Top 10 operational risks for 2013

Please click here to read our latest Top 10 Operational Risks for 2014

The year to come will see, at best, sluggish economic growth worldwide. International Monetary Fund forecasts show a third year of lacklustre growth in the advanced economies (1.5%, after 1.6% in 2011 and 1.3% in 2012) with no hope of making up the shortfall created by the 2008 crisis (although the US, relatively unhampered by austerity policies or the European debt crisis, will grow considerably faster than the UK or the eurozone), and growth of just 5.6% in the emerging economies.

The stress this causes throughout the financial world will manifest itself in a number of ways: fraud, money laundering, regulatory change and uncertainty, mistrust of banks and the risk of control failure.

Some of the 10 operational risks on this list will be obvious – the challenge to business continuity from natural disasters, for example, was underlined by the impact of October’s hurricane on the north-east US, in particular its impact on the financial industry in southern Manhattan. Some, though, are less obvious – it’s a near-certainty that 2013 will see natural disasters somewhere in the world, but the odds of a worldwide disease outbreak are lower. Still, it deserves inclusion on the list as a risk against which many institutions may not be well prepared. Others again are closely linked – a failure in internal controls may be the result of problems with organisational culture, and may be the immediate cause of a breach in sanctions or money-laundering rules, and this in turn may attract political attention and cause reputational damage.

In no particular order, here are Operational Risk & Regulation’s Top 10 operational risks for 2013. Click on the links to read full analysis on each of the risk types.

IT sabotage

Internet-based or cyber attacks have crossed the line from being a relatively minor institution-level threat to a significant danger to the stability of the financial system. A year which saw a growing chorus of warnings of the systemic dangers of cyber attack culminated in a speech by Atlanta Federal Reserve Bank president David Lockhart in late November. "In the last few months, the United States has experienced an escalating incidence of distributed denial of service attacks aimed at our largest banks," Lockhart said. Click to read full article

Reputational damage

A good reputation has never been easier to lose - although this may not be a problem for much of the financial sector, as it doesn't have one. Once again in 2012, the annual Trust Barometer survey conducted by US PR firm Edelman found banks and financial services the least trusted sector of business - less trusted even than they were in 2011. Click to read full article

Incentives and compensation

In 2011, UK banks ring-fenced a total of £5 billion for expected compensation payments to customers who had been mis-sold financial protection products - in particular, payment protection insurance (PPI). In 2012, it emerged that they had been too optimistic - the major banks have more than doubled their provisions for PPI payouts. Click to read full article

Fraud and customer data abuse

Internal fraud remains, as ever, a high priority for risk managers across the financial sector. Economic downturns are known to generate fraud: as employees come under real or anticipated financial pressure, they face the temptation to steal, or to concoct favourable-looking sales and profits in order to reap higher bonuses or simply to ensure they remain employed. Click to read full article

Epidemic disease

The past decade has seen two high-profile widespread outbreaks of respiratory disease: severe acute respiratory syndrome in 2003 and H1N1 influenza in 2009-10. The risk of a severe influenza pandemic - in which a sudden genetic shift creates a new strain of the influenza virus, which spreads to affect a significant proportion of the world - has been estimated at one in every 25-30 years. Click to read full article

Political intervention

The largest single economic uncertainty facing the world - and, not coincidentally, one of the largest potential sources of operational risk - remains, as it was a year ago, the eurozone debt crisis. The November agreement on aid to Greece and the €37 billion deal to restructure Spain's debt-laden banking sector are signs of hope, but the crisis is far from over and a break-up of the eurozone has still not been definitively averted. Click to read full article

Sanctions and AML compliance

2012 saw leading banks in the spotlight, accused of negligently or wilfully breaking anti-money laundering (AML) rules or international economic sanctions. Standard Chartered Bank, accused of breaches of US sanctions on Iran by the New York Department of Financial Services, was forced to pay a $340 million settlement. HSBC, accused of overlooking money laundering from Mexico into the US, predicted in November that the total fines could be more than $1.5 billion. Click to read full article

Emerging market operating risks

Regulators and financial institutions have long recognised that rapid economic growth in emerging markets will draw in not only investors but also the companies that serve them. Earlier this year, Vedat Akgiray, chairman of the Turkish Capital Markets Board and the emerging markets committee of the International Organisation of Securities Commissions (Iosco), called on his fellow regulators to follow the trend: "Proper securities regulation in today's emerging markets is tantamount to "proper" regulation of tomorrow's developed markets. Therefore, emerging markets within Iosco and the global financial system are much more important than they were in the past." Click to read full article

Business continuity and disaster recovery

Unusually low rates of disaster losses in the first half of the year were followed by the severe damage done by Hurricane Sandy to the Caribbean nations and the eastern US. The US suffered estimated direct damage of $20 billion, rising to $50 billion once interruptions to business are taken into account. Click to read full article

Failure to enforce internal controls

Under much recent legislation - the 2010 UK Bribery Act, for example - companies can use the existence of adequate controls as a defence, even when an offence has actually taken place. But the recent trial of UBS rogue trader Kweku Adoboli highlighted that adequate internal controls are useless if they are not maintained and monitored properly. Click to read full article

Operational risk best practice will be discussed at OpRisk Europe on June 11 - 14 in London. For more information and details about attending visit opriskeurope.com.