with non-performing loans (NPLs) expected to rise, especially in the residential and commercial real estate sectors. The almost doubling of ECB rates has had a positive effect on interest income for most financial institutions in 2023. The cost-to-income ratio for European banks has decreased, alleviating previous profitability pressures. However, there is a downside in the coming year(s): the higher interest rates negatively impact borrowing capacity for clients, making investments less attractive, thus negatively impacting loan production of residential real estate".

Jean-Philippe Thirion: "The increased rates have also slowed down commercial real estate sales financed through banks, and the geopolitical turmoil in regions like the Middle East and Ukraine has further added to the uncertainty, causing multinationals to postpone real estate investments."

Nathalie Gys: A rise in interest rates leads to lower valuations of fixed income portfolios negatively impacting the profitability of insurance companies. In 2022, there was a simultaneous decline of around 20% in both fixed-income and equity markets, putting pressure on the margin of insurance companies". This was unprecedented as in normal circumstances fixed income portfolios constitute a natural hedge against value declines in equity portfolios.

Jean-Philippe Thirion: "To navigate these challenges, financial institutions need agile forecasting and robust strategic planning, requiring collaboration between finance, business, and risk management teams. Continuous monitoring and adaptation are crucial, but projections often suffer from being overly optimistic and poorly structured due to insufficient challenge by risk management. There is also a risk of insufficient historical data to accurately model probabilities and potential impacts" as the world has changed since the outbreak of the pandemic and the subsequent disruptions".

We see that many new risks arise in the banking sector. Can we distinguish these from the traditional risks or is it too simplistic?

Jean-Philippe Thirion: "There are many ways to classify risks, but a breakdown between new and not new is less appropriate. Think, for example, of cyber risks. These are not necessarily “new”, it is their intensity that has changed. We prefer to refer to financial risks and non-financial risks. The first category deals with risks about interest rates, credit spreads, market volatility, liquidity and, the second with operational risks such as business continuity, information security, deficiencies in internal controls and with compliance risks.”

How do cyber threats and regulatory changes influence the Risk Management strategies, and what role does advanced analytics and AI play in enhancing compliance and managing people's risk?

Nathalie Gys: "There is no doubt that several risk factors are intensifying. That is mainly due to digital evolution, customer expectations that have changed strongly, and various disruptive events like the pandemic and geopolitical tensions that have led to substantial supply chain problems. I am also thinking of unpredictable disruptive events on the financial markets, individuals inciting others via social platforms to buy stocks, meme-stocks to create a hype without any underlying change of fundamentals. And even more important disruptive events, cyber-attacks. Supervisory Authorities are responding to the vulnerability of the system, for example, with the Digital Operational Resilience Act (DORA). Soon, all internal and external IT incidents will need to be reported in detail and in a standard format. It's challenging because banks' IT systems might be up to standard, but what about their service providers' systems?

Jean-Philippe further elaborates: “New reporting and regulations are often seen as a punishment. While it requires energy to implement necessary changes, it also offers the chance to better understand your clients, build better internal controls, or optimize service. We try to convey this mindset to our clients.
There's also growing attention to compliance on various topics. This field is evolving rapidly, partly because we can now use advanced analytics and Artificial Intelligence (AI) to create better data-driven models to assess clients' risk levels. The impact of AI itself is also a question, not just technologically: i see a discernment risk, related to critical thinking, which is under pressure in an information-overload era where people with bad intentions can cause unrest with disinformation."

Nathalie Gys : "Connected to this is the importance of people's risk which includes elements like aging, associated knowledge loss, recruitment challenges, and the increased focus on mental well-being in general. The pressure that is coming from the supervisor doesn't reduce stress factors, but certainly reduces employees’ resilience."

Are there other significant new risks, and how impactful can they be?

Jean-Philippe Thirion: "An underemphasized risk that could become more important in times of digitalization is the suitability risk: many people are interested in investments, but they don't capture well the risks and impact of the financial transactions they engage in. Although banks and insurers are active in communication, their mission to bridge the financial literacy gap of the customers and citizens has to be significantly improved."

Nathalie Gys: "Nowadays, it is possible to take out a loan for a house worth several hundred thousand euros over the phone or online. This can be finalized in half an hour, even though you, as a customer, may not be able to accurately assess the risks. This is also very difficult for bank employees to evaluate the client’s understanding of a product via digital channels only. When offering financial products, banks need to provide sufficient information on products available for the type of client in front of them, determine an accurate risk profile of the client, and propose a suitable solution, matching both

Of course, there's also the ESG aspect, both in terms of opportunities and risks. The banking sector can offer many services to support clients with the necessary transformation towards becoming (close to) energy neutral. Banks can share their expertise in sustainable transition with their clients and offer products and services with positive ESG- impact. Banks must however assess and manage ESG risks accurately, including disclosures, as supervisory expectations have strongly increased, and greenwashing can result in severe reputation and even business model risk.

What types of opportunities does dynamic risk management generally offer?

Jean-Philippe Thirion: “Beyond ensuring that financial institutions remain in control, significant opportunities lie in ongoing process improvements and the optimal calibration of risk culture and frameworks. Dynamic risk management should also drive the definition or reshaping of new value propositions for clients. As individuals and companies face increased uncertainty, banks and insurance companies must assist their clients by developing new services that address concerns about capital risk for customers close to their retirement, ESG- impact, cyber risk, market volatility, valuation risk and concentration risk.

This is why Risk Management teams need to collaborate more closely with colleagues and partners from commercial, finance, IT, process, and legal functions. Working together, they can consider opportunities while identifying and accurately assessing potential risks using a risk-based approach. Collaboration can also elevate processes, organization, and results to a higher level. This must be done within a defined risk tolerance (Risk Appetite), where product pricing is determined in a risk-based manner."

What is the role of the future risk manager?

Nathalie Gys: "Traditionally, the role was more defensive, focusing on potential losses and often saying 'no' or ‘yes, if with many conditions’ to proposals. Now, we need a different profile, someone who thinks transversally and from a compliance perspective about new opportunities, without losing sight of risks, and genuinely supporting the business from a risk perspective. In short, the risk manager should be seen as a business partner."

Jean-Philippe Thirion: "Thinking about the combination of risks and opportunities, a good risk manager is both a guardian and a business enabler. This person or team ensures the company's sustainability through three key competencies:

• observing and describing the situation,
• predicting scenarios,
• prescribing measures.

This creates a strong link between the company's strategic vision and the dynamic risk management dimension. A strong Board of Directors with sufficient risk management knowledge and a holistic view also on emerging opportunities and risks, along with adequate governance, is also essential."

Stephen Hawking described intelligence as the ability to adapt to change. Is it possible to be fully 'in control' in this context?

Nathalie Gys: "Staying is key because it's a tough world—it's eat or be eaten. Let’s take an example: In 2023, the failure of Silicon Valley Bank (SVB) and Signature Bank triggered significant financial instability. SVB's collapse was due to its concentrated exposure to the local startup sector and inadequate risk management, which failed to account for its long positions in interest rate-sensitive assets. As interest rates rose in 2022, the value of these assets plummeted, leading to substantial losses, unsuccessful recapitalization and eventually a bank run. Signature Bank faced similar issues, compounded by its involvement in cryptocurrency, which went into distress when clients' trust in crypto eroded. Federal regulators intervened to prevent contagion, and a US Deposit Insurance Agency report blamed Signature Bank's failure on mismanagement and poor corporate governance, highlighting the need for better oversight and more diversified risk management strategies."

Jean-Philippe Thirion: "Absolutely, it’s just like Stephen Hawking's quote. It also reminds me of philosopher Immanuel Kant's statement: 'Someone's intelligence can be measured by the quantity of uncertainties that she/he can bear”. This is very true and relevant today. Whether there are more uncertainties now than before is debatable, but they are more visible and interconnected.

Teaching the organization to cope with these uncertainties is the role of risk management. However, controlling everything in this complex world is unrealistic. The key is to acknowledge the existence of these uncertainties and risks, and then to assess them as accurately as possible to consistently make informed decisions about accepting and managing them."

What solutions brings TriFinance to Financial institutions to enhance their control over various aspects of risk management ?

Jean-Philippe Thirion:

• "Upgrading the Non-Financial Risk Management Framework: Making it more effective and ensuring compliance with regulatory and supervisory expectations.
• Ensuring Accountability: Empowering business and operational departments to take ownership of managing the overall risk profile as first-line risk owners.
• Redefining Risk Appetite Statements: Revising statements for non-financial and compliance risk factors, and establishing key risk indicators. This includes creating comprehensive management reporting processes for senior management, the Management Board, and the Board of Directors. Key areas of focus include HR risk, business continuity, ESG risk, and information security risk, as deficiencies in these areas can negatively impact branding and reputation."

Pictures: Pexels