Risk & Compliance Concerns Remain High for Financial Institutions

  • January 6, 2023
  • Quantivate

The ability to manage risk and compliance remains top of mind for financial services organizations, according to the annual Regulatory & Risk Management Indicator survey conducted by Wolters Kluwer.

The survey of banks, credit unions, and mortgage companies takes a pulse on institutions’ regulatory and risk concerns, impacts, and current management practices.

Top Concerns for Financial Services Sector


The “ability to manage regulatory change in an effective and compliant manner” emerged as the primary challenge for institutions regardless of asset size. Specific areas of concern included:

“This year’s survey findings point to the critical role that a robust regulatory change management program—particularly one featuring an up-to-date regulatory library—plays in helping ensure compliance and addressing risk,” said Wolters Kluwer’s senior advisor for regulatory strategy.

The financial services organizations surveyed plan to invest in the following compliance management capabilities and improvements in 2023:

  • Updating compliance policies and procedures (51%)
  • Strengthening risk assessment processes (49%)
  • Management of new/changed regulatory content (41%)
  • Strengthening consumer complaint management (34%)

Technology & Digitization

Manual processes and spreadsheet usage in risk and compliance programs also came up as a common concern, with 54% of respondents ranking manual processes as their biggest obstacle to maintaining an effective compliance program. These methods are widely used despite the likelihood of increased risk exposure; only nine percent of respondents indicated that they rarely use manual processes.

Manual management practices expose teams to potential financial and reputational risk and hinder informed decision-making. A Forrester study found that “spreadsheet risk” — that is, the format’s susceptibility to error and manipulation, which can lead to inaccurate data analysis — is a real threat to business-critical tasks like risk assessment and compliance management.

However, 85% of respondents to the Wolters Kluwer survey indicated that they “sometimes or often” use manual processes and spreadsheets as their primary means for managing regulatory compliance. Organizations that fail to prioritize digital transformation will face ongoing challenges in maintaining reliable data and keeping up with the demands of regulatory compliance and risk management.

“Clearly, the banking industry increasingly recognizes the upsides in employing and more fully leveraging digital processes and automation, particularly given their impact in reducing or eliminating time-consuming and less accurate manual processes from their everyday workflows.”

As risk and compliance practitioners seek to mature their programs, many recognize that “spreadsheets and emails are hardly up to the task of minimizing or preventing risk exposure.” Gartner points out in its brief on risk governance that “wielding digital tools…strengthens high-quality risk management behaviors by 17%.”

Related Reading | Why Manual GRC Processes Don’t Work

Focus Areas for Risk & Compliance Management

Asking financial industry professionals to rank the risk and compliance management activities demanding the most attention, the survey identified the following activities:

  • Managing risk across all lines of business
  • Maintaining compliance with changing regulations
  • Keeping track of regulations
  • Demonstrating compliance to regulators

Enterprise risk management (ERM) topped the list of focus areas, with 59% of respondents “very concerned” about their institution’s capabilities. The ability to manage risk across business units or departments continues to be a crucial but challenging area for financial services organizations. It’s also a function where program maturity is frequently lacking.

More than a third (34%) of institutions don’t have a formal program for understanding and managing risk, while 16% use a well-defined ERM program but lack consistency across the organization. Just short of 20% would describe their program as strategic and integrated.

Related Reading | The State of ERM

Top Risk Management Priorities for 2023

Financial industry professionals also ranked the risk categories that they anticipate receiving escalated priority in 2023:

  1. Cybersecurity (72%)
  2. Compliance risk (51%)
  3. Credit risk (51%)
  4. Operational risk (27%)
  5. Third-party risk (16%)

Related Reading | GRC Priorities in Banking & Financial Services

Solving Risk & Compliance Challenges

As teams managing risk and compliance face complex challenges, establishing effective processes and adopting flexible technology play a significant role in successful GRC management.

Learn how Quantivate helps financial institutions address issues like regulatory burden and siloed data — get your copy of GRC Challenges for Banks & Credit Unions: Tackling Risk & Compliance With Smart Solutions.