Boards are likely to become more engaged in risk governance in order to reshape bank risk culture and to review business strategies with a sharper focus on risk controls. Boards could be more emboldened to challenge management, particularly regarding risk appetites, and document their recommendations for regulators. It is also expected that they will interact more with staff below the executive level, to ensure the tone at the top is well reflected in the firm’s culture.
As cyberattacks increase in numbers and sophistication in 2014, the industry should continue its efforts to secure its systems, and increase the focus on issue escalation and governance. Developing mature cybersecurity management will likely be a primary goal for large and small banks alike. To achieve this goal, boards and senior management should be better informed and
more actively engaged in strengthening the bank’s cybersecurity infrastructure and processes.