Skip to main content

Knowledge Hub

21 Jan 2024

Banks’ non-financial risk training slammed as ‘inadequate’

By John Crowley, BRR

Banks are “ill-equipped” to train professionals in non-financial risk, according to a global survey backed up by chief risk officers and industry experts.

Financial institutions say they are hamstrung because there is no internationally certified standard, particularly when it comes to non-financial risk, such as operational risk. 

Their opinions are underpinned by a survey by the Professional Risk Managers’ International Association. Nearly half (49%) felt there is no minimum standard for risk-related training, while Banks’ non-financial risk training slammed as ‘inadequate’ non-financial-risk-training-slammed-as-inadequate only 22% said the majority of roles have a defined training baseline.

Do risk management roles have defined standards for risk related training?

The Professional Risk Managers’ International Association survey collated training attitudes and practices from more than 90 FIs across 28 countries.

Source: The Professional Risk Managers’ International Association survey collated training attitudes and practices from more than 90 FIs across 28 countries.

PRMIA, which offers training for risk professionals, collated responses this November from more than 90 financial institutions across 28 countries, two-thirds of which were banks. Its chair, Bruce Fletcher — a former CRO at Natwest and HSBC — says: “Looking across the global banking risk sector, training for staff is inadequate.

“Broadly speaking, many FIs are currently ill-equipped to deal with the challenges posed by non-financial risk.”

One CRO at a major global bank told Banking Risk & Regulation: “It’s an oddity the banking risk profession doesn’t have a minimum global standard.”

Patchwork approach

Asked to describe their firm’s approach to professional development, 51% said individuals were primarily relied upon to source their own training and networking opportunities. Only 29% of respondents said their firm had a “holistic approach” to training and networking.

What is your firm's approach to training and networking?

Source: The Professional Risk Managers’ International Association survey collated training attitudes and practices from more than 90 FIs across 28 countries. • *A selection of survey responses only

Source: The Professional Risk Managers’ International Association survey collated training attitudes and practices from more than 90 FIs across 28 countries. • *A selection of survey responses only

The quality of training depends on which bank you work for. CROs canvassed by BRR felt risk professionals would benefit from more open conversations with regulators on training.

Dora Grant, chief risk and compliance officer at Griffin Bank, a UK-based challenger bank that secured a banking licence in 2023, also helped the Institute of Operational Risk formulate its certification on operational risk.

She says that “the idea that centralised regulatory guidance on what is expected from firms probably makes sense”.

“It’s not about the regulator saying which training you should complete, but more about: ‘What is your approach to training? Document that, and tell me how you get to decide the training programme for everybody’.”

A CRO at a major UK high street bank is more forthright. “Why don’t we have an industry-wide qualification? The easiest way to do that is for regulators to mandate that.”

Grant acknowledges that “regulators may take a view that what is already in the regulation suffices — and it is purposely generic so firms … demonstrate the people they employ are equipped to manage the risks they own”.

Non-financial risk comes to the fore

Fletcher says that “more than 20 years ago, the risk function largely focused on financial risks such as credit and market risks. Training was required, and often easily available, in these areas.

“As the remit of the risk function has expanded to include a whole host of non-financial risks, and cost-cutting became focused on the second line of defence during a period of low interest rates, even the financial risk training programmes were reduced.”

Back in 2010, when she first became a CRO, Grant says she “wasn’t taken seriously” because she came from a non-financial risk background.

She points out that people now look for operational resilience experience.

“There are not that many CROs who know a lot about operational resilience and operational risk”.

While a certification at entry-level is required, Grant says multi-disciplinary experience gained through secondments and movement across risk functions is just as important.

Shaun Dooley, group CRO at National Australia Bank, says: “We are pretty active proponents of people moving between the three lines of defence.”

Grant adds: “Non-financial risks are based on judgement, and no exam is going to give you that. Consumer Duty, for example, is all about providing clients the best outcomes they can have. But it is actually putting yourself in your clients’ shoes. Sometimes the needs of somebody who is bereaved are completely different from somebody who wants to make an investment. It’s about people.”

Risk ownership in the first line of defence

Paul Hodge, co-founder of 1LoD, which runs events for non-financial practitioners in the first line of defence, says: “It used to just be called operational risk. Non-financial risk is a trendy way of bucketing it up, but it includes thinking of the behavioural science of your organisation to conduct the culture as well as the resiliency, cyber and more.

“I spoke to one leading global bank the other day which now has reputational risk at an enterprise level alongside credit, liquidity and operational risk. It shows how attitudes are changing. Ownership of risk has also moved to the first line of defence, so it’s no longer just sitting with the CRO"

Staffing levels in first-line risk and control in some big banks now stand in the hundreds, he adds. This, in turn, has had an impact on their training requirements — and has seen 1LoD deliver training at their events. With the non-financial risk industry maturing, some are cynical about the training offered by third-party providers lacking in bank experience.

“I’m not a training expert, but I’ve spent 20 years working in banks,” says Hodge, “and it would be very unusual to meet anyone who has any comprehensive understanding of how non-financial risks are thought about industry-wide.”

Dooley cautions: “We’re aware some banks will respond to issues by throwing more people at it. Our view is that it doesn’t work. More people do not solve problems.”

The UK high street bank CRO adds: “Let’s say you have 500 more people you have to train at £2,000 a go. That’s a million quid, and it’s hard to get your hands on.”

CROs pursue non-financial risk training

Dooley, with his 30 years’ experience at NAB, puts his bank “very much” in the PRMIA survey’s 29% that have a holistic approach to training.

“We have a broad-based curriculum of learning materials that are available to all of our staff. Today, I completed climate risk and climate change training programmes in a series of online modules.

“It took me through a series of videos and lectures from academics as well as our chief climate officer. I knew it, but I wanted to see what our people were learning.”

Dooley says that 10 years ago, credit risk dominated his training spend. It now stands 50/50 between financial and non-financial risk.

Read the full article


Article by Banking Risk & Regulation (part of the Financial Times Group) - Request a free trial.


Back to Knowledge Hub