The risk and compliance operating models of many of the world's largest banks are fragmented, inefficient and lack the flexibility to effectively support the pace and complexity of new regulatory and compliance requirements, according to Ernst & Young's survey, The Future State of Governance, Risk, and Control: Findings from a Survey of the World's Largest Banks. As a result, 54 percent of the survey respondents can't estimate the annual enterprise-wide cost of risk and control management.

The survey - which questioned senior executives at 28 global commercial and investment banks representing US$22 trillion in collective assets - found that in response to the growing fatigue associated with regulatory compliance, organizations are beginning to explore some form of what Ernst & Young has termed "risk convergence" to strategically align the risk control framework and enhance business performance.

According to Dan McKinney of Ernst & Young Risk Advisory Services, the massive build-out of new processes and reporting mechanisms spawned by regulatory requirements such as Sarbanes-Oxley, Basel I, and Basel II has resulted in a labyrinth of systems and silo-based infrastructures that are unwieldy. "It's an industry-wide problem because no bank had the luxury of designing the ideal control framework from scratch," he says.

This silo-based infrastructure was a primary reason more than half the respondents said they were unable to accurately estimate the total annual expenditure for their organizations' risk and control activities.

"The head of operational risk for a major commercial bank said it best when he told us the institution couldn't even begin to guess at the cost of its risk and control management," says McKinney. "When organizations can't answer that question, even with general estimates, it speaks volumes about the state of the risk discipline."

While respondents agreed they find it difficult to capture the total annual cost, all of them cite reducing these expenses as a goal. Nearly half (48 percent) of respondents expect such costs to increase over the course of the next two years due to ongoing business growth and global expansion, a rigorous regulatory environment, and the need for more talent.

The findings of Ernst & Young's global survey also indicate that while the need to control costs and improve efficiency are fueling the drive to better harmonize risk and control activities, risk convergence also creates other tangible benefits that are critical to chief executive officers and boards of directors including:

- Risk mitigation: despite significant investments, compliance failures continue to represent a major threat - both monetary and reputational -to banks and capital markets. Streamlining risk and control operations reduces compliance gaps and enables more effective, ongoing risk management.

- Strategic decision-making: greater coordination and information-sharing among corporate control units and business units provides senior management and board committees with multi-dimensional risk information that more effectively supports decision-making.

"Risk convergence presents the financial services industry with a major challenge, one that our survey clearly indicates is inevitable. But it also represents a tremendous opportunity," says McKinney. "Those that embark on this journey will be rewarded with a flexible, efficient, and sustainable risk management framework that effectively meets not only today's requirements, but those of the future."