Banks are facing new challenges in risk management. Their risk-related concerns have remained unabated and they have realised the need for risk-mitigation on more thoughtful lines.

Background interviews of a number of bank executives reveal that erecting more powerful firewalls against tech-savvy criminals has emerged as their number one concern in risk management, leaving political interference a few notches behind. “We don’t have a culture of compiling reports on changing concerns of risk-management here. So, it’s difficult to speak on behalf of all. But at least for banks like ours, a tech-savvy criminal mind is our greatest concern,” says a senior executive of Habib Bank Ltd.

“Political interference still has a bearing on operational risks but there are other challenges too, that are equally strong.”

Background interviews with a number of bank executives reveal that erecting more powerful firewalls against tech-savvy criminals has emerged as their number one concern in risk management, leaving political interference a few notches behind

Our banking industry also flags low global economic growth and signs of slowdown in emerging economies as risk-management issues because senior bankers think that our policy response is not adequate.

Whereas the country’s economic managers are banking on the CPEC (China-Pakistan Economic Corridor) investment, they seldom find time to come up with proper policy responses to global and regional changes to push our own economic growth on a high trajectory, bankers say.

Our exports have become stagnant. Growth in home remittances has lost steam. We are relying too much on foreign borrowing. “All this has implications for our economy, and in turn, on banking risks,” says a former president of the state-run National Bank of Pakistan.

Central bankers claim that the State Bank of Pakistan is alive to this century’s new risk management challenge of tech-savvy criminal acts and cite steps that they have taken to help banks mitigate this risk, the latest being a specific set of rules that aims at ensuring the cyber security of the banking business.

The SBP’s-2020 vision also makes it clear that ‘the safety of the existing payment system is paramount’ and monitoring and enabling emerging payments’ technology, is important.

“Striking a balance between these two premises is not so easy,” says a senior central banker. “We have lots of ever-evolving regulations on cyber-safety but we’re also encouraging entry payment system technologies to ensure development of a more modern payment system.”

As for banks, observing the rules of game related to cyber security is becoming difficult in the absence of a dependable scanning system for applicants who aspire to run the banks’ internal information technology and communication systems.

“We now have lots of young people, well-trained to run a banks’ IT operations but there is a greater risk of infiltration and criminal activity (associated with them),” according to a senior executive vice president of UBL. Bankers cite several cases of data theft from banks, some having been reported to the agencies concerned, but they avoid giving details.

In a few cases, related to two of the five top banks, it emerged that the employees of the IT department were on the payroll of a particular security agency or they were stealing data to save corrupt politicians.

The recent closer liaison between the SBP and Federal Investigation Agency (FIA) is aimed at a tighter check on currency smuggling and terror financing, but it is also expected to address this issue, leading bankers say.

Traditionally, banks had to focus broadly on four key areas of risk management i.e. economic and systemic, market, operational and management and liquidity risks. But nowadays, each of these areas has several sub-areas that need to be taken care of, senior bankers say.

Take for example, the case of liquidity risks. Since 2008, successive governments have been borrowing excessively from banks.

Banks have also started recognising the perils of shadow banking and count it as one of the key risks for the banking industry. They concede that they have done little to mitigate this risk, partly because shadow banking is more a challenge to, and by product of, our overall economic system and partly because the banks’ long over-reliance on government debt securities, for profit making, have made them complacent.

Bankers say that reliance on third-party services, too, is becoming a big challenge to risk management.

There is a long list of service providers that banks normally rely on—ranging from security guards, property valuers, monitors of collateralised assets, law firms, marketing gurus, to temporarily hired hands for handling online and digital jobs. “Wide-spread corruption and growing misuse of social media are making it difficult to obtain truly fair and professional services from outside,” says the head of operations of a large local bank.

Published in Dawn, Business & Finance weekly, October 3rd, 2016