2024 Risk Perspectives: How 2023 Shaped Today’s Risk Landscape

Maintaining contemporary risk management practices prevents operational losses and strategically provides a competitive advantage. The risk landscape across any given industry changes constantly in response to current events – 2023 made that clear. Consider the collapse of Silicon Valley Bank and the ripples it sent throughout the financial institution, tech, and fintech landscapes. We can’t deny that the risk landscape we started with in 2023 was significantly different by the end of December.

So where exactly did we end up in 2023? And what does the year in review have to tell us about 2024? We’ve gathered the perspectives of our risk experts across various industries, each offering their own insight into 2024’s evolving risk landscape.

Financial Institutions

Liquidity Risk

The bank failures in 2023 raised several questions when it comes to liquidity risk. Many have been left wondering if banks can meet cash demands and other obligations without sustaining unacceptable losses in 2024.

The bank failures made it evident that financial institutions were not properly managing their balance sheets, leading to an increased focus on asset liability management (ALM) in 2023 that will certainly continue through 2024 and beyond. Liquidity has been impacted in 2023, and into 2024 by rising deposit rates and financial institutions increasing their reliance on wholesale funding.

Credit Risk

The current inflationary environment has put pressure on all borrowers in 2024, whether commercial or consumer/residential, which could lead to increased credit risk. Banks are dealing with the aftermath of fast-changing higher interest rates, increased deposit costs, and slower lending. Additionally, as bank margins are squeezed, delinquencies for consumer and commercial debt are also rising.

The pandemic and online retail have caused changes in commercial real estate areas like malls, shopping plazas, and office spaces that have banks wondering if rental incomes justify refinancing. Both larger and community banks are affected by these changes, as real estate can be a significant portion of their loan portfolio.

Regulatory Risk

There are differences in opinions on how to evaluate the Fair Lending practices and the assessment of fees at financial institutions. Whether it be trade groups, Congress, or bankers, 2023 included many opinions on the following topics:

• Fair Lending Assessment: The Consumer Financial Protection Bureau (CFPB) issued a final rule in 2023 implementing Section 1071 of the Dodd-Frank Act, requiring financial institutions to collect and maintain certain data on applications for credit for women-owned, minority-owned, and small businesses. Additionally in 2023, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (FRB), and the Federal Deposit Insurance Corporation (FDIC), issued a final Community Reinvestment Act rule modernizing regulation in order to better evaluate financial institutions abilities to meet the credit needs of the communities they conduct business in.
• Junk Fees: The Consumer Financial Protection Bureau (CFPB) and White House Administration launched the junk fee initiative, which is scrutinizing the assessment of specific fees through enforcement actions, advisory opinions, circulars, and supervisory highlights.
• Bank Secrecy Act (BSA): The Financial Crimes Enforcement Network (FinCEN) has been active regarding issuing rules and interpretations. Areas of focus include application of Beneficial Ownership Interest rules and cryptocurrency transactions.
• Third-Party Risk Management: The various federal banking agencies have been focusing on financial institutions’ relationships with third parties to provide banking services. Examinations and guidance discuss third-party risk management program governance, oversight, and testing requirements.

Fintechs

From Trend to Cornerstone

There is no doubt we are experiencing another business cycle in which the acceleration of new technologies by fintech companies is having a profound impact on the financial services industry. Additionally, with the rise of AI, there are also new risks to be concerned about. Our understanding as to which shifts will be permanent is somewhat limited. The fintech market is growing rapidly, with an expected growth from approximately $200 billion in 2024 to $1.5 trillion in 2030.

Couple this with a rapidly globalizing marketplace and two burgeoning generations of digital natives, and see how fintech expands in terms of applications, payments, transactions, and overall presence. Consumer financial services have provided cell phone access to much of their data, from anywhere in the world at every time of day. The same speed, data integration, and accessibility models are being deployed to commercial banking, typically the most profitable segment of the industry. The current negative media attention to banking-as-a-service firms (BaaS) should be considered a bump in the road that we believe will be solved over time, and the approval of crypto ETFs (see more below) by the SEC may be another small step in the acceptance of a dual market for fintech and crypto currencies in the future.

If fintechs can solve one of their biggest challenges – getting financial organizations to complete their risk and compliance due diligence of the fintech – the fintech benefits by shortening the book-to-pay cycle. We believe they will, and Wolf will help them.

Manufacturing, Distribution & Retail

Cyberattacks

Ransomware, supply chain attacks, and phishing attacks had a major impact on organizations in manufacturing, distribution, and retail (MDR). During 2023, cyberattacks on organizations ballooned in number. Organizations that lacked the ability to respond lost days of work, and incurred costs of many thousands and even millions of dollars.

MDR organizations in 2024 are beginning to invest time and money in the right technology and security posture. Organizations in the MDR space are implementing security controls like multi-factor authentication, better logging and monitoring tools, and system and software update automation – but as cyberattacks increase in complexity and subtlety, MDR organizations must continue to stay up to date.

Organizations that fail to prepare for cyberattacks face the potential for business continuity issues, reputational damage, and the financial costs that come with a breach.

Asset Management

AI, Robo-Advisors & Tech

Artificial intelligence and robo-advisors continue to trend, especially with the incoming generation. As millennials become the main money makers and wealth generators, they’re beginning to show us that they’re more comfortable with these tools. This demographic also is comfortable with payment apps which do not have a lot of security monitoring. It’s up to wealth management firms and investment advisors to decide whether they’ll incorporate these tools into their algorithm – there is the risk of losing market cap if they do not adjust.

However, the biggest risks here center on data security – be sure that you’re not blindly relying on the security of your data or tools, and that you’re approaching them both with an analytical mindset. Whether you go all in on developing technologies or not, you need to understand the reliability of the tools you’re working with. What are the processes your organization has in place governing data security? Are they prepared for the task of integrating AI and similar tools? These questions must be answered in detail before utilizing new technology.

Regulatory Risks

When it comes to matters of private equity, mergers and acquisitions (M&A), and operational and back-office challenges, the SEC and regulators continue to cause some pain. With an increasing number of rules to follow, back office, operational, and support staff are feeling the stress. The amount and cost of the work required is regulating out some of the small players, resulting in some businesses engaging in M&As for the purpose of being able to meet the regulatory scrutiny cost on their back office.

These M&As come with risks of their own. Pre-M&A challenges revolve around getting your ducks in a row. Are your books prepared, audits complete, and anything that could be uncovered during due diligence already uncovered yourself? Post merger or acquisition, are your systems going to be the surviving systems, or are theirs? Is security fully integrated across platforms? From a data security and optimization point of view, the same questions of security apply to M&As as integrating new technology. You have new data, new clients, all of this information you want to be sure you can secure and transfer to your systems for integration.

Technology

Cryptocurrency

The SEC has accepted the spot Bitcoin ETF, which will have developing impacts on the crypto landscape moving through 2024. We expect to see crypto become a more mainstream investment vehicle. Financial institutions that aren’t prepared for this change face the risk of losing out on potential customers.

Additionally, the ongoing litigation between the SEC and Coinbase is worth keeping an eye on – if the SEC loses, this would be the second major loss for them after the spot Bitcoin ETF case. It would be a wound to the argument that the tokens in question are securities, leaving questions for the future of our regulatory perspective on cryptocurrency.

Artificial Intelligence

In 2024 we are seeing AI become integral to many organizations’ strategic plans. We are also beginning to see enhanced security controls focused on reducing AI’s risk to the company. Setting up the right governance, strong security controls, and diligent input and output monitoring are critical to successful AI implementation.

It is best to embrace a measured approach to AI – avoid getting caught up in any fear of missing the wave and entering the space carelessly, or utilizing tools without due diligence and preparation.

New tools and infrastructures are being adopted that also utilize artificial intelligence – social engineering and malwareless attacks remain on the top of the list. Ensure that your board understands the importance of a robust security posture.

Healthcare

Cybersecurity

2023 saw the healthcare industry swarmed by cyberattacks. Over 100 million people were impacted by security breaches at healthcare organizations. Attackers have been taking advantage of the post-pandemic disarray present in many hospitals – they’ve lost staff, projects have been put on hold to deal with sheer volume of patients, and security frameworks have fallen to the wayside, leaving hospitals vulnerable.

Healthcare organizations need to take cybersecurity threats very seriously though 2024. But what does this look like? Organizations must focus on shoring up their defenses and getting a handle on all of their vendors, especially those that have patient information – those are the ones most likely to face attacks. Patient safety is obviously the foremost priority for hospitals, but in many ways, information security feeds directly into that prerogative. When sensitive information is leaked or hospitals are brought to an operational standstill, patients are affected.

Conclusion

Risk landscapes can change suddenly, but that does not mean we can’t do our best to prepare. By ensuring you’re anticipating and planning for the potential risk factors playing into 2024 and preparing your risk management program with agility in mind, you can mitigate the impact of an evolving landscape. If your organization needs assistance building out its risk management program, reach out to Wolf & Company’s risk experts today.