04 May Risk & Regulatory Advisory meet Niklas Hageback

Posted at 16:51h in Uncategorized by

Risk & Regulatory Advisory meet Niklas Hageback

Niklas Hageback is returning to Sweden after a long career in risk management in, amongst others, London and Hong Kong with firms such as Goldman Sachs, KPMG & Deutsche Bank. Risk & Regulatory Advisory has met him to discuss the latest trends and risks in banking.

You have been an expatriate now for two decades. What led you back to Sweden?

As with many things in life it was incidental that I came to work abroad for so long. Even so, I always knew it were temporary arrangements, and with a young family to also plan ahead for, the decision to return back to Sweden was an easy one.

Given your international experience, what would you say distinguish risk management in Sweden from the international scene?

In general, the broader risk management framework operates much more in silo formats than what I experienced abroad, be it by risk type or control function. This might be due to the organisational culture and the much stronger powerbase of middle management in Sweden, and whilst there are benefits to such an approach, there are also drawbacks of which some are quite concerning.

At the very top, it becomes difficult to get an accurate consolidated overview and understanding of what the actual risk exposures and their magnitudes are from the firmwide perspective, which history has shown can cost dearly. Incidents highlight that perpetrators have been swift to identify control gaps in fragmented risk frameworks which they then can gleefully abuse for illicit profits.  But also the more mundane and basic levels are affected, this as typically data tend to be aligned with these silos , making a data architecture that facilitates analytics & reporting across risk types and controls challenging to achieve. Thus, concepts such as Enterprise Risk Management (albeit rudimentary) are in place also here, but more as a theoretical construct rather than being an actual tool for pricing, allocation,  and business decisions.

In all, there is a strong impetus to encourage more collaboration and break the silos that act as impediments for effective risk management, which is something that forceful change management can address.

WHAT ARE THE KEY RISKS TO KEEP TRACK OF IN 2022?

There are a number of key risk areas that are important to keep track of and which in parts are intervowen through an intricate web of complexities. (and most of these risks are of course also applicable for sectors outside banking).

  • Political risks – it appears that we now have entered an era of unrest, a recurring pattern in human history, and of which Russia’s invasion of Ukraine is the most recent, but unlikely last, manifestation. This triggers not only strategic and reputational risks relating to which countries/markets considered viable to operate in, but will also affect day-to-day decisions in the screening of customers and investments that might have undesirable affiliations.
  • Social engineering & Insiders – in the areas of information security and financial crime prevention, the rapid advancement of malware developed on AI technologies is unfortunately making great strides in terms of deep fake personalities and so on, which is bringing social engineering infiltration and defrauding attempts to a completely new level. At the lower end of the tech spectra, we have the occurrence of insiders (and whilst the publically known cases are relatively rare) their impact can be severely damaging, seen from unprecedented fines from financial regulators, as they in instances have ties to hostile state agencies organised crime networks. SÄPO’s annual report is a sobering read in this regard.
  • Compliance risks – the requirements from regulators are not receding. EU’s DORA being the latest, and others such as GDPR is still awaiting legal praxis to clearify its reach. Thus, to avoid that compliance merely is a bureaucratic overlay, a lot of thought needs to go into how to embed these requirements into business practices, and the automation of timely and accurate reporting is one of the critical success factors.
  • The technical landscape – it will remain a quagmire for the foreseeable future with platform transitioning, upgrades of key software, the introduction of new applications, various dependencies of 3rd parties. In all, bringing with it a raft of risks we are going to have to live with for quite some time and some of them are not entirely easy to understand and assess.
  • Investment risks – Being at the end phase of a loose monetary policy cycle which have attracted a lot of stock market listings, of which some probably have promised more thant they can deliver to the point of being fraudulent in different degree and different modus operandi, out of which greenwashing is merely one type.
  • Property prices – whilst it has already been acknowledged by many participants, notably Finansinspektionen, the debt mountain is still accumulating, with already quite a few mortgage lenders that without doubt will be in financial duress if the economy slows. Hopefully, most banks are now well provisioned with ample reserves to handle delinquencies and defaults.