Accounting for risks is no easy task

Accounting for risks is no easy task

Few industries have as longstanding a relationship with risk as financial services, but today the banking sector is exposed to risks far beyond that of lenders failing to pay up

Sponsored Article

16th October, 2021

Banks have been at the forefront of risk even before cyber threats, notably lending risk. Arguably, this has provided insights that can today be applied to other areas, including cyber security.

Indeed, lending risk itself has been around for as long as finance has existed, said Jacob Koshy, chief finance officer at global change and transformation consultancy CubeMatch.

“The first document on risk is 3,700 years old, from Babylon. It's a stone pillar, and part of it is things like risks on loans,” he said.

“Similarly, if you go to the Bible, in II Kings, Elijah shows the importance of debt and repaying debt. Lending has been around for a long time,” he said.

More recently, modern banking, more or less founded in the 18th century as government enterprises expanded risk exposure, and with it, reward.

“Back in the 1930s they were fairly stable organisations and had the 3-6-3 rule: borrow at 3 per cent, lend at 6 per cent, and get onto the golf course at 3pm, but banks started moving into new areas with the business market exploding in the 1980s,” he said.

By then, operational risk had become a major issue, with the collapse of Barings Bank being a fine example. Today, even greater risks exist, including fraud, money laundering and funding of terrorism, all of which have driven expansions in know-your-customer regulations.

The 2008 financial crisis, however, demonstrated that risk exists on books and yet can sometimes go unseen.

“Banks have gone through a lot: a whole shift from financial to non-financial risk, including fraud and operational risk, and today we have technology risk, cyber, Covid, and we're all doing remote banking. There's also the whole outsourcing side of things,” said Koshy.

Cyber risk typically falls under the rubric of fraud, and recent events from the hacking of the Health Service Executive to oil and gas pipelines have demonstrated it is a real problem.

Banks, however, are more aware of it than most, Koshy said, as they have been under threat from day one.

“It’s a different kind of ransoming and kidnapping, but it's what banks always had to go through, except now it is done electrically.”

Working with banking and financial services clients, CubeMatch runs the gamut of risk exposure, helping to develop analyses and responses that manage and make sense of it.

“Most of our work has been, in the past, things like credit risk and a lot of drivers have been regulatory. But banks have to go beyond that. Regulatory standards are the minimum that you have to do. Typically, banks have to decide on their own risk models, looking at things like capital and liquidity.”

The 2008 financial crisis, however, demonstrated that risk exists on books and yet can sometimes go unseen. This can mean making complex projections.

“If you have a lot of money in the oil industry, for instance, and the price of oil drops dramatically, what does that mean for you? You can't ignore geopolitics either: what happens if you have money in a country and things change,” Koshy said.

Indeed, this is something we have seen in recent years, with the Brexit process creating new forms of risk.

CubeMatch brings its understanding of risk to board level, presenting real figures and possible scenarios in order to define acceptable risk exposure.

“They come to us because we've read the book, seen the movie, bought the T-shirt. We constantly skill ourselves up in this area,” said Koshy.

Today, risk is so wide that it is no longer possible to have a single risk officer who looks at everything from liquidity to the locks on the safe. Instead, specialists, including external consultants such as CubeMatch, look at areas such as credit risk, market risk, operational risk and more, reporting back to the chief risk officer.

“Cyber crime is technically under operational risk: you need to be able to run the bank and the threat of being defrauded electronically is certainly there. How you calculate that risk requires real granularity,” said Koshy.

Understanding risk can mean unlocking rewards, however. There is nothing wrong with a bank saying “We’re going to go into this market because it's the best thing for shareholders”, but the chief risk officer must be well-informed enough to demonstrate where the risks lie.

“If you understand risk, that then allows you to logically decide if you want to take the risk, because the way of looking at risk is traditionally in terms of risk and return,” said Koshy.

Share this post

Related Stories

Cash losing out to digital payments

Vision Contracting’s commitment to health and safety acknowledged

A food awakening: shopping online for groceries is here to stay

O’Reilly group grows from strength to strength