Keywords

Introduction

Moloi (2018) argued that in the context of the public sector, more emphasis tends to be biased to processes and systems, discounting the role of people, which renders the enterprise risk management program unsuccessful. Patterson (2015) concurs with this point as he points out that the enterprise risk management program would only be effective if it is supported by people, processes and technologies. People, processes and systems are all recipes for a successful risk management program. This however requires that the organization has reliable data to base their analysis and decision on.

One of the main pitfalls of the risk management programs in organizations has been a lack of reliable information and data to base decisions on. Patterson (2015) points to two factors that result in unreliable data from the risk management perspective and that is risk data is often scattered across the organization and not shared across business unit, in essence, the culture of silos is an impediment. Further, Patterson points to the fact that many risk management functions lack the tools they need to capture and use risk information more effectively. What this effectively means is that it could be expected that there could be opportunities that the organization fails to capture.

By utilizing technology, Ernst and Young (2014) assert that we could begin to see the reduction in missed opportunities and realized risks. This is due to the fact that technology facilitates “improved insight, efficiency and effectiveness in risk management activities, thus freeing up time for risk management resources to spend on risk identification, assessment and control of future risks”. Knopjes (2017) supports this view by stating that organizations could take advantage of emerging technologies to integrate different systems, collect and analyze massive volumes of data from an unlimited number of sources across multiple locations. Through this process, organizations will achieve enhanced operational processes, improve timeliness of reporting and utilize data to drive preventative actions resulting in them being miles head of potential risks (Knopjes, 2017).

Due to the nature of their business, which includes being the repository of liquidity, the core payment mechanism and the principal source of finance to at least a large part of the economy, banks assume a variety of risks (Moloi, 2014; Liu, 2004). The traditional finance theory has limited these risks into major balance sheet risks, namely, liquidity risk, interest rate risk, capital risk and credit risk (Hempel, Coleman, & Simonson, 1990). Traditional finance theory had not extended itself to think about the manner in which these risks and many other facing banks should be governed. As can be noted, there had not been a realization that technology would rise and lead to the circumstance where banks are dominantly relying on it for almost all their activities.

Moloi (2014) argues that banks are important to the economy as they lubricate the financial system, serve as the point of connection between various sectors of the economy and reassure a significant level of specialization, competence, economies of scale, and settings conducive to execution of different economic policies of the government (Sanusi, 2011) and as such, there is a need to identify, understand and monitor the circumstances, which could result in the banking systems’ vulnerability (Moloi, 2014). Akande (2016) and Tennant and Tracey (2014) concur with this and they point out that banks are involved in financial intermediation by sourcing for savings at a rate that will entice depositors and lend funds to creditors at an affordable rate to maximize profits in a competitive environment.

The manner in which these institutions function is even more critical in developing nations such as Nigeria as the country battles to attract foreign direct investments for infrastructure and other needs. The Nigerian banking sector has faced a tumultuous period in recent times which has led to the restructuring and consolidation exercise (Aransiola, 2013). The reform led to the reduction in the number of banks from 89 to 25.

It had been thought that the restructuring and consolidation exercise would lead to stability, however; this situation was short lived as the banks got affected by another financial crisis that resulted in the survival of only 24 banks (Akande, 2016). The challenges that lead to the collapse of these institutions were attributable to risk management. As of 2018, the Central Bank of Nigeria has indicated that there are only 22 commercial banks that are healthy and are standing in Nigeria (CBN, 2019).

As the institution battled the credibility question and lack of confidence, the CBN responded by instituting the CBN code of good governance in order to give guidance to the Nigerian banks on the minimum corporate governance requirements. The central bank indicated that this was developed with the primary purpose of promoting a transparent and efficient banking system that will engender the rule of law and encourage division of responsibilities in a professional and objective manner (CBN, 2014). Adeoye and Amupitan (2014) advise that the concept of good governance in banking industry would need to be stretched in order to empirically include total quality management, which has six performance areas, namely, capital adequacy, assets quality, management, earnings, liquidity and sensitivity risk. The degree of adherence to these parameters determines the quality rating of the banks.

Given the importance of banks in the economy, the recent challenges faced by the banking sector in Nigeria, we are of the view that the evolutions in computing and risk technology which has led to the developments in technologies that could be used to exploit big data, conduct complex analytics, these technical advancements offer the Nigerian banks and authorities such as the CBN with better abilities for enhancing risk management effectiveness, thereby reducing vulnerabilities and exploiting opportunities that could arise.

This study therefore investigated whether or not the Nigerian banking sector was exploiting technology in order to reduce missed opportunities and realized risks, whether technology has been exploited in order to integrate different systems, collect and analyze massive volumes of data from an unlimited number of sources across multiple locations. Essentially, our research question was answered through the use of content analysis of integrated reports of selected Nigerian banks where the focus is on the manner and the way in which risks have been captured. We content-analyzed this section of the integrated report in order to determine whether Nigerian banks indicated in these reports have deployed technology or not and whether or not advanced technology would have been deployed in order to reduce missed opportunities and realized risks.

The remainder of the chapter is organized as follows: Section “A Brief Overview on Corporate Governance” provides a brief overview on corporate governance, Section “A Brief Overview on Recent Corporate Governance Challenges in Nigerian Banks” briefly provides an overview on recent corporate governance challenges in the Nigerian banking sector, Section “Code of Corporate Governance for Banks in Nigeria” discusses the manner in which the codes of good practices including the CBN code are guiding banking firms on the governance of risk and whether or not they do highlight the role of technology, Section “Risk Management in the Digital Age” discusses risk management in the era of digital infrastructure and Section “Empirical Analysis of the Current State of Risk Management of Banks in Nigeria” presents the findings relating to the use of technology and technological infrastructure in risk management.

A Brief Overview on Corporate Governance

The financial crisis around the world and the consequent collapse of major corporate institutions in both developed and developing economies has brought to the fore the issue of corporate governance. Today, corporate governance has attracted considerable attention of policy makers and academic researchers across the globe. The emphasis is on the need for the practice of good governance both at the public and private enterprises and this is due to the economic primacy of publicly quoted firms in most national economies. Corporate governance is increasingly understood among policy makers as a value enhancing strategy in a competitive environment and there is a growing consensus globally that corporate governance has a positive link to national growth and development (Akinkoye & Olasanmi, 2014).

According to Alushna (2017), codes of best practice represent the self-regulation of listed companies and provide a range of recommendations (Larcker & Tayan, 2011; Mallin, 2004; OECD, 2004, 2015; Tricker, 2012) addressing:

  • Rights of shareholders, stressing the equal treatment of shareholders holding shares of the same class

  • The procedures and rules shaping the functioning of the annual shareholder meeting (ASM) and measures empowering shareholders motivating them to active participation in ASM

  • Responsibilities of executives who are accountable to shareholders and stakeholders

  • The procedures and rules shaping the functioning of the board

  • Transparency standards which describe the scope and content of information policy (company operation and strategy, financial situation, ownership structure, composition, structure and procedures of the board, company by-laws and regulations, executive compensation)

The Cadbury report was the first step where corporate governance code had required that companies follow the “comply or explain” principles, which means that listed firms had to comply with the code guidelines. Those companies that could not comply were expected to report the non-compliance and provide explanation for the non-compliance with the possible measures to be taken for improvement (Cadbury Report, 1992).

Today, pushing for higher governance standards has become a regular campaign with the participation of an increasing number of parties such as academics, media, regulatory authorities, corporations, institutional investors and international organizations shareholders right watchdog amongst others. Corporate failures have necessitated considerable interests on empirical research on the effectiveness of various corporate governance institutions and mechanisms. We note that particular attention has understandably been drawn to addressing and researching the underlying issues and factors that led to the financial and corporate crisis that characterized both the developed and developing economies. Many nations today have taken numerous initiatives such as the introduction of code of best practice, new listing/disclosure rule, mandatory training for board directors and enforcement of code of governance amongst other things; as measures to address and enhance the issue of corporate governance practice. International organizations such as the Basel Committee on Banking Supervision, International Monetary Fund (IMF) and Organisation of Economic Co-operation and Development (OECD) have become major proponents of governance (Moloi, 2009, 2014). In this regard, Akinkoye and Olasanmi (2014) point out that IMF, for instance, demands that governance improvement should be included in its debt relief program. These efforts to ensure good corporate governance practice had also been extended to the banking industry (Moloi, 2016a, b).

A Brief Overview on Recent Corporate Governance Challenges in Nigerian Banks

In the Nigerian banking context, corporate governance has recently received increased attention because of high-profile scandals involving abuse of corporate power, and in some cases, alleged criminal activities by those entrusted with governance. The abuse of corporate power and criminal activities has directly been attributable to weak corporate governance in banks. Recently, the Governor of the Central Bank of Nigeria, Godwin Emefiele went as far as indicating that that corporate governance practices in the Nigerian banking sector leaves much to be desired. His main concern in this regard appears to be the fact that these fraudulent incidents were capable of undermining financial stability by heightening vulnerability of financial institutions to external shocks (The Punch, 2017).

In the banking sector good corporate governance practices are regarded as important in reducing risk for investors, attracting investment capital and improving the performance of companies. The series of widely publicized cases of accounting improprieties recorded in the Nigerian banking industry in 2009, for instance cases involving Oceanic Bank, Intercontinental Bank, Union Bank, Afri Bank, Fin Bank and Spring Bank were related to the lack of vigilant oversight functions by the boards of directors. Accordingly, boards in these banks appear to relinquish governance to corporate managers who then pursued their own self-interests leading to the reported improprieties (Uwuigbe, 2011).

Due to the fact that banks have an important role in the intermediation process, any disturbance in this sector will likely affect the economy. Monnin and Jokipii (2010) posit that modern financial system contributes to economic development and the improvement in living standards by providing various services to the rest of the economy. These include clearing and settlement systems to facilitate trade, channeling financial resources between savers and borrowers and various products to deal with risk and uncertainty. The ability of the bank therefore to manage risk being a major threat to its going concern is crucial, not only for itself but for various stakeholders associated with its business.

Code of Corporate Governance for Banks in Nigeria

Following the conclusion of the consolidation program in 2005, a Code of Corporate Governance for Banks in Nigeria was issued to the banking industry. The code which became effective in April 2006 was designed to enhance corporate governance practices within the banking industry in view of the fact that governance mechanisms in banks was notably weak and board members of financial institutions were unaware of their statutory and fiduciary responsibilities.

The update on the code of governance became necessary in view of the ambiguity in the code and its conflict with the provisions of Companies and Allied Matters Act (CAMA) 1990 as well as the need to align the 2005 code with contemporary developments and international best practices, hence the updated 2014 edition. With its promulgation, there was an expectation that the revised code would provide clear guidelines on all aspects of governance and that it would enhance Corporate Governance practices for banks in Nigeria.

The 2014 code covers seven key aspects of corporate governance as it affects the banking sector in Nigeria, namely, board and management, shareholders, right of other stakeholders, Disclosure in annual reports, risk management, ethics and professionalism and conflict of interest and finally, sanctions. The board has a special role in carrying out an oversight of functions and the effectiveness with which the boards of financial institutions discharge this responsibility is critical to the bank survival. The code requires that boards be free to drive their institutions forward, but exercise that freedom within a framework of transparency and effective accountability.

For the purpose of this study, we indicate that while other aspects of the code are relevant to the going concern of banks, risk management is central in view of the nature of the risks that banks face and the fact that they are in custody of other people’s money (Moloi, 2014, 2016a). The CBN code makes it the responsibility of the board of a bank to ensure that policies, procedures and controls are put in place to manage the various types of risks with which it is faced. Given the multifaceted nature of risk, the complexities surrounding today’s organizations, particularly banks, governing risks in an institution like a bank would be complex. The speed in which technology is emerging provides an opportunity to the boards to insist to managements of these complex organizations that technology that integrates different systems and collects and analyzes massive volumes of data from an unlimited number of sources across multiple locations is a step forward toward the enhanced operational processes, an improvement in timeliness of reporting and utilization of data for the purpose of driving preventative actions which would result in organizations being miles ahead of potential risks (Knopjes, 2017).

It is the purpose of this study to investigate whether or not the Nigerian banking sector is exploiting technology in order to reduce missed opportunities and realized risks, and further, how technology has been exploited in order to integrate different systems and collect and analyze massive volumes of data from an unlimited number of sources across multiple locations. The objectives of this study are achieved through content-analyzing integrated reports of selected Nigerian banks where the focus is on the manner and the way in which risks have been captured. We have content-analyzed this section of the integrated report in order to determine whether or not Nigerian banks indicate that they utilize technology in risk management and whether these reports mention advance risk management technology and have deployed the same in order to reduce missed opportunities and realized risks.

Risk Management in the Digital Age

The CBN Code of Corporate Governance for Banks and Discount houses provides that

[e]very bank shall have a risk management framework specifying the governance architecture, policies, procedures and processes for the identification, measurement, monitoring and control of the risks inherent in its operations. The Board is responsible for the bank’s policies on risk oversight and management and shall satisfy itself that management has developed and implemented a sound system of risk management and internal control.

We live in a rapidly changing world. There is no time in history when virtually every aspect of human life has been affected by the rapid change brought about through information technology (Harari, 2018). According to Marwala and Hurwitz (2017), the world has witnessed four phases of revolution in human history. These revolutions are described below:

  • The first industrial revolution brought mechanical innovations with the development of steam engine which was key to the then industrial revolution;

  • The second industrial revolution which started in the second half of the nineteenth century brought the oil-powered internal combustion engine and electrical communication. Major technological advances during this period included the telephone, light bulbs and phonograph (Marwala & Hurwitz, 2017);

  • The third industrial revolution or digital revolution which came in the 1980s brought computerization, that is, mainframe computers, personal computers and the internet, and the information and communication technology (ICT) available today. This has been a period of advancement of technology from analog electronic and mechanical devices to the digital technology (Agrawal, Gans, & Goldfarb, 2018; Marwala & Hurwitz, 2017); and

  • The fourth industrial revolution which has arrived at the beginning of the twenty-first century is the advent of cyber-physical systems representing new ways in which technology becomes embedded within societies, that is, business, government, civil society, and so on, and the human body; it is driven by the rapid convergence of advanced technologies across the biological, physical and digital worlds. It is marked by emerging technology breakthroughs in a number of fields, including robotics, artificial intelligence, biotechnology, and so on. All of these revolutions came with unique impacts on every aspect of human lives including business (Harari, 2018; Agrawal et al., 2018; Marwala & Hurwitz, 2017).

The banking sector is undergoing its own revolution as well with significant implications for risk management (Moloi, 2014; Moloi, 2016a). Risk management is very significant to the operations of any business entity due to serious consequences that the occurrence of risk portends (Moloi, 2016b). It implies that for a business organization to be rest assured of the achievement of its objectives besides survival and growth, risk management becomes imperative (Ayodele & Alabi, 2014). Risk is the exposure to loss arising from the variation between the expected and actual outcomes of investment activities (Nzotta, 2002; Owualla, 2000). Therefore, in a broad term, risk management can be related to a mechanism which embraces planning, organizing and controlling resources and operational activities of business for effective reduction or elimination of risk or the adverse effects of risks (Ayodele & Alabi, 2014). Management of risks is thus imperative for banks given the nature of their business.

According to Ayodele and Alabi (2014), Onyekwelu and Onyeka (2014) as well as Moloi (2014), some of the common risks that are managed by banks include:

  • Credit (default) risk which is also known as default risk. It is related to a loss that may occur from the failure of repayment of a credit advance made by a bank to its customers. Credit risk is inherent to the business of lending funds. It may lead to losses when banks’ customers experience deterioration in financial condition, making it impossible to recover principal and interest on loans, securities and other monetary claims outstanding. Management of this type of risk is the most fundamental task in banking operations. The objective of credit risk management therefore is to minimize the risk and maximize bank’s risk adjusted rates of return by assuming and maintaining credit exposure within the acceptable parameters.

  • Liquidity risk which refers to the ability of a bank to fund increases in assets and meet obligations as they come due, without incurring unacceptable losses. Liquidity risk therefore occurs when a bank is not able to meet the payment of commitment it has made. To manage liquidity risk, the banks must periodically examine the structure of fund sources and uses and implement measures needed to improve this structure.

  • Market risk arises when financial institutions actively trade assets and liabilities (and derivatives) rather than holding them for longer-term investment, funding or hedging purposes. Market risk implies not merely the risk of loss but also the potential for gain from interest rate, equity return and foreign exchange risk in that as these risks increase or decrease, the overall risk of the financial institution is affected. Market risk could therefore be defined as the incremental risk incurred by a financial institution when interest rate, foreign exchange and equity return risks are combined with an active trading strategy, especially one that involves short trading horizons such as a day. Market risk can be in the form of interest rate risk, refinancing risk and reinvestment risk. It is therefore required that bank should conduct strict management and control of market risk based on the awareness that the possibility of substantial losses is inherent in the nature of market transactions.

  • The Bank of International Settlement (BIS) (1997), views operational risk (inclusive of technology risk) as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The breakdown of internal controls and corporate governance leading to “error, fraud, performance failure, compromise on the interest of the bank resulting in financial loss”. The objective of operational risk management is to find out the extent of financial institutions operational risk exposure; understand what drives it; to allocate capital against it; and identify trends internally and externally that would help in predicting it.

  • Strategic risk is viewed by Onyekwelu and Onyeka (2014) as the risk arising from the overall strategy of the bank that includes the quality of the strategic planning process and the implications of such strategy especially for risk appetite and track record of implementation. It explains risk associated with business targets as risk from bank’s product, services and customers.

It is clear from the risks that are said to be managed by banks above that technology related risks have not received prominence. This is probably because of the manner in which we have traditionally viewed banks. Of importance here is that whatever package or transaction that banks offer today, technology has an important role. In developing countries such as Nigeria where risks have materialized and caused vulnerabilities in the banking system, we are of the view that exploiting technology in order to reduce missed opportunities and realized risks, and using this technology in order to integrate different systems and collect and analyze massive volumes of data from an unlimited number of sources across multiple locations for the benefit of stakeholders is important.

In highlighting the importance of adequate management of technological risk, the Centre of Excellence in Financial Services (COEFS, 2018) stated how in this era of the fourth industrial revolution, technological advancements like artificial intelligence means that human and digital systems can interact more profoundly than ever before. Applying this technology in financial services has the potential to reduce costs and improve efficiency, allow customers to transact seamlessly and in real time, and improve providers’ understanding of customer behavior and needs, allowing for the personalization of financial services. On the other hand, the fast pace of technological innovation and adoption within financial services means that banks will increasingly face a common set of operational risks around new technology. If these risks are not properly managed by banks, they have the potential to create instability and undermine consumer trust in the banking system as instances of cybercrime, systems failure and compromised data increase in frequency.

Particularly, as the guardians of sensitive private and financial data, fraud and cybercrime is the greatest reputational risk facing banks in the digital age. One obvious reason contributing to the intensity of this risk is that banks have a number of fronts they need to protect. The digitization of bank channels and underlying processes create multiple avenues through which virtual attacks can take place, notwithstanding the need to protect banks’ physical premises and systems from intrusion. In addition to banks’ internal systems and processes, the increasing use of outsourced service providers and the integration of banks’ systems with external vendors adds another layer of vulnerability. It is difficult for banks to cover all of these fronts comprehensively (COEFS, 2018). All of these require banks to develop comprehensive cyber and data resilience strategies. Failure in this regards in the information revolution era could launch the banking sector into another round of crisis that may be difficult to recover from.

Previously, the digitization efforts of banks have been customer-centered (such as online marketing) and the operations that support those efforts (customer onboarding, customer servicing). Only recently have banks expanded their transformations into other parts of the organization, including the risk function. In this regard, it is clear that banks concede that there is value in deploying technology as part of managing risks.

A survey conducted by the Institute of International Finance/McKinsey shows that 70 percent of respondents reported that senior managers are paying moderate attention to risk-digitization efforts; 10 percent say that senior managers have made these efforts a top priority. Risk digitization is clearly an established topic in the executive suite (Institute of International Finance/McKinsey, 2018). The survey lays out seven key elements a bank must develop for a digital risk transformation, namely:

  • Accordingly, enhanced data governance and operating models are likely to improve the quality of the data, make risk and business decisions more consistent, and ensure responsiveness to risk’s data needs. The report is of the view that one important enhancement is the need to consider data risk as a key element of the risk taxonomy, linked to a specific risk-appetite statement and data-control framework and to accommodate far more varieties of data. The survey found that approximately 30 percent of the respondents say that new data sources will probably have a high impact on their work. This is in line with Agrawal et al.’s (2018) assertion that the power of artificial intelligence will allow resources to be focused somewhere else whereas technology will focus on predictions.

  • On process and workflow automation, it is expected that as risk automates tasks such as collateral data entry, often through robotic process automation (RPA), it can combine several of them into smart workflows: an integrated sequence performed by groups of humans and machines across an entire journey (e.g., credit extension fulfillment). In addition to greater efficiency, smart workflows create a more seamless and timely experience for customers. The survey found that about a quarter of respondents believe that more than 15 percent of costs can be cut across different risk disciplines, except in credit, where the number is a bit above 60 percent. Around 30–45 percent of respondents see 5–15 percent cost-reduction potential from automation, depending on risk type. Ninety percent see benefits from increased precision and 55 percent believe automation will improve compliance with regulation. As a knock-on effect, risk resources will focus more on the value-adding activities they have been trained for. And 84 percent of respondents expect an increase in customer and employee satisfaction.

  • On advanced analytics and decision automation, the survey is of the view that sophisticated risk models (e.g., those built on machine-learning algorithms) can find complex patterns (such as sets of transactions indicative of invoice fraud) and make more accurate predictions of default and other risk events. The survey found that nearly three-quarters of risk managers surveyed expect advanced analytics to have a significant impact on their work, while 50 percent say credit decision times will fall by 25–50 percent and a few respondents even believe that times could fall by 75–100 percent. This is in line with Agrawal et al.’s (2018) assertion that the power of artificial intelligence is on prediction, that is, it will make prediction accessible and faster.

  • With regard to a cohesive, timely and flexible infrastructure, if risk infrastructure is digitized, it will evolve to support several other building blocks: innovative data-storage solutions, new interfaces, easier access to the vendor ecosystem, and so on. It will use techniques like application as a service, obtained from application service providers (even on open banking platforms). Approximately 45 percent of the respondents see innovative technologies as a high-impact building block. “No code” and “low code” solutions will put control further in the hands of risk executives and reduce the number of end-user computing tools. Nearly 60 percent of the respondents expect innovative data-storage structures to have a significant impact on risk management.

  • On smart visualization and interfaces, risk digitization will deliver its insights in more intuitive, interactive and personalized ways through risk dashboards, augmented-reality platforms for customers, and other interfaces. The survey found that nearly 20 percent of risk managers expect nascent technologies, such as augmented reality, to have a high impact.

  • On external ecosystem, risk digitization will facilitate easy partnerships with external providers to vastly improve customer on-boarding, credit underwriting, fraud detection, regulatory reporting and many other activities. The survey found that two-thirds of respondents see fintechs more as enablers than disruptors, while 63 percent of North American respondents plan to use industry utilities to deal with regulatory burdens.

  • On talent and culture, risk digitization is expected to have a far greater share of digital-savvy personnel with fluency in the language of both risk and the business, operating within an agile culture that values innovation and experimentation. The survey reports that new profiles seen as most critical in a digitized risk function include data scientists and modeling experts. Accordingly, many risk leaders think that their teams will need to develop these skills rather than hire non-risk professionals and expect them to learn risk.

Empirical Analysis of the Current State of Risk Management of Banks in Nigeria

Given the recent challenges faced by the banking sector in Nigeria, we are of the view that the evolutions in computing and risk technology which has led to the developments in technologies could be used to exploit big data, conduct complex analytics and these technical advancements could offer the Nigerian banks and authorities such as the CBN better abilities for enhancing risk management effectiveness thereby reducing vulnerabilities and exploiting opportunities that could arise.

We set to investigate whether or not the Nigerian banking sector was exploiting technology in order to reduce missed opportunities and realized risks, whether technology has been exploited in order to integrate different systems and collect and analyze massive volumes of data from an unlimited number of sources across multiple locations. The results of content-analyzing integrated reports of selected Nigerian banks where the focus had been on the manner and the way in which risks have been captured and the determination whether Nigerian banks indicate in these reports whether they have deployed technology or not and whether or not the advanced technology would have been deployed in order to reduce missed opportunities and realized risks.

Table 14.1 presents the empirical investigation of 13 banks that rank within the top 40 firms in Nigeria in terms of market capitalization. The latest annual reports of the sampled banks were content-analyzed to extract information on the current risk management approach. Basically, four aspects of risk management approach were examined, namely, the specific risk management framework guiding the risk activities of the bank; the presence of risk committee whose responsibility is to provide oversight functions on behalf of the Board; basic technology employed to manage all forms of risks in the banks; and the application of advanced ICT for risk management in the information revolution era.

Table 14.1 Current risk management approach in Nigerian banks
Full size table

The first three aspects are fully manifest in the sampled banks. These are regarded as the traditional approach to managing risks in the banking industry and have existed for some time. Only two banks appear to be proactive in their risk management approach. Although the depth of risk digitization in these two banks are not verified, the latest annual reports issued by them have some elements of these advanced ICT technologies for managing risks.

Conclusion, Recommendations and Policy Implications

It is clear in the integrated reports that banks have not embraced advanced technology for the purpose of managing risk. To reduce the likelihood of the reoccurrences of recent challenges faced by the banking sector in Nigeria, we are of the view that the evolutions in computing and risk technology which has led to the developments in technologies could be used to exploit big data, conduct complex analytics and these technical advancements could offer the Nigerian banks and authorities such as the CBN better abilities for enhancing risk management effectiveness thereby reducing vulnerabilities and exploiting opportunities that could arise.

With the rise of technology, majority of banking activities are already executed through technological instruments. As a policy recommendation, in addition to the traditional risk and audit committees that are clearly outlined in the code, the CBN would have to incorporate ICT committee in the codes of corporate governance for banks in Nigeria. Alternatively, the code should make it mandatory that some of the external members of the audit and risk committee should possess technological competencies.