Risk management/Operational risk
EU single portal faces battle to unify cyber incident reporting
Digital omnibus package accused of lacking ambition to truly streamline notification requirements
Global banks ‘hassled’ by China’s mystery data rules
Some firms left in the dark as new guidance on exporting data overseas is distributed bilaterally
How FCA could help tackle third-party risk in AI
UK regulator’s supercharged sandbox is designed to boost explainability and reduce reliance on vendors
Op risk data: For Yes Bank, no mercy over insider fraud
Also: Cracking Brazil’s Pix hacks, Macquarie fund fumble, and taxing time for Crédit Agricole. Data by ORX News
Credit Suisse AT1 ruling may only benefit a third of bondholders
Swiss law may mean only bondholders who appealed writedown get compensation, if there is any
First line of defence dominates third-party risk management
1LoD survey finds 86% of control functions think they have sole responsibility for vendors
71% of banks automate escalation of appetite breaches
Automated processes are less common at banks where ERM sets overall risk appetite, research shows
North American banks outpace Europeans in ERM
New research shows US, Canadian banks have more developed enterprise risk management functions
Banks treat ERM as compulsory – even when it isn’t
More than 80% follow supervisory guidance or expectations for ERM, benchmarking shows
Enterprise risk managers: police or foot soldiers?
With more than 5,000 data points from 37 banks, our first ERM Benchmarking exercise shines a light on very different missions
Op risk data: 1MDB scandal still haunts Wall Street
Also: Woodford in hot water, Salesforce voice phishing hooks multiple firms. Data by ORX News
Dora delay leaves EU banks fighting for their audit rights
Regulation requires firms to expand scrutiny of critical vendors that haven’t yet been identified
How some banks aced the EBA stress test
Four banks actually increased their capital ratios, while US subsidiaries were hit worst
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
ECB may force banks to rethink cloud just months after Dora
EU regulator pushes multi-cloud strategy for banks, but guidance will not be binding
Op risk data: Santander takes hefty historic hit over PPI mis-selling
Also: Brazil’s cyber screw-up, Barclays’ AML mishap, and MAS metes out more AML fines. Data by ORX News
Almost all banks mandate cyber security training
And unlike other risks, information security coaching moves the internal confidence dial
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
Regulators zero in on third-party risk, resilience
In latest survey, 35% of banks say watchdogs have “significantly increased” focus on third-party risk, with reports of arduous inspections and growing resource strain
Ninety-one per cent of banks have specialist teams for resilience risk
Latest survey shows regulatory pressure is driving broader framing of resilience, beyond IT and cyber
More than half of banks manage change as an operational risk
Others are moving to incorporate it into risk taxonomies, although some now treat it as a cause, citing supervisory guidance