The changing face of risk and governance

What does the banking board of the future look like? That's a pressing question today among banks, their leaders and supervisors, as headwinds of change rewrite the rules for success in the global banking industry.

The rise of data, robotics and artificial intelligence (AI). Bold challenges from fintechs and beyond. Evolving customer expectations. Unprecedented cyber risk and privacy concerns. The digital era is indeed redefining global banking and challenging the role of boards with bewildering speed and unprecedented scope.

Banks and their boards are also feeling the pressure of increased supervisory scrutiny and new requirements that focus on enhanced risk-management and governance skills, board composition and diversity, and clearly defined board responsibilities in the interconnected digital economy. Supervisors in various jurisdictions are prompting banks and their boards to take a critical look in the mirror — voluntarily or otherwise.

Supervisory initiatives in Europe and Australia, for example, are instructive for what they reveal about emerging concerns for what the banking board of the future should look like.

And we expect banks and supervisors in other global geographies to maintain a close watch on what’s happening there and beyond.

“High and specific expectations” for banking boards

Europe’s banks are facing an array of supervisory requirements concerning the skills of board members and their responsibilities. The European Central Bank’s (ECB’s) 2016 SSM supervisory statement on governance and risk appetite articulates specific requirements concerning the expected skills of banking board members. The ECB is also requiring clearer separation between first and second line of defense, addressing lending activities and risk control.

The ECB’s SSM supervisory statement notes that today’s banks “face economic, financial, competitive and regulatory headwinds” demanding heightened focus on “sound governance and riskmanagement practices within a clearly articulated risk-appetite framework.”

The report also stresses the SSM’s “high and specific expectations” regarding banking boards, including their need to challenge, approve and oversee management’s strategic objectives, governance and corporate culture.

The ECB has also reviewed its approach to its 'fit and proper' assessments — used to appraise board members’ experience and overall suitability — and has moved authorizations into a newly created Directorate General.

Our view is that while economic forces and disruptive technologies, as noted earlier, are exerting their own pressures for boards to evolve, the greater impact in Europe may come from the supervisory side.

This seems clear given banks’ lacking underinvestment to date in IT and risk data systems, low profitability plus the fact that banking boards have an important role for the establishment of the EU Banking Union and Capital Market Union, two key initiatives to support Europe’s single market. But it remains to be seen if banks will make progress in line with the requirements to establish the EU Banking Union and Capital Market Union.

Supervisors want greater focus on non-financial risk

Australia’s banks, meanwhile, are encountering close scrutiny from that nation’s Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. The ongoing inquiry has a spotlight firmly trained on boards and governance practices. The commission is raising questions concerning the need for boards to:

  • set a highly visible 'tone from the top' on culture;
  • address board skills, expertise and diversity;
  • remain sufficiently engaged on dealings with regulators;
  • determine accountability and expectations on corporate misconduct;
  • provide greater oversight of operational detail and non-financial risk;
  • gain insights into `knowing what they don't know' on non-financial risk for enhanced governance oversight.

The Royal Commission is generating much public dialogue concerning unethical practices, complacency, poor accountability and disregard for regulators within the sector. The inquiry has not concluded but its impact on the industry is expected to be significant.

The Royal Commission comes in the wake of the Australian Prudential Regulation Authority (APRA) inquiry into the Commonwealth Bank of Australia (CBA). The inquiry highlighted challenges with governance, accountability and culture that had likely contributed to a series of issues and incidents at the bank. Many of the themes identified in the report are not exclusive to CBA, and the rest of the Australian financial services industry has been through a period of introspection to understand where they too may need to raise risk management standards.

The increased expectations on the board, recalibration and improvement in the lines of defense, enhancing nonfinancial risk reporting and the impact of remuneration on risk management are some of the areas that most organizations will need to address in the near future.

Preparing bank boards for 21st-century challenges

As supervisory, technological and economic forces combine to exert new pressures on banking boards to evolve, more supervisory directives and initiatives can be expected. It remains to be seen how far — or quickly — banks around the world will move to modernize their boards for the digital economy — or if they will wait until supervisors lead the way on driving change.

Our view is that banks should waste little time implementing real change in their boardrooms to meet emerging challenges in the fast-evolving and increasingly complex global environment in which they operate — as supervisors in the EU and Australia are making abundantly clear. Ultimately, boards judged to be falling short of supervisory requirements could face compulsory changes to their composition. We have already seen examples of this in Spain, Germany, Italy and Finland.It is increasingly vital for banks to do all they can to build boards that will deliver future success. Doing so will require boards to possess the following key capabilities. They will:

  • Include informed and highly proactive board members who have a clear understanding of emerging risks and issues that transcend financial factors to include the non-financial spectrum.
  • Be equipped to consistently address all of todays — and tomorrows — risks, including: cybersecurity, automation, data privacy, compliance, legal issues, customer service, integrity and reputation, and the quality of new products and services.
  • Be prepared to address strategy and related risks that come with the interconnected ecosystem of new partnerships and alliances today's banks are forming to deliver innovative services to customers. Board members will need the acumen to understand these challenges — and to deliver the insights and skills needed to effectively manage them.
  • Enhance board diversity as it relates to gender but also to age, skill set and digital acumen. Increased diversity can help to challenge traditional assumptions/attitudes, 'group think' and any reluctance to deal with difficult or less-understandable issues in the digital economy.
  • Include board members with non-industry experience who can bring valuable new insights to issues and risks amid the changing operating environment, including the impact of digitization in areas such as data analysis, customer experience, product development and external communications. Non-industry members can contribute to boards' collective knowledge, competencies and experience while also challenging traditional approaches.
  • Create and sustain modern cultures and values for their organizations. Tomorrow's boards will ideally promote a healthy 'discussion culture' within the organization, one that provide opportunities to challenge risk decisions from diverse management perspectives.

Amid the headwinds of change, some innovative new initiatives are already emerging. We are seeing more multi-day training sessions and 'bootcamps' aimed at heightening the acumen board members possess on technology, governance and regulation, risk management, ethics, culture and beyond. More change initiatives are sure to follow. While the watchword for boards has traditionally been oversight, the future of boards will inevitably require an informed new focus on oversight and insight.


European Central Bank: SSM supervisory statement on governance and risk appetite, June 2016. (PDF 457 KB)

Interim Report - Royal Commission into Misconduct in the Banking, Superannuation into Misconduct in the Banking, Superannuation and Financial Services Industry, 28 Sept. 2018.

Final Report of the Prudential Inquiry into the Commonwealth Bank of Australia (CBA), 28 August 2017.

Connect with us