Cyber, financial and climate risks

Brian O’Donnell, executive in residence at celebrated risk management institute, Toronto-based Global Risk Institute, argues that pension funds need to adopt clear risk strategies to deal with cyber security, climate change and escalating financial risk.

In a webinar hosted by the International Centre for Pension Management titled ‘Risk Governance: Developing an Enterprise Risk Management Framework and Managing Emerging Risks, ranging from Climate Change to Cyber Threats’, O’Donnell draws on his long career in Canada’s financial services sector to highlight today’s most important risks.

He illustrates the growing risk of cyber security with examples of recent breaches in financial services.

The 2015 cyber attack on Japan Pension Services, a government-run agency that manages the public pension system, revealed the personal details of 1.25 million beneficiaries; JP Morgan fell victim to the largest theft of customer data ever in 2014 when hackers revealed personal information of 70 million households and 7 million small businesses; in February this year a cyber attack that investigators have linked to hackers in North Korea drained $81 million from the Central Bank of Bangladesh.

Moreover, it is a risk that is set to escalate with the rise of quantum computing. As computing grows faster and stronger, he believes it will render today’s cyber security “obsolete”, requiring a “quantum defence” to meet the massive increase in computer capacity.

Canada’s pension funds perceive cyber security as a “key risk” to “manage and take seriously”, and he urges the global industry to work as a group and share information to combat cyber crime. There is no benefit in working alone because hackers look for the weakest link, he says. “In Canada, we are all in it together.”

Sponsored Content

He says that recent cyber attacks should “plant the seed” for pension funds to think about their critical infrastructure risk, and ensure they have a cyber security framework in place.

He highlights the questions executives should ask: “Do we have a formal cyber security framework? What are the top five cyber risks we face? How are employees made aware and trained for their role? Are roles and responsibilities clear? Do we have a response protocol in the event of an attack?”

Climate risks growing

O’Donnell calls climate change “a very serious and significant risk of our time” and urges executives to understand the portfolio risk it holds.

He divides these risks into physical (physical damage to pension fund assets), regulatory (stranding and devaluing of carbon assets), systemic (broader shifts in the market place), and liability (the fiduciary responsibility to manage these risk and to rebalance to manage risk.)

He also draws attention to lessons that the pension industry can learn from the insurance industry.

“There are significant statistics from the insurance industry on physical risk like weather-related damage to buildings,” he says. “If I was a pension fund, I would wonder what this means for the assets I own. Do I have sufficient insurance in place and are my counterparties strong enough? Should I hold assets less susceptible to risk?”

O’Donnell’s third emerging risk is financial, caused by the growing asset bubble and “debt in the system” that has grown since the financial crisis. He notes that “exploding” global debt levels have risen from $150 trillion in 2007 to more than $200 trillion in 2015, and estimates that China’s debt has quadrupled since 2007 to $28 trillion.

It’s a problem that has been fuelled by low interest rates and quantitative easing, and now depends on policy from the US Federal Reserve to solve. “The real question is what will this mean when the next recession hits? If the next recession is steep and violent, how do firms start preparing for this today?” he asks.

In among today’s risk he also notes opportunity for investors in big data. The volume and variety of data coming out of financial firms and stored for analysis will increasingly inform strategy. Data scientists can analyse data to “look at what is happening in the economy”, understand cash flows and “do a better job” of credit analysis, he says.

Central risk culture

O’Donnell believes pension funds can manage risk if they build a strong link between their investment strategy and risk appetite.

A “central risk culture” should lie at the heart of an organisation, something he identifies as behaviour, values and systems: behaviour is characterised by actions of the CEO and values by how an organisation deals with challenges. Systems include a clear accountability of risk.

“Who owns the risk? Everyone should understand their roles and responsibilities. Risk appetite should be fully imbedded; it’s not just a glossy piece of paper but needs to permeate through organisation.”

He characterises risk appetite as the maximum risk an organisation is comfortable taking and risk capacity as the total amount of risk an organisation can take in light of its balance sheet.

“The weakness of risk culture caused the Great Financial Crisis,” he says, and adds that a “broken risk culture” is one that spirals into a blame culture, where difficulties and challenges are met with “pointing the finger.”

 

 

2 responses to “Cyber, financial and climate risks”

  1. Thanks for publishing this awesome article. I search since a long time an answer to this subject and I have finally found it
    on your site. I registered your blog in my rss feed and shared it on my
    Twitter. Thanks again for this great article!

  2. Denis Carroll

    Congratulations on publishing Brian O’Donnell’s thoughts. I’m sure many people are well aware of the issues around climate and financial risks but here in Australia we are sadly mostly unaware of the real impact of cyber risk.
    For example, cybercrime is the No.1 economic crime in Australia and PWC found that 65% of Australian organisations experienced cybercrime in the past 24 months which is twice the global average. Clearly this is a serious risk for super funds and their members who should be asking what is being done about it.
    Trustee boards should be asking those responsible what is or isn’t being done to address this very potentially damaging issue.

Leave a Comment

Sort content by

SWFs eye offshore deals after quiet Q1

Hurt by mark-to-market losses and exercising caution in the face of an unforgiving investment environment, sovereign wealth funds (SWFs) made only 26 investments, worth $6.8 billion, in the first quarter of 2009 – their lowest deployment of capital since the fourth quarter of 2005. mrec4inarticleinline Sponsored Content scnative1 scnative2 scnative3

Caisse pulls out of risky real estate after $5 billion write-down

Canada’s largest pension fund manager, the C$120 billion ($108 billion) Caisse de depot et placement du Quebec, has restructured its real estate group and ceased investing in the mezzanine and subordinated loans sector after suffering more than $4.5 billion in losses on its real estate and private equity portfolio in the first half of the

….. as 14-member international advisory board named

The CIC has named a 14-member International Advisory Council, which will advise the board and senior management on issues including portfolio development, strategy, and overseas investments. mrec4inarticleinline Sponsored Content scnative1 scnative2 scnative3

CIC to invest cash, as global portfolio returns – 2.1 % for the year…

CIC is poised to invest more than 80 per cent of the assets still allocated to cash in its $100 billion global portfolio, as it outlined in its first annual report to stakeholders it”cannot achieve its goals without productively deploying its capital”. mrec4inarticleinline Sponsored Content scnative1 scnative2 scnative3

UK funds lead charge on ESG

The £3.6 billion ($5.9 billion) London Pensions Fund Authority has recently beefed up its internal environmental, social and governance capabilities, resulting in more effective engagement, including with the Mayor of London. Kristen Paech talks to chief executive Mike Taylor about LPFA’s short, medium and long-term objectives for ESG and why the fund has taken matters

Reorienting retirement risk management

The Pension Research Council, part of the Wharton School at the University of Pennsylvania, recently hosted the 2009 Wharton Impact Conference, where leading academics, public pension sponsors and their advisors met to examine ways to reformulate and restructure retirement risk management. This is a summary of the proceedings, organised by Olivia Mitchell and Robert Clark.

Previous