New research of CPA Australia has found financial institutions in the Asia Pacific region were inadequately prepared for a risk like the COVID-19 pandemic and must rethink how to be ready for key risks that may impact their critical operations and their risk management regimes.

The study into governance and sustainability found that only one in 50 banks disclosed a pandemic outbreak as a key risk to their business operations. Japan’s Sumitomo Mitsui Trust Holding was the only lender that had identified a pandemic risk and developed mitigation strategies such as business continuity plans. In the insurance space, just three of 50 insurers — AIA Group in Hong Kong, and Tokio Marine Holdings and MS&AD Holdings from Japan — had identified a pandemic outbreak as a key risk.

The findings are part of a new report, Banking on Governance, Insuring Sustainability, authored by academics from the National University of Singapore (NUS) Business School, and published by global professional accountancy organisation CPA Australia. The report studies the 50 largest listed banks and 50 largest listed insurance companies by market capitalisation from 15 Asia Pacific economies.

Chng Lay Chew, Singapore Divisional President of CPA Australia said, “New disruptions to the global economy such as COVID-19 will force management and boards of financial institutions to revamp their risk management regimes for the new business normal. It is imperative for organisations to rethink how to be prepared for new and possible unknown risks. One important aspect is by having the discipline to continue to invest in and practise high standards of risk management.”

Analytics and technology implementation still nascent

The study also found that the use of analytics for managing risks and in internal audit remain at a nascent stage in the sector. Fifteen banks publicly disclose that they use analytics in managing risks, compared with just eight insurance companies. DBS Group in Singapore was the only bank that publicly stated that it uses predictive analytics to identify emerging risk areas.

With massive technological disruption facing the industry, the report found that most financial institutions have responded by increasing investments in artificial intelligence, machine learning and blockchain.

“Leveraging data analytics and technology can improve risk management and help financial institutions make better strategic and other decisions. However, with greater use of technology comes increased security risks. The increase in technology-related risks and growth in digitisation requires boards to go beyond traditional skills and competencies, and consider technology expertise when recruiting directors,” said report co-author, Associate Professor Richard Tan.

The study found that there is room to increase technology expertise at the board level, including understanding of cyber risk — a key risk for financial institutions.

At the board level, directors with technology expertise remain rare in the industry. Most banks studied have not appointed directors with technology expertise, with Australian and Indian banks performing better in this respect. Only 20 per cent of insurers have appointed directors with such relevant expertise.

“Managing risks of a business requires boards to have a diversity of skills, experience and perspectives, and to avoid behavioural pitfalls such as groupthink and confirmation bias. A robust nominating process, proper succession planning and board renewal are essential to achieving this.

“Risk management, including the identification of key risks, should not be a checkbox exercise, but should instead be informed by a thorough consideration of different types of risks that may impact the business,” said Associate Professor Mak Yuen Teen, also a co-author of the report.