Gear up your Risk Management

How you can minimise risks during the COVID-19 crisis

Risk management functions – in the business or in the control functions – are at the heart of current crisis management efforts. The board of directors, management, regulators, clients, and other stakeholders expect an up-to-date view of the risks the company is exposed to and the effectiveness of the measures taken. Timely risk information and reporting is critical to enable timely decision-making and has been an issue in crises in the past. 

At the same time, risk management organisations are also affected by the crisis.

You may be experiencing restrictions with regard to working remotely, reduced workforces, technical disruptions or increased volumes.

To help you, we have created an overview of scenarios, suggested activities and guiding questions for responding to the crisis and recovering the business. As the progress of COVID-19 is hard to predict you might find your business switching between these two phases. 

 

Risk management functions – in the business or in the control functions – are at the heart of current crisis management efforts. The board of directors, management, regulators, clients, and other stakeholders expect an up-to-date view of the risks the company is exposed to and the effectiveness of the measures taken. Timely risk information and reporting is critical to enable timely decision-making and has been an issue in crises in the past. 

At the same time, risk management organisations are also affected by the crisis. You may be experiencing restrictions with regard to working remotely, reduced workforces, technical disruptions or increased volumes. We recommend identifying and ringfencing the services that are critical to protecting your organisation and meeting regulatory expectations.

Key questions to consider

There are a number of areas that may be affected. Here are some questions for you to consider:

  • Do you have the mechanisms in place to increase the frequency of reporting – to regulators, the board and management? Are you able to produce ad-hoc reports at short notice? What manual work-arounds do you have in case of system disruptions?
  • Do you have KPIs to monitor the increased volume from the front and the controls / control back log in the second line of defence?
  • What is the workforce situation for your critical services? What cross-staffing options do you have? How about leadership?
  • Are there projects, initiatives and other activities that can be de-prioritised?
  • Are you in contact with your key regulators? Have you established working protocols and escalation points?

Critical Services

Observations suggest that the following services might be interrupted due to COVID-19.

  Liquidity and capital risk management Credit risk management Market risk management Regulatory affairs Risk reporting
Description Crisis situations increase the risk of non-compliance with minimum requirements (e.g. capital, liquidity and leverage ratios). Execution of federal liquidity funding with emergency credits lead to increased volumes and credit administration resources. Increased trading volumes in combination with high market volatility leaves no room for error (e.g. collateral management, asset allocations) In times of crisis, regulators may increase supervision. In addition, the organisation may lose focus on regulatory commitments.. Stakeholders such as regulators, the board and management expect up-to-date risk information to be able to make informed decisions.
Consequences if interrupted
  • Liquidity shortage
  • Enhanced regulator surveillance / reporting
  • Triggered loss absorbing instruments (TLAC)
  • Delayed loan payments is a major reputation risk for banks
  • Growth of impaired loans due to incorrect handling
  • Increased trading losses due to operational errors or limitations
  • Shortfall of Lombard loans (margin calls)
  • Regulatory enforcement and scrutiny
  • Regulatory fines
  • Risk of “flying blind” in this critical phase
  • Risk of inaccurate reporting

 

Coronavirus scenarios and mitigation for Risk Management

COVID-19 will affect organisations to different degrees, requiring several actions.

 

Coronavirus impact
Details Some increased volumes in trading and credit. Majority of the workforce working from home with minor disruptions. Some of the workforce out on sick leave. Some of the workforce out on sick leave for extended periods, including suppliers. Increased requests from regulators, including reporting. Increased trading and credit volumes. A large part of the workforce out on sick leave, including suppliers. Disruptions to technology. Increased regulatory supervision and crisis management.
Functional impact Limited initial impact, however impact of preparing for potential worsening of the situation. Inability to maintain full risk mandate. Delays in control activities related to trading and credit. Potential delays in reporting. Inability to maintain risk mandate. Inability to meet some regulatory commitments, including regulatory reporting. Inability to provide up-to-date reporting to board and management.
Proposed actions Prepare for medium and major scenarios. Identify and ringfence critical services.  Identify backup options for critical providers. Contact key regulators to establish working protocols. Ringfence the critical services within the risk mandate. Reassign resources to these critical mandates, postpone other activities. Prepare sourcing options for a potential worsening of the crisis. Continue to ringfence the critical services within the risk mandate. Source external workforce for critical services. Follow escalation protocol established with key regulators.

Risk Management functions – in the business or in the control functions – have been at the heart of the crisis management efforts. The board of directors, management, regulators, clients, and other stakeholders expect an up-to-date view of the risks the company is exposed to and the effectiveness of the measures taken.

Upon entering the post-crisis phase, regular and timely reporting on KRIs will continue to be crucial. Furthermore, a damage assessment to identify the areas most affected can play an important role in helping to define a targeted and robust strategy for the restart.

Looking forward, besides keeping a close eye on the development of the pandemic, businesses should start focusing on non-Covid-19-related risks to make sure the transition to a ‘new normal’ is built on realistic  expectations.

 

Key questions to consider when recovering your business:

  • Are you aware of the impact the crisis has had, and is still having, on your business in detail? Are you prepared for the risks that have not yet materialised?
  • Do you have the right KPIs/KRIs in place to identify upcoming risks and to mitigate them in timely fashion?
  • Can you unblock important projects, initiatives or activities that can help you accelerate the restart?
  • What can be prepared now for potential further COVID-19 waves, while moving between the crisis response and crisis recovery phases, for different locations at different times?

Suggested next steps to tackle the recovery phase

If you find your business moving from the response to the recovery phase of the crisis the following key considerations and recommendations might be useful to you. 

Damage assessment

Targeted restart Reassess risk strategy Raise risk awareness Ongoing monitoring
Assess damage caused by Covid-19 crisis in the most important, and preferably in all lines of business in order to obtain a 360 degree view  Initiate restart and ramp-up  of crucial business areas while closely monitoring KRIs and strengthening second line of defence Reassess your existing risk strategy incorporating lessons learned from the current crisis. Adjust risk framework accordingly Raise awareness throughout the organisation of the risks emerging in the new normal, for example increased exposure to fraud and cyber threats Establish ongoing monitoring of key KRIs, with a particular focus on early warnings for fraud and conduct related topics, in addition to core financial risk KRIs 

Guidance for the next phases

The next steps to deal with the “new normal” vary based on job roles and companies. We have created an overview with possible actions and suggestions on planning and getting ahead for upcoming phases of the crisis.

Guidance for next phases
  Short-term Medium-term Long-term
Member of the Board of Directors
  • Enable damage assessment across the organisation
  • Strengthen mandate of the Risk Management function in order to increase business resilience
  • Establish protocols for the “new normal”, including heightened monitoring
  • Establish increased monitoring of increased risk exposures that may not have materialised – fraud risks, cyber risks, client and market conduct, unauthorised activities
  • Oversee lessons-learned exercises to increase resilience for potential upcoming crisis cycles
  • Focus on operational resilience programmes, in line with increased regulatory focus and expectations
  • Maintain heightened monitoring of key risk exposure throughout the recovery phases
  • Perform crisis simulation exercises against multiple scenarios
Chief Risk Officer (CRO) 
  • Identify critical risk mandates to support business in restarting and focus on these
  • Initiate damage assessment in cooperation with other parts of the organisation
  • Establish scenario and connected actions for worsening of the current situation and resurgence of the crisis
  • Develop plan to reallocate resources to non-critical risk mandates that further support BAU transition
  • Reassess risk strategy and incorporate lessons learned from current Covid-19 crisis
  • Refine risk framework that caters for crises and facilitates immediate action
  • Execute plan to reallocate resources to non-critical risk services
  • Continue to develop revised risk strategy and put it into action
  • Increase operational resilience and further strengthen crisis management capabilities 
Business Heads / Front Office
  • Focus on the damage-assessment of the crisis beyond the immediate liquidity topics – related to the credit portfolio, market and client conduct
  • Create a plan to operate with “business as usual” workforce, stabilising from the temporary taskforce set-ups during the crisis response
  • Raise awareness and strengthen monitoring of conduct related topics – from outside the organisation (cyber fraud) and within it (client and market conduct, unauthorised activities, risk/reward considerations)
  • Continuously re-evaluate and monitor risk in line with the changes in customer behaviours, working mode and other longer-term impacts of the crisis
  • Improve resilience through lessons-learned and crisis simulation exercises

Contact us for Finanacial Service related questions

Alexandra Burns

Director, Risk, Compliance, Internal Audit
alexandra.burns@ch.pwc.com
Tel: +41 79 878 31 69

 

Dr. Manuel Plattner

Advisory Director
manuel.plattner@ch.pwc.com
Tel: +41 79 382 6712

 

Tobias Scheiwiller

Senior Manager, Financial Risk Management
tobias.scheiwiller@ch.pwc.com
Tel: +41 79 740 2504

 

Risk Management functions have been at the heart of the crisis management efforts. The board of directors, management, regulators, clients, and other stakeholders expect an up-to-date view of the risks the company is exposed to and the effectiveness of the measures taken.

Upon entering the post-crisis phase, regular and timely reporting on risks and different scenarios will continue to be crucial. Furthermore, a damage assessment to identify the areas most affected can play an important role in helping to define a targeted and robust strategy for the restart.

Looking forward, besides keeping a close eye on the development of the pandemic, businesses should start focusing on non-Covid-19-related risks to make sure the transition to a ‘new normal’ is built on realistic  expectations.

 

Key questions to consider when recovering your business:

  • Are you aware of the impact the crisis had and still has on your business in detail? Are you prepared for the risks that have not yet materialised?
  • Do you have the right data and tools available to provide an up to date view of the different scenarios needed to ensure informed and timely decision making?
  • Do you have the right early warning indicators in place to identify upcoming risks and mitigate timely?
  • Can you unblock important projects, initiatives or activities that can help you accelerate the restart?
  • What can be prepared now for potential additional COVID-19 waves and to help you emerge stronger out of the crises?

Suggested next steps to tackle the recovery phase

If you find your business moving from the response to the recovery phase of the crisis the following key considerations and recommendations might be useful to you. 

Identify and reassess risks Damage Assessment Targeted Restart Raise risk awareness Ongoing monitoring
Enterprise wide reassessment of the top risks (identification of new and/or changed top risks) and the initiation of respective actions, where needed. Assess damage caused by COVID-19 crisis in the most important and preferably in all lines of business and all regions and establish a regularly updated multi scenario planning. Initiate restart and ramp up of crucial business areas and locations while closely monitoring relevant early warning indicators and risk strategy. Raise awareness throughout the organisation of the risks emerging in the “new normal”, for example increased exposure to fraud, cyber threats and supply chain risks. Establish ongoing monitoring of key early warning indicators with a particular focus on all areas that ensure your business continuity and strategic growth.

Guidance for the next phases

The next steps to deal with the “new normal” vary based on job roles and companies. We have created an overview with possible actions and suggestions on planning and getting ahead for upcoming phases of the crisis.

Guidance for next phases
  Short-term Medium-term Long-term
Member of the Board of Directors
  • Enable top risk and damage assessment across the organisation
  • Strengthen mandate of the Risk Management function in order to increase business resilience
  • Establish protocols for the “new normal”, including heightened monitoring
  • Establish monitoring over increased risk exposures that may have not materialised – i.e. cyber risks, supply chain risks, fraud risks, etc.
  • Oversee lessons-learned exercises to increase resilience for potential upcoming crisis cycles
  • Focus on operational resilience programmes, in line with increased market focus and expectations
  • Maintain heightened monitoring of key risk exposure throughout the recovery phases
  • Perform crisis simulation exercises against multiple scenarios
Risk Management
  • Identify critical risks to support restart of business 
  • Initiate top risk and damage assessment in cooperation with other parts of the organisation
  • Establish multi scenario planning and connected actions for worsening of the current situation and resurgence of the crisis
  • Develop plan to support business as usual transition, incl. relevant early warning indicators
  • Reassess top risks and update multi scenario plannning and crisis simulation
  • Amend risk strategy and incorporate lessons learned from current COVID-19 crisis
  • Execute plan to reallocate resources to non-critical risk services
  • Continue to reassess top risks and update multi scenario planning and crisis simulation
  • Increase operational resilience and further strengthen crisis management capabilities 
Business
  • Focus on damage assessment of the crisis beyond the immediate liquidity topics to ensure business continuity
  • Create a plan to operate with «business as usual» workforce, stabilising from the temporary taskforce set-ups during the crisis response
  • Raise awareness and strengthen monitoring of risk related topics – within and from outside of the organisation (cyber, fraud, supply chain etc.)
  • Implement plan to operate with «business as usual» workforce, re-evalute and adopt where needed
  • Continuously re-evaluate and monitor risk in line with the changes in customer behaviours, working mode and other longer-term impacts of the crisis
  • Improve resilience through lessons-learned and crisis simulation exercises

Contact us for Trade Industries related questions

Birgit Gallus

Senior Manager, Governance, Risk & Compliance
birgit.gallus@ch.pwc.com
Tel: +41 79 150 7559

 

Alexandra Burns

Director, Risk, Compliance, Internal Audit
alexandra.burns@ch.pwc.com
Tel: +41 79 878 31 69

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

Contact us

Alexandra Burns

Alexandra Burns

Partner, Leader Financial Services Risk Consulting & Internal Audit, PwC Switzerland

Tel: +41 58 792 46 28

Tobias Scheiwiller

Tobias Scheiwiller

Partner, Financial Risk Management, PwC Switzerland

Tel: +41 79 740 25 04

Birgit  Gallus

Birgit Gallus

Director, Risk Consulting, PwC Switzerland

Tel: +41 79 150 75 59