The banking industry is experiencing systemic change from all sides—volatile markets, increasing dependence and influence of technology and both shifting consumer and corporate banking demands – and it feels like any moment there could be another shoe that drops.

There’s also heightened awareness and scrutiny around risk and whether organizations are equipped to protect their systems and customers. To see the impact of this intersection of technology and risk management on risk governance in banking, West Monroe conducted a survey of 200 bank executives in to gauge strengths, obstacles and ongoing challenges. 

The results from Q1 2023 showed common pain points and highlighted areas of improvement in having a truly nimble, digital operating model that mitigates and resolves risks leveraging the right controls by having the right people, processes and technologies in place. 

Challenges from legacy systems are just one piece of the puzzle. Only 53% of respondents feel that their program management is strategic and nimble enough to adopt risk-related improvements, leaving room for many to differentiate and add value through technology risk management as it becomes table stakes for banks. 

The survey showed that navigating a world where banking and technology are increasingly interdependent is difficult when there are legacy systems in place that may not be able to hold up against today’s challenges and regulatory shifts. The survey’s findings confirm the belief that banks need to continuously improve their technology to avoid lagging behind competitors.

The top technology challenges banks identified were:

• Improving security and compliance to meet regulatory expectations
• Managing the organization’s architecture, (including maintaining legacy systems)
• Balancing security, compliance and technology developments

These challenges are bigger sticking points that often chip away on time and budget. Only one-in-three banks are widely using proactive measures and best-in-class tools to manage risk, highlighting an increasing need to shift away from a reactive approach. 

It’s no secret that banks need to shift how they address technology security, compliance and risk management: 92% of respondents said their organization places a high priority on enhancing this, noting it’s a frequent topic of conversation during C-suite and board-level discussions. But companies are slower to act than they should be—which ultimately hampers streamlining efforts. Teams are left addressing issues and framework gaps, unable to focus on the priorities that will help achieve desired business outcomes and reduce costs. Further, banks with $50-200 billion and $200B-1 trillion in assets are still finding their stride in implementing automation and best-in class tools to manage risk, whereas large organizations ($1 trillion+) are widely using these in day-to-day operations. 

The top roadblock to getting new products to market is control applicability and rationalization to adhere to security and compliance, with 60% of respondents finding this their greatest hurdle.

Banks identified that they all also face at least one of the following challenges: 

• Teams do not cross collaborate well to quickly make decisions and approve changes
• We struggle to understand and identify the applicability of controls
• Control environment cannot be clearly defined

This is echoed when respondents identified their greatest opportunities for improvement within risk management functions: enhanced design, implementation and oversight of security, compliance and risk management controls.

When it comes to roadblocks to implementation, there was a clear differentiator among mid-size banks ($200 billion to $1 trillion): 90% of respondents in this category indicated their top roadblock was not having the right controls in place to achieve their desired speed to market for updates, implementations and/or new products. This is much higher than the 64% of smaller banks ($50-200 billion) and 50% of larger banks ($1 trillion+). Instead, the top roadblock for larger banks was a lack of in-house expertise to quickly address security, compliance and risk concerns surrounding a speedier go-to-market pace.

A deeper dive into the survey results can be found here. But the bottom line? Banks need to bridge the gap between effective controls, having the right knowledge embedded in the right places and developing sustainable compliance frameworks. These steps will be necessary in order to reduce time spent on resolving issues, streamlining processes and implementing a proactive risk management approach without sacrificing go-to-market speed and revenue returns.