I had the pleasure of interviewing Kevin McHugh, Former Chief Risk Officer with Bank of Montreal (Ireland).
He is a Fellow of the Institute of Chartered Accountants in Ireland and the Chartered Institute of Securities and Investments and has twenty five years international C-suite experience. Currently Kevin is an expert consultant with QBS Management, a boutique consultancy providing services in risk management, compliance and governance to the financial sector.
Thank you so much for doing this with us! What is your “backstory”?
I qualified as a Chartered Accountant in the mid 80s and moved in the early 90s to the Irish Stock Exchange or ISE at a time when it was establishing itself as an independent exchange. The independent exchange needed a legal, trading, settlement and financial structure all of which was put in place over eighteen months.
After the ISE, I took up an executive directorship with one of the leading Irish stockbroking and corporate finance houses at a time when the business models of all major players in the sector were being overhauled.
I took up a role as Divisional Chief Compliance Officer and then Divisional Chief Risk Officer with a leading Irish bank with operations in Europe, North America and Australia.
I spent four years as Chief Risk Officer of the Irish based business of a Canadian bank and then set up a boutique consultancy business in early 2018.
What do you think makes your bank different in these disruptive times? Can you share a specific story?
I provide services across the financial sector. Banks and other financial firms which have a better chance of success will typically have a crisp customer proposition and an efficient and reliable execution capability. This requires investment in people, systems and processes and needs. It also needs focus on key stakeholders and on defining and living a culture which those stakeholders will admire and which will attract them to the firm.
The financial sector is littered with examples where they get this wrong, whether that be through the absence of customer focus, whether it be through an approach to staff which will not attract and retain the best talent, whether it be through legacy systems and processes or whether it be through regulatory difficulties which in many cases reflect problems in a combination of the other areas mentioned.
What are the risks that boards are currently concerned about in the Market, Liquidity, Credit, Operational, Financial and Compliance risk categories?
> Political Risk, whether that be Brexit, Korea, the Middle East, China, EU stability, immigration challenges, potential trade wars, potential shifts towards populism, and many others
> Cyber Risk including Cyber Crime, particularly if it results in key infrastructure being compromised or if it results in customer accounts or customer confidence being compromised. Banks will face particular challenges if they rely on legacy systems or if they lose the war for scarce talent. In the area of Financial Crime, there are well established and largely successful channels for the financial sector, regulators and law enforcement to work together. Cyber Crime needs similar channels. I would also expect to see banks collaborating with universities to develop artificial intelligence to mitigate cyber risk.
> Market and Credit Risks associated with an uptick in interest rates and an increase in volatility after a prolonged period in which these have been very low.
> For European banks, a challenge is to achieve a reasonable return on equity, particularly in an environment where the regulatory burden varies between geographies and between the banking sector and non bank providers. European banks are increasingly being viewed as utility providers. If that trend continues, European banks will struggle to attract the best talent.
> For banks with significant presence in emerging markets, credit risk, market risk and political risk will continue to be elevated.
> US sanctions will continue to be a political tool and to have global implications for investment choices including market selection choices.
What are the risks that you are concerned about in those same categories over the next three years
I expect political risk to remain a key concern over the next three years, albeit that the triggers will move over time
I expect cyber risk to become a more significant concern.
I expect market risk and credit risk to reduce as key concerns as firms become used to the new normal, except where the risk relates to emerging markets
I expect European banks to continue to struggle to achieve adequate returns and to attract and retain the best talent.
I expect development and embedding of a risk appetite framework which supports strategic objectives to increase in importance.
In your view, should Conduct risk be among the top risks to be concerned about? Can you elaborate or share a story?
Yes. Where conduct risk goes wrong the risk of reputation damage, particularly with customers and regulators is high and where that damage occurs, the route to recovering reputation is long and expensive including the expense of diverting management time and organisational energy. During the recovery period, there is also likely to be reputation damage with key stakeholders including regulators, investors and staff. In short, a good way to undermine franchise value is to get conduct risk wrong.
Building a “Lean Risk Culture” is crucial in strengthening risk management practices at a holistic level. What is your approach in building a lean risk culture? Can you share a story or example?
A lean risk culture depends on building a skilled risk management team which works collaboratively with business lines and where the CRO and the senior team view internal and stakeholder relationship building and management as a core part of the role.
With an increasing amount of data breaches and financial crimes , what do you think is the most effective way to manage this risk ?
Most banks have well established financial crime and data security policies and systems.
The key to managing these risks is through consistent implementation of those policies and systems supported by an investment in training. Where banks have got financial crime or data security wrong, the cause is rarely complex — it is more often in areas which are the bread and butter of risk management. Banks need to create a culture where front line staff seek advice where necessary, where risk management and compliance staff respond collaboratively where advice is sought, and where there is no tolerance for financial crime or data security issues arising due to deliberate or negligent action.
Can you please give us your favorite “Life Lesson Quote”?
The most effective leaders and managers are those who have faced challenging circumstances and come through them — or to express it as a previous manager of mine did “ You are no good to me if you don’t have a few war wounds”
Originally published at medium.com