The top 10 op risks – a field guide
Survey should be read as industrywide attempt to relay and share worries anonymously
Survey should be read as industrywide attempt to relay and share worries anonymously
Click on category for full analysis
#1 IT disruption | #2 Data compromise | #3 Regulatory risk | #4 Theft and fraud | #5 Outsourcing | #6 Mis-selling | #7 Talent risk | #8 Organisational change | #9 Unauthorised trading | #10 Model risk
This year’s top 10 operational risks look a little different to last year’s, but the changes owe less to any seismic shift in the industry’s prioritisation of the threats it faces and more to the way Risk.net has asked it to list them.
As in the past, respondents were asked to select the top operational risks faced by their organisation over the year ahead. This time, however, they were asked to supplement these risks with real-world examples of potential loss events, which were then aggregated and mapped to the taxonomy above, with broad categories broken down and analysed in a separate chapter for each.
The new method has brought a few boundary changes. No, the industry has not collectively decided cyber risk is not a true operational risk; rather, its impact is now considered so all-pervading that it is treated as a causal factor across multiple categories – principally IT disruption, data compromise, and theft and fraud, but also outsourcing – rather than as a wide group in itself.
The aim, simply, is to give readers a better insight into what their peers spend their time worrying about. The knowledge that more practitioners consider loss of functionality from a cyber attack – whether intended to be disabling or not – to be a (marginally) greater threat than that of data compromise or plain old theft should prove valuable to firms, if not exactly comforting.
The effect of asking for specific examples has not seen broad categories being broken up and atomised; instead, some groupings have expanded.
The resulting taxonomies may look alien to some firms, but the way in which many banks categorise and manage risks is also changing
For instance, many practitioners say they now consider the threat of losses from unauthorised trading from rogue algorithms to outweigh that of rogue humans. The growing risk from errant algos, as well as tighter conduct risk regulations clarifying risk managers’ responsibility for overseeing them, sees the two being considered alongside one another for the first time.
The resulting taxonomies may look alien to some firms, but the way in which many banks categorise and manage risks is also changing – nowhere more so than in the realm of operational risk.
Ashley Bacon, chief risk officer at JP Morgan, last year detailed the bank’s approach to grouping emerging exposures into one of six buckets. Non-financial risks dominate most of them. Deutsche Bank, meanwhile, became perhaps the first large global bank to appoint a group-wide head of non-financial risk last year in Balbir Bakhshi.
In the past, some have criticised the survey for choosing to focus on broad categories of risk concern, rather than specific potential loss events. That approach is deliberate. The survey is inherently qualitative and subjective; the weighted list of concerns it produces should be read as an industrywide attempt to relay and share worries anonymously, not as a how-to guide. Such a list would be brief and dull, with its value to a broad group of readers as an annual health check severely limited.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Our take
The signs of tacit collusion in the dividend play trade
Game theory and real-world data point to a different understanding of how arbitrage in markets works
Decades of history says you can beat high inflation with quality
Factors such as momentum and value generally outperform the market irrespective of inflation, but new research suggests quality stocks are best when prices are rising rapidly
Esma faces tough task in implementing Emir 3.0
EU regulator must contend with tight timeframes and increasing workload without additional resources
Quants are using language models to map what causes what
GPT-4 does a surprisingly good job of separating causation from correlation
China stock sell-off will test securities firms’ risk managers
Regulatory measures to support stock market could add to risks facing securities sector
Why some UK pensions might choose to run on
Buyouts are booming but trustees are thinking about alternatives, too
Choppy inflation may be the worst inflation
Investors can build strategies to suit fast-rising prices, or slow-rising prices. What trips them up is the inflation foxtrot: slow, slow, quick, quick, slow
A dynamic margin model takes shape
New paper shows how creditworthiness and concentrations can be reflected into margin requirements
Most read
- Top 10 operational risks for 2024
- As FCMs dwindle, regulators fear systemic risk
- Top 10 op risks: AI fears drive cyber risk to record high