These are the biggest non-financial risks for banks

In the uncertain economic and geopolitical environment, the importance of non-financial risks (NFR) is increasing for banks. The increased automation and digitalisation processes in the financial sector increase the complexity for NFR risk management. In the benchmark study "Non-Financial Risk 2022", we examine the relevance that the largest German banks attach to the various risks and how the financial institutions are meeting the challenges.

Many banks currently consider business risk to be particularly high, while reputational risk, i.e. damage to reputation, and cyber risk are also considered to be very relevant. Striking, but not surprising in view of the increasing regulatory requirements: the importance of ESG and climate-related risks is increasing significantly. Every third respondent now considers this risk or these risk drivers to be high.

If individual risk types are integrated into the overarching NFR management, hazards can be made holistically transparent and monitored. The study shows that banks can still leverage a lot of potential for consistent and efficient NFR risk management - many risk types in the NFR context are not yet sufficiently integrated.

In three out of four financial institutions surveyed, an organisational unit for NFR controlling has already been established. The study proves the scope of the establishment and shows a remarkable discrepancy: Only at institutions with an installed NFR organisational unit are the various risks predominantly well integrated into the management. The clear responsibility thus ensures structured monitoring and efficient control.

Holistic NFR management is still largely new. According to the study, the interlinking of different risk frameworks plays an important role in the further development. ESG and climate-related risks are also a focus. However, data availability and quality, among other things, pose difficulties. In addition, minimum reporting requirements are sometimes missing when NFR reporting is implemented.

There are currently no preferred IT providers or systems for holistic NFR management. Instead, individual solutions dominate. Because no standard exists, several IT systems are often combined. Meanwhile, technical in-house developments present banks with challenges in the areas of data protection, resilience and supervisory law when it comes to setting up and maintaining them. 

You can download the study here:

Video: Markus Quick about the Non-financial risk study 2022