Three Recommendations for Risk Management in 2016

Brian Porter | Founding Partner

The financial crisis of 2008 changed how organizations approach risk and controls. The increase in regulation is here to stay, and organizations must transform their risk programs from a crisis management approach to a sustainable and agile practice looking to the future. With 2016 quickly approaching, financial companies both large and small should be ready to not only maintain expanded internal risk management with increased budgets and hiring strategies, but also, to confront new cyber security and data integrity issues head on. Here are three things organizations should be looking to do in 2016.


A holistic approach to risk management requires a fundamental shift in the culture of an organization. It means taking risk leadership out of the “back-office” and into the forefront of companies by including executives in business decisions. The financial services community is seeing this shift in organizational culture come from the top. There is an increased focus on risk management by boards of directors. In a recent survey conducted by Deloitte which looked at 71 financial institutions and their risk management strategies, 60% of respondents said their board works to establish and embed the risk culture of the enterprise and promotes open discussion regarding risk1. Communication around risk is not only shifting internally, but technology is allowing companies to be more collaborative with outside partners by sharing intelligence on threats and response techniques.


Financial organizations are spending more on risk management and information security which includes stepping up hiring practices for key executives with expertise in risk and controls. In order to sustain risk management practices, companies need to forecast increased budgets for additional hires in order to address capacity and coverage issues. Risk methodologies will continue to be tested for consistency, therefore, firms should expect a competitive marketplace for talent in risk modeling and stress testing. Companies seeking leaders in risk management should identify executives that

use a strategy which aligns risk metrics with capital requirements. Increased budgets are not only being used for key hires, but also for conducting threat assessments, active monitoring of security intelligence and employee training and awareness programs.


Another hiring trend includes a broad adoption of the Chief Risk Officer and investing in a Chief Security Officer. Without a doubt, cyber security is one of the fastest growing threats to financial services. Leaders need to be aware of the risks associated with the exponential growth of the digital world. In 2015, 38% more digital security incidents were detected than in 2014 and intellectual property theft increased by 56%2. This rapidly growing threat is one that is sure to continue to plague financial institutions in 2016, and organizations need to invest in their ability to anticipate cyber threats to protect themselves and their customers.