Banks continue to meet the unprecedented challenges of the COVID-19 pandemic and geopolitical cyberthreats. The industry was also affected by growing public awareness of environment, social, and governance (ESG) issues.
With the current landscape posing evolving risks for banking institutions, Moss Adams collaborated with Bank Director to conduct the 2022 Risk Survey and explore what areas are front of mind for bank industry leaders.
Top insights from the 2022 survey follow.
Cybersecurity and interest rate risks pose increasing concerns for the vast majority of survey respondents, and they expect these challenges to continue to evolve in the second half of the year due to turbulent economic and geopolitical conditions.
The survey also identified that banks increasingly focus on issues related to compliance and regulatory risks.
Enhanced Cybersecurity Oversight
Concerns about cybersecurity topped the survey responses, with 93% of respondents stating that the need for increased cybersecurity grew, significantly or somewhat.
Bank leaders submitted survey responses in January, prior to heightened federal government warnings of increased Russian cyberattacks. Banks’ concerns will likely continue to increase as a result.
Data Breach Rates and Precautions
While only 5% of respondents reported experiencing a data breach or ransomware attack in years 2020–2021, 65% reported data breaches at their bank’s vendors. 60% stated they updated third-party vendor management policies, processes, or risk oversight in response.
As a critical US industry, banks follow stringent regulatory requirements for data security. The Federal Financial Institutions Examination Council (FFIEC) cybersecurity assessment tool provides a maturity model for banks to assess their cybersecurity maturity as baseline, evolving, intermediate, advanced, or innovative.
Of the 80% of respondents who completed cybersecurity assessments using the FFIEC tool, 19% used additional methods. And 85% of respondents said that the maturity of their bank’s cybersecurity program increased in 2021, compared to previous assessments.
Room for Improvement
Banks noted several areas of improvement for their cybersecurity programs, including:
- 83%—training for bank staff (68% of respondents reported having goals and objectives around employee development)
- 64%—technology to better detect and deter cyberthreats and intrusions
- 43%—internal controls
Bank’s investments in cybersecurity programs remained flat from the 2021 survey, with a median budget of $200,000.
As cybersecurity risks increase moving forward, banks should focus on appropriate investment and comprehensive planning for staff training, technology, and governance. To bolster board oversight and potential investment in cybersecurity programs, respondents noted board-level training (79%), board oversight of management’s improvements in their cybersecurity programs (75%), and board understanding and awareness of any deficiencies in the bank’s cybersecurity program (71%).
Interest Rate Risk Concerns
The prospect of rising interest rates fueled anxiety for our respondents, with 71% of respondents noting increased concern. As the Federal Reserve combats higher inflation by hiking interest rates, 74% hoped that interest rates would be raised by no more than one point by the end of 2022—less than what’s projected.
Faced with likely rate hikes, banks are looking inward to their own business models to navigate an overall decrease in the volume of lending and pressure on profit margins.
Respondents noted shifts to their lending portfolios, increasing their focus in sectors such as commercial and industrial, commercial real estate, and construction, or with the Small Business Administration or obtaining other small business loans. Trends also suggest that banks will revisit their loan term strategies.
Banks are under increasing pressure to adopt ESG initiatives.
Although regulators haven’t imposed ESG requirements for banks, more than half of survey respondents set goals and objectives in a variety of ESG-related areas, primarily social—employee development and community topped the list—and governance. However, 53% of respondents don’t yet focus on ESG issues in a comprehensive manner.
Only 6% of investors or other company stakeholders currently look for more disclosure around ESG initiatives, with diversity, equity, and inclusion topping the list at 88%.
Banks that haven’t established ESG strategies could first identify their top priority areas. These priorities may vary for each organization and will need to consider the values of investors, customers, and local community.
We’re Here to Help
For more information about cybersecurity threats, ESG initiatives, or other concerns related to Financial Services, contact your Moss Adams professional.