Risk Benchmarking
Welcome to Risk Benchmarking, a new research service scrutinising op risk practices at a range of financial institutions. Each quarter, we’ll share some of the findings from one of four cohorts – G-Sibs, other banks, asset managers and insurers, and FMIs.
Participants get to see all the data – message us for details: benchmarking@risk.net
Dealers favour central XVA desks, but splits remain on funding
Most banks run a single desk within the front office, but more than half share responsibility for its funding needs with treasury
XVA desks may be standard – their tech and mandates aren’t
A decade into centralised management of XVAs, Risk Benchmarking data finds divergent approaches to pricing, methodologies and tech stacks
Fewer than half of banks rate their GRC vendor as ‘good’
Enterprise Risk Benchmarking study shows banks juggling multiple systems, adding costs and complexity
Risk Benchmarking data
Most banks add ERM heads – but CROs keep control
Hiring tilts towards AI, cyber and model risk as enterprise risk’s remit grows faster than its reach
71% of banks automate escalation of appetite breaches
Automated processes are less common at banks where ERM sets overall risk appetite, research shows
Risk Benchmarking
Dealers favour central XVA desks, but splits remain on funding
Most banks run a single desk within the front office, but more than half share responsibility for its funding needs with treasury
Op risk benchmarking
Banks curb frequency of GRC vendor reviews
Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
Almost all banks mandate cyber security training
And unlike other risks, information security coaching moves the internal confidence dial
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
Regulators zero in on third-party risk, resilience
In latest survey, 35% of banks say watchdogs have “significantly increased” focus on third-party risk, with reports of arduous inspections and growing resource strain
More than one-quarter of banks overhaul third-party KRIs
Op Risk Benchmarking data shows more flux – and less confidence – in indicators tracking vendors versus other risks
Ninety-one per cent of banks have specialist teams for resilience risk
Latest survey shows regulatory pressure is driving broader framing of resilience, beyond IT and cyber
More than half of banks manage change as an operational risk
Others are moving to incorporate it into risk taxonomies, although some now treat it as a cause, citing supervisory guidance
