The results of the 2016 EU-wide stress test were fairly encouraging overall. Most European banks have become more robust. However, risk still persists, and more broadly, many people unfortunately continue to have little confidence in banks. In 2016 for the first time, the test included risks arising from the misconduct of employees – known as operational risk. It’s another step to more comprehensively understand risks in the banking industry. At a time of stress, the European Banking Authority puts the potential cost at EUR 71 billion for operational risk at the tested banks.
Since the financial crisis, the world's leading banks have already paid out hundreds of billions of euros in litigation, penalties and settlements. Yet litigation costs are only a symptom. What’s crucial are the root causes: weak systems and controls, inadequate processes and poor conduct by employees. It is imperative for risk management, as a priority, to address all three in addition to traditional financial risk management. We made significant progress in this respect, but we must continue on this path.
First, we have to recognise that operational risk comes in many guises and exists across a greater span of businesses, making it more challenging to identify, monitor and mitigate than it is the case with traditional financial risks such as credit, market and liquidity risks.
Second, we must re-engineer processes, meaning we have to upgrade systems and add further controls. Every employee has a part to play. Deutsche Bank's 'three lines of defence' structure, for example, defines and delineates the different roles played by businesses, independent control functions and Group Audit. This is not possible without making investments to closer align risk management more closely with the customer business.
Third, cultural change can no longer be an aspiration – it must be lived in everyday behaviour. We must set standards and define risk tolerances. Performance metrics must be measured inclusive of all risk, whether traditional financial or other types such as the risk of misconduct.
The new era can be summed up simply: every employee must be a risk manager. If we succeed, we will do more than strengthen Europe's banks. We will also restore trust and credibility in the banking industry and people will once again have more confidence in banks.
© Handelsblatt GmbH