Our top risks for financial services firms in 2024

Our top risks for financial services firms in 2024

Thu 04 Apr 2024

We have identified and ranked the key risks for financial services business leaders in 2024 based on market research, regulatory insights as well as our assessment of the current difficulties facing firms.

We discuss in this article the key takeaways for you and your organisation.

A more detailed assessment can be found here, which contains further details on each risk mentioned in this article as well as other risks facing financial services firms and what they mean for your organisation.

Top risks 2024

As the adverse effects of the pandemic slowly faded, 2023 has seen further geopolitical tensions, large advances in generative Artificial Intelligence (AI) technology and devastating climate-related events around the globe.  Alongside cybersecurity and operational resilience, these risks comprise the top five that continue to affect financial service firms in 2024.

The challenges faced by financial firms are highly complex, interconnected and constantly evolving. It is therefore imperative that firms have strong governance procedures so they can embed effective risk management practices in a coordinated way across their oragnisation.

“Last year’s banks’ failures in the USA accentuated the importance of having robust governance in banks, but also that risks must be viewed in a holistic and forward-looking manner to avoid critical blind spots.”

Gregory Marchat, Partner – Head of Banking Consulting

Our top risk for 2024 concerns information and cybersecurity threats

In today’s digital world, financial services firms are incredibly dependent on IT systems to perform tasks and deliver services. While these new technologies and advancements bring benefits, they also pose many risks including the spread of misinformation and the increased potential for cyber-related incidents.

Trends indicate that the threat of cyber-attacks is only growing and illustrate how these attacks are becoming increasingly sophisticated. Cybersecurity is also threatened by the development of generative AI programs (which adds another layer of complexity) and ongoing geopolitical challenges.

As a result of increased cyber threats, financial service regulators and supervisors continue to put significant emphasis on the topic this year. For example, the European Central Bank has initiated early this year a cyber resilience stress test[1] on 109 directly supervised banks in 2024, for which the Single Resolution Board also contributed considering the potential impacts serious attacks could have on banks. Additionally, firms should prepare for the introduction of the Digital Operational Resilience Act, which will apply as of January 2025 (read our recent article on DORA here).

Geopolitical risks remain very high and continue to influence other risks

Russia’s invasion of Ukraine continues to put upward pressure on energy prices, and the Israel-Palestine conflict has the potential to destabilise the Middle East, causing further increases in commodity prices. On top of this, national elections are scheduled in 64 countries (including the US, India, the EU, and Russia) in 2024 – which represents half the world’s population. All of which heightens geopolitical uncertainties.

Businesses are struggling to keep pace with the rapidly changing landscape of interconnected risks that are caused by increasing geopolitical tension. These risks include supply chain disruptions, shifts in consumer behaviour, financial liquidity, and solvency. Firms must ensure they have effective horizon scanning processes in place that enable them to monitor and assess emerging geopolitical risks more rapidly and be able to adapt to them in their business models, For example, a higher for longer interest rate environment that will exert increasing pressure on their customers’ debt sustainability.

Climate and sustainability issues are high on stakeholders’ and regulators’ minds

2023 bore witness to multiple extreme weather events that led to devastating loss of life, habitats, and property leading to increased social and financial strain[2]. The World Economic Forum estimates that over half of the world’s GDP[3] ($44 trillion of economic value) is at moderate or severe risk due to nature loss. Due to the impact of climatic changes on businesses, and societal attitudes towards the environment, climate and sustainability risk remains a high priority for organisations.

Financial services regulators now have climate as one of their key risks. This is evident from the swathe of climate risk regulations that are being introduced or due to come on stream in the next couple of years. Examples are Europe’s Corporate Sustainability Reporting Directive and the International Sustainability Standards Board’s Sustainability Disclosure Standards.

Firms must ensure they are prepared to meet the expectations outlined in these regulations by embedding climate risk considerations into their risk management programmes and developing appropriate modelling capabilities to quantify the impact of climate change on their loan portfolios and lending strategies. They must also assess how transition risk may leave them exposed in the coming years to balance sheet strain and reduced financial performance.

In the EU, the ECB already reiterated that banks must have fully implemented its expectations for climate risk[4] by the end of 2024, and banks which continue to present significant deficiencies may be imposed financial fines – which is an escalation beyond the Pillar 2 capital add-on imposed in the past.

Be aware of the challenges when using artificial intelligence (AI) and machine learning (ML) tools

As firms continue to digitise their operations and services, AI and ML have become more prominent. Equally, AI is now part of consumers’ and businesses’ daily lives.

Whilst these advancements introduce many opportunities for firms such as the ability to make quicker and better-informed decisions and reduce costs (for example for customer services), there are also important ethical questions, security risks, business strategy implications, and operational considerations (such as the use of generative AI in banks’ models) which must be appropriately understood and managed to mitigate risks.

Firms should ensure that they: i) assess and document the impacts of AI; ii) clearly understand how this may affect their business models, strategies, and customers; and iii) consider the impact of regulation on their adoption journey. Risk mitigation will entail the investment in and development of robust model risk management policies and processes, information security management systems and controls to match the increased risk. The AI Act[5] being introduced in the EU will be the first legal framework on AI, which is hoped to address some of the risks of AI.

Regulatory requirements maintain operational resilience high on executives’ agenda 

Recent years have shown the importance of implementing sound operational resilience policies to mitigate the effects of a disruption. To manage the risk of disruption, banks should leverage their operational risk management functions to identify internal and external threats and potential failures in people, processes, and systems on an ongoing basis. They should promptly assess the vulnerabilities of critical operations and manage the resulting risk per their operational resilience approach.

In the UK, firms must ensure they are on track to meet the upcoming regulatory implementation deadline in 2025[6], whereby UK regulators will expect firms’ operational resilience frameworks to have been tested and be fit for purpose in terms of identifying, assessing, and monitoring the vulnerabilities of their critical functions. Operational resilience is also relevant to the ECB cyber resilience stress test mentioned and the introduction of DORA as discussed earlier.

Pressure remains on financial institutions to carefully navigate all those risks in 2024

The current and emerging risks faced by financial services firms are highly complex, often intertwined and constantly evolving. Supervisors continue to put strong emphasis on ensuring that firms understand, monitor, and prepare for all these risks and are ready for all eventualities. These extensive requirements put additional burdens and costs on firms, which necessitates careful prioritising and investing in risk management.

[1] ECB to stress test banks’ ability to recover from cyberattack (europa.eu); [2] 10 Global Weather and Climate Change Events; [3] World Economic Forum; [4] ECB Guide on climate-related and environmental risks; [5] AI Act; [6] Operational Resilience FCA