Climate is the biggest emerging risk for Europe’s banks over a five-year period – EY study. Cybersecurity is the primary concern for Chief Risk Officers on near-term.

For the second consecutive year, the EY and Institute of International Finance (IIF) Bank Risk Management Survey finds that cybersecurity is the top concern for European banking Chief Risk Officers (CROs).

„The survey, which uses sentiment data from 17 large European banks, finds that 82% of European CROs rank cybersecurity risk as the biggest threat to their business over the next 12 months (relative to 73% globally), and 71% believe cyber warfare between nation-states is becoming an increasingly real threat.” according to the press release.

The challenging geopolitical environment is also leading to European banking CROs voicing concerns about global sanctions and operational resilience, and 82% of respondents believe geopolitical risks will increase this year.

Omar Ali, EY EMEIA Financial Services Managing Partner, comments: “Europe’s banks continue to operate in an environment in flux. Geopolitical tensions, anticipation of election outcomes, continued war in Europe and increasing unrest in the Middle East are adding volatility to an already challenging economic environment, where inflationary pressures remain and interest rates have not yet started falling. It is unsurprising therefore that so many CROs are calling out cyber as the biggest risk again this year, and that with heightened threat levels as standard, it is an ongoing agenda item for boards. The best defense against cyber risk is increasing operational resilience on an ongoing basis. The EU’s Digital Operational Resilience Act (DORA) is driving significant activity here, helping firms to mitigate disruption, keep pace with increasingly complex risks, and instill greater internal stability and security.”

Data guru: protecting and providing strategic guidance around the bank’s biggest asset

Data is critical to every part of the business, as CROs recognize. High-quality and highly secure data is necessary to manage through increasing regulatory requirements and to unlock business growth through increased customer insights. CROs have as much responsibility as anyone to secure these critical assets, especially as they move among partners and ecosystems.

The key is to provide strong protections while also supporting the ability of the business to use data fluidly and intelligently (e.g., via personalized customer experiences). The good news: a strong majority of CROs – 71% – say their banks are actively enhancing their data capabilities and frameworks.

Climate is the biggest emerging risk for Europe’s banks

When asked about material risks over a five-year period, almost three quarters (76%) of European banking CROs believe climate risk presents the biggest emerging threat to operations, relative to 56% globally. While still a top-five issue, a smaller 53% of respondents say they have concerns about AI and machine learning risks and 47% about IT legacy systems risks.

European banking CROs consider climate change to present such a level of risk that over half (59%) of respondents believe it requires the direct attention of the board.

Nigel Moden, EY EMEIA Banking and Capital Markets Leader, comments: “Climate risk is high on the agenda of every European banking CRO, and has the attention of both boardrooms and regulators. The perception of heightened climate risk is only going to increase as the impacts on the environment become increasingly visible.

“European banks are committed to net zero transition journeys, leading to more innovative ESG-linked products like carbon trading platforms. While many are making progress to meet key sustainable finance commitments, we are still some way from the finish line and banks must continue to take action.”

Martin Boer, Senior Director, Regulatory Affairs at the IIF, said: „We’re seeing a paradigm shift where interconnected risks have become endemic to the banking sector – as it has in nearly every industry. This change calls for a holistic, proactive and resilient approach in risk management, adapting to ongoing challenges in cybersecurity, credit, and environmental risks amid increasing global uncertainties.”

_____________

About the survey

The global EY organization, in conjunction with the IIF, surveyed IIF member firms and other banks in each region globally (including a small number of material subsidiaries that are top-five banks in their home countries) from June 2023 through October 2023.

Participating banks’ CROs or other senior risk executives were interviewed, completed a survey, or both. In total, 85 financial institutions across 30 countries participated. Participating banks were fairly diverse in terms of asset size, geographic reach and type of bank. Regionally, those banks were headquartered in Asia-Pacific (14%), Europe (20%), Latin America (14%), Middle East and Africa (18%) and North America (34%). Of those, 12% are globally systemically important banks (G-SIBs).