Nonfinancial Risk (NFR), whether related to compliance failures, misconduct, technology, or operational challenges, presents a massive downside for today's banks.
In Nonfinancial risk: A growing challenge for the bank by global research firm McKinsey & Company, the focus is on Nonfinancial Risk (NFR) and its escalating relation to threats against banking compliance, reputation and safety of Personally Identifiable Information (PII), with a cautious look at the compliance failures, misconduct, technology, and operational challenges facing financial institutions today.
According to McKinsey, the following NFR concerns and trends are reality.
- Between 2008 and 2012, the top ten banks globally lost close to $200 billion through litigation, compensation claims, and operational mishaps. At least 17 incidents racked up losses of more than $1 billion each; another 65 incidents each resulted in losses above $100 million.
- The direct financial consequences of NFR include reputational damage which can hit a bank at a time when customers, shareholders, and public stakeholders are questioning banking business models.
- There are also the personal consequences for senior managers, whom regulators increasingly hold accountable for misconduct or failure to comply with laws and regulations. All of this, and the prospect of still tighter regulation, puts considerable pressure on banks to manage NFR better.
- Despite recent improvements, many bank boards do not routinely consider NFR management, engaging only in some risk management firefighting when risk controls fail.
- Overall, many institutions do seek a more integrated NFR-management approach in order to reduce the risk of future failures, as well as meet stakeholder expectations and actively limit costs.
How are banks managing NFR right now?
According to McKinsey, in line with regulatory expectations, banks are building a governance model with three lines of defense. The first line owns and manages risks, the second line sets control standards and monitors adherence to them, and the third line checks on the adequacy of the first two lines. In addition, McKinsey reports, banks have broadened their definition of the second line beyond the risk and compliance functions to include areas such as legal, HR, finance, and tax.
Looking toward solutions and more cautious approaches in managing NFR, McKinsey advocates banks and financial institutions should establish a set of quantitative risk indicators that can be monitored to ensure the bank's tolerance of risk is not breached. Additionally, McKinsey cautions banks keep records of major incidents and near misses and analyze these records to avoid similar threats and incidents with special attention to scenario analysis and risk prevention planning.
Personally Identifiable Information Warnings
The proliferation of mobile devices and shifting preferences among demographic groups mean that banking customers expect more real-time, cross-channel capabilities than ever before. While physical distribution will still be relevant, it will be far less critical in the world of banking customer service and support.
The days of banking being dominated by physical distribution are rapidly coming to an end - resulting in the rise of PII in a growing volume of banking engagements and services today. PII consists of key information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records and more, including, but not limited to, an individual's photographic image, fingerprints, handwriting, retina scans, voice signature, facial geometry, taxpayer identification number, passport information and credit card numbers.
A breach of customer information could result in a bank's loss of public trust, legal liability and significant cost to remedy damages. While it is best practice for banks of all sizes to limit the use, collection, and retention of PII to only what is absolutely required for customer service purposes, the volume of PII is increasing as more and more customers leverage the flexibility of online banking and mobile payment scenarios.