Industries from insurance to banking and from manufacturing to hedge funds are under growing pressure to manage threats. The complexity of today’s risk environment means more companies are conducting risk management at board level.
Having to navigate these regulatory and geo-political uncertainties mean greater expertise is needed, according to José Morago, chairman of the Institute of Risk Management. “This change must start with the board and senior management,” he says.
A PwC survey of 2,000 business executives and risk managers last year found that risks are rising across industries, with 75% reporting increased risks to their business.
Appetite for full-time managers to ease the burden of risk is increasing, say experts.
A study by the Federation of European Risk Management Associations last year found that roughly 80% of listed and non-listed European companies employ full-time risk and insurance managers.
“There has been a great demand for risk professionals over the last few years, with the introduction of further risk metrics and oversight,” says Dr Konstantina Kappou, program director for the MSc Financial Risk Management at Henley Business School, driven mostly by regulation post-financial-crisis.
Executives are particularly concerned about technological change and related IT risks, increasing regulatory complexity, and rapidly changing consumer needs.
Globalization has also added to the vulnerability of the international supply chain, while insurance to mitigate risk is increasingly sparse.
Organizations across industries are undertaking dramatic business transformations, altering their strategies for dealing with risks, according to Dean Simone, leader of PwC’s US risk assurance practice.
He says this transformation is opening capability gaps in risk management, particularly around data management, business strategy and technology.
There is growing appetite to hire not only risk professionals but chief risk officers – positions which are now commonplace in financial institutions, according to Edward T Hida, global leader for risk and capital management at Deloitte.
The percentage of companies with a CRO was at 89% in 2013, up from 65% in 2002, according to a Deloitte survey of 86 financial institutions which had aggregate assets of more than $18 trillion.
The newest trend is to have risk committees within boards of directors, say experts, which are independent of audit committees. They must not only control risk management but also think about strategic risk, such as in M&A activity.
For banks in particular, the global financial crisis led to dramatic and ongoing changes in risk management. The passage of the Dodd-Frank bill in the US, and the issuance of the global Basel III regulatory framework, have shaken up requirements for financial players.
“With the increase of regulatory requirements, companies have had to strengthen their risk teams and departments,” says Marie Kratz, director of the CREAR Risk Research Centre at ESSEC Business School.
She says that as social pressure has increased for risk management, banks have had to hire more managers.
This trend will be compounded by the recent European Central Bank review of banks’ risk-weighted assets, and the Federal Reserve’s Comprehensive Capital Analysis and Review, as well as the ongoing public debate about capital ratios.
“We are living in a more and more complex world, so we need more and more risk analysts,” says Marie.
One recruiter notes that a big global bank posted numerous jobs for risk managers following round two of the Fed’s recent “stress tests”, in which Deutsche Bank and Santander were found to have serious deficiencies in risk management.
Where banks are also under fire is around the security of their digital channels. The concept of stealing money from a bank used to exude armed robbers breaking into volts – but modern theft is gradually more of customer data.
Banks are increasingly exposed by the boom in digital banking, with 18.6 million mobile app uses a week on average in 2013, according to figures from the British Bankers’ Association, more than double the amount the year before.
High-profile hacks have provoked fears, such as the attack on JPMorgan last year that compromised the account information of several million businesses, and in other sectors including on eBay, Yahoo and US retailer Target.
“The multiple threats of computer crime have enormous consequences – not only financial and reputational but [they] also can harm a nation’s security,” says Dr Konstantina at Henley.
It is widely believed that cyber security is on high on boards’ to-do lists, and is moving rapidly up their agendas. Large lenders also face challenges in updating their antiquated IT structures.
Corporations and governments are investing heavily in resources to design and develop their security systems, according to Dr Konstantina, and this is now another area of risk assessment.
Royal Bank of Scotland, for instance, recently unveiled “Touch ID” – which allows people to sign into their mobile banking app using their fingerprint.
It is clear that threat of technology is opening up careers at big banks, but also at smaller consultancies and boutiques which have been growing as their client bases develop, says Paul Schoonenberg, head of MBA careers at Aston Business School.
Risk management within a financial institution is now seen as a core skill, he says.
Management consultancy firms that service this area, such as Cognizant, also offer career opportunity, according to Jennifer Windus, senior career consultant at GWU School of Business. “Consulting in IT is a growing field,” she adds.
Elsewhere, today’s astonishingly complex supply chain structures have needed greater risk management. Supply chains are more global, more dynamic and riskier than ever before.
Recent natural disasters that affected companies including car makers Ford and Honda have also pushed businesses to examine risks beyond their “first-tier” suppliers.
“Managing exposure to supply chain risk – whether that be through geographical, political, market or credit considerations – is ever more important,” says Paul at Aston.
He adds that other areas such as counterparty risk, whereby businesses seek to manage the credit risk of their own counterparties, has seen “substantial growth”, while there is more buoyant activity in the trade finance market from the likes of HSBC.
Citi, for example, offers a supply chain financing platform through which companies can ensure that their vendors can continually access liquidity in difficult economic times.
Brokers are also keen to advertise products that cover non-property disruption such as strikes and health crises.
Where risk management is sparser in the financial sector is in insurance. After the crisis and subsequent scandals, insurance companies have grown nervous about providing important types of cover to big banks.
Banks are finding it more difficult to buy cover for operational risks and professional indemnity insurance, which covers companies for legal costs when a client claims it has suffered because of mistakes or negligence.
Premiums for other, larger areas, such as natural catastrophe reinsurance, are also at their lowest levels in a decade.
Nonetheless, MBA recruitment in the reinsurance industry remains strong, according to Marie from ESSEC.
She says that actuaries used to work mainly for reinsurance firms, but they are now found more widely in financial institutions in general. “They are recognized nowadays as experts on risk,” she adds.
Risk management is increasingly a focus for executives across industries, but some experts warn that there has been a knee jerk reaction in response to regulation, with too many recruits now causing friction.
Dr Konstantina at Henley says that too many people have been hired too quickly without necessarily fitting in or having an understanding of the nuances of the businesses they enter.
“It is far better to build risk managers into the corporation at an early stage, which helps to drive business, rather than [as] add-ons at a later date,” she says.