2022 Risk Survey Results: Walking a Tightrope

Despite geopolitical turmoil following Russia’s invasion of Ukraine, the Federal Reserve opted to raise interest rates 25 basis points in March — its first increase in more than three years — in an attempt to fight off a high rate of inflation that saw consumer prices rising by 7.9% over the preceding year, according to the Bureau of Labor Statistics.

“Inflation remains elevated, reflecting supply and demand imbalances related to the pandemic, higher energy prices, and broader price pressures,” the central bank said in a statement. The Federal Open Market Committee (FOMC) is the policymaking body within the Fed that sets rates, and Fed Chairman Jerome Powell remarked further that the FOMC will continue to act to restore price stability.

“We are attentive to the risks of further upward pressure on inflation and inflation expectations,” Powell said, adding that the FOMC anticipates a median inflation rate of 4.3% for 2022. He believes a recession is unlikely, however. “The U.S. economy is very strong and well-positioned to handle tighter monetary policy.”

Six more rate hikes are expected in 2022, which overshoots the aspirations of the directors, CEOs, chief risk officers and other senior executives responding to Bank Director’s 2022 Risk Survey, conducted in January. Respondents reveal a high level of anxiety about interest rate risk, with 71% indicating increased concern. When asked about the ideal scenario for their institution, almost three-quarters say they’d like to see a moderate rise in rates in 2022, by no more than one point — significantly less than the 1.9% anticipated by the end of the year.

Moss Adams LLP sponsors Bank Director’s annual Risk Survey, which also focuses on cybersecurity, credit risk, business continuity and emerging issues, including banks’ progress on environmental, social and governance (ESG) programs. More than half of the respondents say their bank doesn’t yet focus on ESG issues in a comprehensive manner, and just 6% describe their ESG program as mature enough to publish a disclosure of their progress.

Developments in this area could be important to watch: The term ESG covers a number of key risks, including climate change, cybersecurity, regulatory compliance with laws such as the Community Reinvestment Act and operational risks like talent.

“Finding employees is becoming much harder and has us [looking] at outsourcing (increased risk) or remote workers (increased risk),” writes one survey respondent. Workers want to work for ethical companies that care about their employees and communities, according to research from Gallup. Could a focus on ESG become a competitive strength in such an environment?

Key Findings

Top Risks
Respondents also reveal increased anxiety about cybersecurity, with 93% saying that their concerns have increased somewhat or significantly over the past year. Along with interest rate risk, regulatory risk (72%) and compliance (65%) round out the top risks. One respondent, the CRO of a Southeastern bank between $1 billion and $5 billion in assets, expresses specific concern about “heightened regulatory expectations” around overdraft fees, fair lending and redlining, as well as rulemaking from the Consumer Financial Protection Bureau around the collection of small business lending data.

Enhancing Cybersecurity Oversight
Most indicate that their bank conducted a cybersecurity assessment over the past year, with 61% using the Cybersecurity Assessment Tool offered by the Federal Financial Institutions Examination Council (FFIEC) in combination with other methodologies. While 83% report that their program is more mature compared to their previous assessment, there’s still room to improve, particularly in training bank staff (83%) and using technology to better detect and/or deter cyber threats and intrusions (64%). Respondents report a median budget of $200,000 for cybersecurity expenses in fiscal year 2022, matching last year’s survey.

Setting ESG Goals
While most banks lack a comprehensive ESG program, more than half say their bank set goals and objectives in several discrete areas: employee development (68%), community needs, investment and/or volunteerism (63%), risk management processes and risk governance (61%), employee engagement (59%), and data privacy and information security (56%).

Protecting Staff
More than 80% of respondents say at least some employees work remotely for at least a portion of their work week, an indicator of how business continuity plans have evolved: 44% identify formalizing remote work procedures and policies as a gap in their business continuity planning, down significantly compared to last year’s survey (77%). Further, banks continue to take a carrot approach to vaccinations and boosters, with most encouraging rather than requiring their use. Thirty-nine percent require, and 31% encourage, employees to disclose their vaccination status.

Climate Change Gaps
Sixteen percent say their board discusses climate change annually — a subtle increase compared to last year’s survey. While 60% indicate that their board and senior leadership team understand the physical risks to their bank as a result of more frequent severe weather events, less than half understand the transition risks tied to shifts in preferences or reduced demand for products and services as the economy adapts.

To view the high-level findings, click here.

Bank Services members can access a deeper exploration of the survey results. Members can click here to view the complete results, broken out by asset category and other relevant attributes. If you want to find out how your bank can gain access to this exclusive report, contact bankservices@bankdirector.com.