Skip to content
Compliance & Risk

5 key risks for financial service firms in 2022

Susannah Hammond  Senior Regulatory Intelligence Expert / Theta Lake

· 5 minute read

Susannah Hammond  Senior Regulatory Intelligence Expert / Theta Lake

· 5 minute read

A new report shines a light on five key risks that financial services firms should be concerned about in 2022

By and large financial services firms weathered the initial chaos of the pandemic reasonably well with a combination of flexibility, deployment of technology, and, in the case of banks, balance sheets which had been substantially bolstered in the wake of the financial crisis. The challenge for financial services firms now is the consideration of what they wish to keep from the changes they made due to the pandemic.

The pandemic is not the only driver of change and challenges, of course. Shifting geopolitics, the emergence of climate risk as a key issue for financial services firms, the speed of innovation in cryptos, and the need to deliver consistently good customer outcomes are all key board room considerations.

The risks that financial services firms run are institution-specific, but there are some high-level risks applicable to all firms, irrespective of geography or sector. Here are five key risks for firms in 2022:

1. Data governance

The need for a robust approach to data governance is increasingly critical.

As a first step, firms need to embrace the fact that data is a key strategic asset and from there, build a business-wide approach to data aggregation, management, storage, security, retrieval, and destruction. In other words, build a business-specific approach to data governance. Successful data governance will have multiple benefits, including increased line of sight to risks being run in a hybrid working environment, the ability to comply with the recently agreed-upon climate risk reporting requirements, and enhanced record-keeping.

2. Operational resilience

The pandemic is nothing if not a test of the operational resilience of financial services firms.

At a minimum, firms need to consider operational risk management — such that the management of operational risk should identify external and internal threats and potential failures in people, processes, and systems on a continuing basis. Firms also need to promptly assess the vulnerabilities of critical operations and manage the resulting risks in accordance with the operational resilience approach.


A full version of the 5 Key Risks for Firms in 2022 report can be found here.


In addition, they need to consider as well governance, mapping interconnections and interdependencies, third-party dependencies, incident management, and IT (including cyber-issues).

3. The ‘G’ in ESG

ESG stands for environmental, social and corporate governance and covers a wide sweep of evolving risks and required actions for firms going forward as part of the global approach to climate risk mitigation. The environmental and social elements of ESG are important, but without robust corporate governance, financial service firms (among others) will simply not be able to deliver on the challenges. A key deliverable is the sustainability-related disclosure standards which were agreed upon, at least in draft, at COP26. For firms meeting the proposed reporting requirements, the process will involve the collection, collation, and reproducible reporting of millions of data points. And that is before jurisdictions overlay their own specific requirements.

There is a global shortage of ESG skills and experience, and firms should not underestimate the complexity of the governance aspect of this challenge, which they will needed to meet in order to develop criteria and expectations.

4. Remuneration

In a measure of how crucial compensation, remuneration, and good bonus design is perceived, these issues were the very first thing the Financial Stability Board (FSB) addressed in the wake of the financial crisis, implementing supranational compensation standards that sought to drive better risk-aware behaviors. That was September 2009, of course, and now, the FSB is continuing to review the global implementation and practical impact. The FSB’s seventh progress report covers the practices of the largest financial institutions in the banking, insurance, and asset management sectors and highlights uneven progress towards implementing the principles and standards, with banks seen to be relatively more advanced than insurance and asset management firms.


For more on this subject, you can see author Susannah Hammond’s interview here.


Firms would be well advised to benchmark their approach to compensation with the latest FSB progress report. There is much granular detail on emerging good and better practices, together with an insight into how firms are navigating certain legal challenges, and the use of compensation to promote a sound culture and positive behaviors.

5. Enabling technologies

It is estimated that the pandemic accelerated digital transformation by as much as three years. Digital transformation is made possible by enabling technologies which include application programming interfaces, big data analytics and artificial intelligence, biometrics, cloud computing (specifically outsourcing to the cloud), and distributed ledger (blockchain) technology. Firms and their boards need to be able to ensure the safe and sound adoption of any new technologies so that the benefits can be reaped and the risks arising from the adoption of innovative activities are proactively and appropriately managed.

The critical element is again governance. Without appropriately robust corporate governance, financial services firms could find that not only do they fail to reap the potential benefits but that regulatory issues are created that impact both the firm and senior individuals.

Gone are the days when the IT function, capable or not, was trusted with driving technological change. It is now a pre-requisite for board members and senior managers to have sufficient technological knowledge (or ready access to that knowledge) to be able to challenge and oversee a firm’s technological strategic direction and the associated change management.


You can listen to the Compliance Clarified podcast series here. (Episode 2 of series 4 features a discussion with author Susannah Hammond about this report.)

More insights