Proactive Risk Management Will Help Banks Protect Consumer Trust in Current Economic Market

By Gaurav Kapoor, Co-CEO and Co-founder, MetricStream

Banking is one of the most heavily regulated industries, with some of the most detailed and prolific standards compared to other industries.

Though the financial sector is highly regulated, banks can't rest on knowing that regulatory standards will protect them from risk events. Banking and financial services firms need to continuously reevaluate and update their risk practices to stay ahead of not just risks and threats but also the changes that come with a shifting economic landscape. This is especially true today as banking technology proliferates and improves, opening banks to more third-party risks. The importance of connected GRC is also paramount, ensuring that regulatory compliance and risk management efforts are seamlessly integrated and agile.

Trust is crucial for banks in the current market

Rising interest rates have a deep-reaching impact on banks that goes beyond controlling the flow of cash. The current economic landscape has created more competition for bank deposits. With interest rates at 20-year highs, for the first time since before the great financial crisis, consumers are putting more thought into where they keep their money.

In a world of new fintech solutions, digital banks can offer higher and higher rates on deposits as they compete for market share. Today, consumers can get returns in a money market fund for 4.5% return or via an online bank high-yield savings account for even more. Given their capital structure and regulatory burden, traditional banks can't compete with that return on savings yields. As a result, banks in the current market compete for consumer deposits when consumers can get a greater return elsewhere.

Banks’ adherence to regulations, risk policies, and cybersecurity practices are now a core differentiator when consumers decide on a safe place to keep their money and investors decide to invest. What traditional banks – both large global brands and mid-tier banks – can offer consumers that fintech and other digital-first financial firms cannot is a surety that their money is safe and backed by regulations with cybercrime at an all-time high; risk-averse consumers will desire the implicit safety of banking with an established global brand.

Preventative measures: How banks should already be managing risk

The problem for banks remains that cyber risks remain a top threat. Banking leaders should not be surprised by this guidance at this point – leaders have stressed the threats to banks for years. Even at the start of this year, a global survey by EY and the Institute of International Finance (IIF) named cybersecurity the number one threat to banks amid global volatility and uncertainty.

To keep their customers’ investments safe from risk and remain compliant, banks should already be taking steps to bolster their risk position, including:

• Managing interconnected risks by looking at financial and operational risk, third-party and cyber risks together
• Using superior technologies like AI-based threat and vulnerability scanning to ensure risk intelligence is more ‘Cognitive’
• Automating control monitoring with continuous control monitoring technologies to make it more ‘Continuous’
• Going for complete protection and monitoring by combining cybersecurity with cyber risk management
• Layering ‘human intelligence’ on top of systems and data intelligence by aggregating inputs from the frontline and leveraging the true power of ‘Cloud’

It’s not enough for a bank to put a cybersecurity infrastructure with regular risk assessments in place – although it’s a crucial first step many banks globally still need to take. Even in highly regulated industries like banking, larger organizations need a more robust approach to assess risk impact on their organization, extended enterprises, and customers and proactively monitor them. Cyber risks and controls must be continuously assessed to stay compliant and keep the bank safe from cyberattacks.

A proactive approach to banking risk management

Risk management gets only more complicated as the extended banking ecosystem grows with third-party service technologies. To be fair, banks have much to celebrate in embracing advanced technologies: with automated banking operations and technology-enhanced services, banking and financial services firms boost profits and grow. At the same time, banks are more dependent on vendors such as payment gateways, core banking systems, trading applications, business consultants and contractors, service providers, and other vendors for day-to-day operations and services. This opens the door for increased risk threats.

When it comes to modern cyberattacks, unfortunately, it's not a matter of "if" but a matter of "when" a breach will happen. To maintain consumer and investor trust, banks need to move beyond the preventative and defensive tactics of risk management and take a proactive approach to GRC.

Because institutional trust is so important for banking customers, strengthening operational resilience is key. When an attack inevitably happens, resilience strategies ensure financial institutions can react and respond to threats quickly, securing consumer data and investments while minimizing potential reputational damage to the bank’s brand.

Risk is inherent to any business. If banks want to achieve resilience, they need to understand and weigh just how much risk they can tolerate in different scenarios and how much damage would be done if that happened. This is why quantifying risks and measuring practical risk tolerance are GRC guidance priorities for banks. Leaders, boards, and partners also appreciate measuring risk this way: CISOs recruit organization-wide advocacy when it’s clear exactly how bad – or how many dollars bad – a certain risk could impact the organization.

They also need to take all aspects of GRC into consideration for a connected approach. As we saw in the aftermath of the SVB crisis, every risk is connected in the banking industry. Disruption anywhere on the transaction chain has the potential to create a domino effect and send ripples down the market. By treating risk disciplines such as operational, financial, cyber, and compliance risks as interconnected entities, banks can close the gaps and inefficiencies that could threaten an organization if managed separately. AI is another area of concern for risk management: applying AI solutions to banking industry problems is expanding what banks can do for consumers and investors, bringing disruption and growth for the industry. With growth, of course, comes a lot of new risks that banks will have to monitor and control.

Advanced and breakthrough technologies like AI/ML and NLP are both a boon and a barrier in a risk management setting. Businesses should leverage these tools for better efficiency – but remember that hackers have these tools to make cybercrime more sophisticated. This is why banks need to stay on top and constantly reevaluate regulations and adapt their risk strategies to the latest developments – technology evolves, and so does risk strategy.

Modern banking depends on reputation to uphold its value for customers and shareholders. Now more than ever, consumers have plenty of reasons to explore their options with a high-yield savings solution at a fintech or discount brokerage. At the same time, new technologies and more sophisticated cybercrimes continue to put all financial institutions broadly at risk.

All it takes is one successful attack to jeopardize the implicit safety and security consumers have with their trusted banking brands. Banks shouldn't let a crisis be why they start taking risk management seriously. The need to not only understand the connected nature of risks but also continuously re-assess risks and dedicate resources to proactive cybersecurity and risk management.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.