As banks continue to become more reliant on technology, the risks and concerns around cybersecurity and compliance continue to grow. Presented by Bank Director and sponsored by Moss Adams LLP, the 2019 Risk Survey compiled the views of 180 bank leaders, representing banks ranging from $250 million to $50 billion in assets, about the current risk landscape. Cybersecurity was identified as the greatest concern, continuing the trend from the previous five versions of this report and indicating an industry-wide struggle to fully manage this risk.
Other top trends included the use of technology to enhance compliance and the potential effect of rising interest rates. Here’s what banks need to know as they assess the risks they’ll face in the coming year.
With the SEC focusing on cybersecurity detection and reporting for publicly traded institutions, and the state of Colorado passing legislation requiring credit unions to report data breaches within 30 days, there seems to be increasing regulatory oversight and scrutiny around cybersecurity for banks. It’s no surprise that this was the top risk concern for 83% of respondents.
Most of the cybersecurity risk for banks comes from application security. The more reliant banks become on technology, the greater the chance for a security breach. Adding to this, hackers continue to refine their techniques and skills, so banks need to be continually updating and improving their cybersecurity skills. This expectation falls to the bank Board, but the way bank boards oversee their cybersecurity continues to vary, with 27% opting for a risk committee, 25% electing a technology committee, and 19% using an audit committee. Only 8% of respondents reported their Board has a board-level cybersecurity committee, and 20% address cybersecurity as a full Board rather than delegating it to a committee.
Compliance & Regtech
Utilizing technological tools—known as regtech—to meet compliance standards has been another recurring theme in the previous year’s risk reports. Due to continually changing requirements, this is a big stress area for banks. The previous report indicated that survey respondents saw increased expenses around regtech. This year, when asked which barriers they encountered around regtech, 47% responded they were unable to identify the right solutions for their organizations. Executives looking to decrease costs may want to consider whether deploying technology could allow for fewer personnel. When this technology is properly used, manual work decreases and more automation can occur.
Other compliance concerns for this year’s report included the Bank Secrecy Act/anti-money laundering (BSA/AML) rules. 71% indicated they implemented or plan to implement more innovative technology in 2019 to better comply with BSA/AML rules.
Compliance with the Current Expected Credit Loss (CECL) standards was another area of concern. 42% of respondents indicated their bank was prepared to comply with the standards, and 56% replied they would be prepared when the standard took place for their bank.
Interest Rate & Credit Risk
Media speculation around a potential interest rate rise makes this a new key issue for the 2019 report. When asked how an interest rate increase of more than one point would affect their banks’ ability to attract and retain deposits, 47% of respondents indicated they would lose some deposits, but their bank wouldn’t be significantly affected. 30% indicated a rise would have no impact on their ability to compete for deposits.
However, 55% believed a severe economic downturn would have a moderate impact on their banks’ capital. In the event of such a downturn, deposits and lending slow, and banks incur more write-offs, which could impact capital. This fluctuation can be easy to dismiss, but careful planning may help reduce this risk.
We’re Here to Help
For more information about the risks your financial institution may be facing and how you can help prepare your bank, contact your Moss Adams professional.