Risk Committee Update: June 2025

Thomas Murray's Risk Committee met through May to review several key markets, focusing on significant developments and proposed changes in risk assessments across multiple regions. This month we provide an overview of our findings and insights for the United States, Mexico, Latvia, Lithuania, and Estonia.

For more regional insight, please contact: Ana Giraldo Chief Risk Officer and Director Americas agiraldo@thomasmurray.com who’ll be able to connect you with one of our experts.

United States

Our recent risk assessments of various U.S. banks have brought several important trends to light.

Financial health remains a core focus, with particular attention on profit margins, capital adequacy, and liquidity coverage ratios. In some cases, strong balance sheets and high credit ratings have led to improved financial risk assessments.

Operational practices have also evolved. Notably, some banks have outsourced their settlement functions to third-party providers. Initially, this raised concerns about potential settlement delays or disruptions, prompting the Risk Committee to place the outlook ‘On Watch’. However, following a period of stable performance and no reported issues, the Risk Committee decided to review the outlook to ‘Stable’.

Additionally, practices related to asset servicing and asset safety have remained largely stable. However, U.S. banks generally do not score particularly highly in asset safety assessments. This is primarily due to the widespread use of omnibus account structures and account naming conventions at DTC, which can limit transparency and increase the complexity of asset segregation.

The Risk Committee also closely monitors regulatory actions, such as fines and cease-and-desist orders, as these can significantly impact a bank’s overall risk assessment.

Additionally, data protection is receiving increased attention, with past data breaches now playing a more prominent role in how banks are evaluated from a risk perspective.

Mexico

Our assessment of bank risk in Mexico has highlighted several important developments. Operational risk has become a key area of focus, particularly following the split of operations at one of the main sub-custodians, which led to some temporary disruptions. Financial risk has also been reassessed due to significant changes in ownership and capital structure.

On a more positive note, some banks have shown improvements in operational risk. These enhancements are largely the result of new custody systems being implemented, streamlining processes and strengthening controls. Additionally, the adoption of external operational audits aligned with international standards has further supported these improvements.

Furthermore, data protection and cybersecurity are increasingly impacting operational risk scores. The inclusion of additional data fields has enabled a more comprehensive assessment of each bank’s risk profile in these areas.

Notably, the Risk Committee agreed to apply manual downgrades to some assessments due to identified deficiencies in internal controls and Anti-Money Laundering (AML) practices, which have resulted in regulatory fines.

The Committee also reviewed recent changes in event processing and proxy voting services. These developments are contributing to further adjustments in operational risk assessments, as they may affect service reliability and control effectiveness.

Estonia

Asset safety remains a key area of focus in the Estonian market, particularly due to changes in account structures. The predominant use of client omnibus accounts has prompted adjustments in risk assessments, as this structure can reduce transparency and increase the risk associated with asset segregation and protection.

Financial risk was also re-assessed due to changes in the banks’ credit ratings, improvements in net profit margin trend and a positive capital adequacy ratio trend.

Asset servicing was also reassessed across all banks in the market, with particular attention to changes in meeting representation and market claims processing. The approaches used for meeting representation—such as electronic voting and physical attendance—are being assessed to determine whether they reflect the full range of methods available in the market. These developments are prompting adjustments in risk assessments, as they reflect evolving practices and service standards within the banking sector.

However, Operational Risk is being impacted by changes in risk and control self-assessments, internal audit frequencies, and cybersecurity scores. Changes in the frequency of risk assessments and less frequent internal audits is leading to adjustments in Operational Risk scores.

Latvia

In Latvia, asset safety risk for all banks was re-assessed using an updated methodology. As a result, some downgrades were applied across the market, despite there being no significant changes in account structures or reconciliation practices.

Additionally, there is increased focus on asset servicing following a recent market visit. Banks’ practices and processes are being scrutinised more closely—particularly in relation to how market claims are processed, the use of supplementary information sources for corporate actions, and the handling of proxy voting instructions. These reviews are leading to further adjustments in risk assessments to reflect evolving standards and levels of service.  Operational risk in Latvian banks continues to be closely monitored, particularly in light of regulatory actions. The imposition of fines on some institutions for sanctions violations—such as the penalty issued to one bank in June 2023—has contributed to maintaining an “On Watch” outlook. These incidents highlight ongoing concerns around compliance and internal control effectiveness.

Lithuania

The Risk Committee also reviewed sub-custodian providers in Lithuania. While there were no major changes to overall risk assessments, updates were made to asset servicing risk following a more detailed review of proxy voting services and meeting representation practices.

Recent clarifications and the addition of new data—particularly around meeting representation and proxy voting—prompted a re-evaluation to ensure accuracy and consistency in scoring.