Mifid II, volatility and the top 10 op risks

The week on Risk.net, February 17-23, 2018

Top 10 op risks: IT disruption heads 2018 poll

Cyber risk dominates three of top four categories; model risk and mis-selling re-enter top 10

Old dispersion product signals new vol regime

Return of pre-crisis, ‘theta-flat’ trades an early sign of shifting volatility expectations

In the dark: pools warn late Mifid rules still won’t add up

Venues say better trade-flagging, consolidated tape needed for equity double-volume caps


COMMENTARY: The new nature of the catastrophe

Eagle-eyed readers may have noticed 2018’s top 10 operational risks does not include cyber risk’. It’s not that the threat to the financial services industry from malicious cyber actors is any less severe; rather, this year we decided to recognise that the category has become too large and diverse to make sense as a single risk taxonomy. Instead, in this year’s annual barometer, we’ve broken cyber up, and considered its impact across three primary categories: IT disruption’, ‘data compromise’ and ‘theft and fraud – the last covering traditional financial crime as well as losses inflicted by cyber means.

The absence of a ‘cyber’ heading from the list should not lead anyone to relax. Those categories are three of the four most important operational risk concerns facing banks and other financial institutions this year, according to op risk professionals around the world; in fact, very few did not have some form of cyber risk somewhere on their worry list, generally at or near the top.

If cyber risk management is a war, it is one the financial industry is losing, and has been losing for several years – the mounting sophistication of the attacks and the growing size of the losses they inflict make that very clear. But it is not yet a war the industry has lost, and new regulations such as the EU’s General Data Protection Regulation may yet help turn things around.

This year’s list is heavy in a couple of other areas too – broadly, chaos and dishonesty. The high-value cyber attacks may draw the headlines, but some of the largest fraud losses of 2017 came from very familiar-looking traditional frauds, often in emerging markets. Major banks in more advanced markets shouldn’t become complacent, though – in terms of legal liability as well as potential financial loss, they are more exposed to partners, suppliers and contractors in other countries than ever before.

Nor should they overlook the degree to which they could become the cause of their own problems. Rapid changes in strategy or organisational structure and an unwillingness to invest in hiring, training and developing key personnel are sources of profound stress for any organisation. Huge losses have occurred and will continue to occur as a result of a lack of adequate skilled and experienced oversight; it’s a common factor in most rogue trading cases, for example. Ambition and a desire to cut costs have led many banks into extremely dangerous territory, and this, as much as state-sponsored cyber attack or natural disaster, represents a key operational risk for 2018.



Spreads on vega-flat dispersion trades narrowed by one point on the S&P 500 and half a point on the Euro Stoxx 50 in response to the market turbulence as single-stock volatility failed to keep pace with surging index volatility. The mark-to-market impact on outstanding vega-flat S&P and European dispersion trades may have been as high as $100 million



We can do lots of preparatory work with the FMIs so we’re in a position to make those decisions at one minute past midnight on day one. And therefore those overseas FMIs can have seamless access to UK firms – David Bailey, Bank of England

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here