Appetite breaches climb for top op risks
Risk Benchmarking: Low tolerance and heightened threat environment combine to test banks’ limits for cyber, resilience, third-party risk
This piece is part of a series benchmarking bank operational risk management practices. Sign up for Risk Benchmarking emails here.
Four in 10 banks breached their appetite for information security risk in the past 12 months, according to the findings of Risk.net’s latest Op Risk Benchmarking study, while 55% breached formal thresholds for at least one of the top five risks surveyed – the joint
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Operational risk
Op Risk Benchmarking: Banks seek a home for AI risk
Risk.net’s 2026 study sees record participation and collective unease, as banks race to incorporate AI into op risk frameworks
Banks curb frequency of GRC vendor reviews
Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
Almost all banks mandate cyber security training
And unlike other risks, information security coaching moves the internal confidence dial
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
Regulators zero in on third-party risk, resilience
In latest survey, 35% of banks say watchdogs have “significantly increased” focus on third-party risk, with reports of arduous inspections and growing resource strain
More than one-quarter of banks overhaul third-party KRIs
Op Risk Benchmarking data shows more flux – and less confidence – in indicators tracking vendors versus other risks
Ninety-one per cent of banks have specialist teams for resilience risk
Latest survey shows regulatory pressure is driving broader framing of resilience, beyond IT and cyber
