It's a good time to be in compliance. As the financial services industry navigates complex regulations, strict enforcement actions and new risks arising from volatile financial markets and cyber threats, firms are staffing up on risk managers. But while qualified compliance professionals have plenty of suitors, many banks and other financial services organizations are having trouble filling their job openings.
As a former head of audit, compliance and operational risk at both global and regional community banks, I've witnessed the talent shortage first-hand. Executives say that their risk management job postings receive few, if any, responses. The candidates who do apply often lack the required skills or qualifications.
This anecdotal evidence is supported by Accenture's 2013 "Global Risk Management Study," which surveyed 446 risk executives from organizations across seven industries, including banking and insurance. The vast majority of all respondents (98%) reported an increase in the perceived importance of risk management at their organizations compared to two years before. Yet there simply isn't enough talent to go around: 54% of executives said they face a shortage of candidates with the right skills for risk management. The biggest talent shortages are for risk business and data analysts (61%), risk technologists (60%) and regulatory change program managers (58%).
One big reason for the talent shortage is that higher education has not yet caught up to the new demand for risk management professionals. Right now, very few universities have graduate programs that emphasize risk management. There is also a dearth of formal programs that certify risk professionals the way that Chartered Financial Analyst, Certified IRA Services Professional and Chief Information Security Officer exams do for financial professionals and information security experts.
To encourage more people to acquire the necessary skills and expertise in risk management, we need more comprehensive certification and training programs. In the meantime, financial services firms can supplement these programs with internal talent development courses for risk professionals. Many lenders invest time and effort in developing the skills of budding commercial bankers straight out of college. But very few do the same for risk managers much to their own detriment.
Salaries for compliance professionals are also lagging behind demand. Even if risk managers have the required skills, firms may have trouble hiring them because the compensation they offer is inadequate.
Part of the issue is that banks are unaccustomed to creating compensation packages that incentivize good risk management. Traditional salaries and bonuses are targeted at rewarding employees that engage in revenue-generating activities that involve a certain amount of risk-taking. When it comes to risk managers, whose job is to limit or manage risk-taking, it can be difficult to quantify rewards. Yet it can be done. Vanguard, a leading investment management company, provides bonuses and incentives to employees who are effective at preventing losses. The company does this by tracking both actual losses and near-misses referred to as "saves" for example, an errant wire transfer that is recalled and corrected.
Banks have also been slow to update their compensation models because of entrenched attitudes that regard risk managers as killjoys whose job is to say "no." The traditional view is that while risk managers are necessary, they tend to get in the way of running a successful business. Fortunately, this perception is changing. Risk managers are slowly getting the recognition and respect they deserve as the defenders and protectors of business.
But organizations still have more work to do in shifting their attitudes toward risk management. The tone is set at the top. When board members and C-suite executives embrace risk management and demonstrate that they are committed to empowering and rewarding their compliance employees, they will be able to attract top talent.
This talent shortage has proven to be a significant challenge for many financial institutions. After all, risk management is not simply about having the right processes or technology. It's also about having a strong team in place that can anticipate risk across the business and ensure that the right mitigating controls are in place. The more organizations shift away from outdated ideas about the value of risk managers, the more they will be able to confidently execute their business plans and priorities.
Susan Palm is vice president of industry solutions at risk management and compliance software company MetricStream. She previously served as senior vice president of audit and risk at Sterling Savings Bank and as senior vice president of enterprise governance and risk management at Norwest and Wells Fargo.