Op risk benchmarking
Welcome to Op Risk Benchmarking, a new research service scrutinising op risk practices at a range of financial institutions. Each quarter, we’ll share some of the findings from one of four cohorts – G-Sibs, other banks, asset managers and insurers, and FMIs.
Participants get to see all the data – message us for details: ORMBenchmarking@risk.net

Vendor oversight splinters across FMIs
Op Risk Benchmarking: firms grapple with “chaos” of third-party rule changes, amid growing recognition of cyber and resilience threats

Top 10 operational risks for 2025
The biggest op risks as chosen by senior practitioners – and what they’re doing about them

Top 10 op risks: AI arms race leaves risk teams playing catch-up
As firms invest for fear of being left behind, op risk managers urge caution on data, controls and access

Top 10 op risks: For change management, the cloud is its own weather front
As lenders move legacy banking to the cloud, the risks of getting it wrong are exponentially greater

Top 10 op risks: Why cyber risk looms larger than its losses
Fast-moving threat landscape and increased supplier concentration keep infosec top of the table

Op Risk Benchmarking: The G-Sibs
Using data submitted by 11 G-Sibs, our new Benchmarking series explores how the world’s largest banks are managing their biggest operational risks. Team sizes and setups, modelling practices, internal reporting, GRC vendors – take a look here.
Big Figure
Safety in numbers?
FMIs demonstrate broad variability in the size of the second-line teams tasked with overseeing infosec – but that’s starting from a relatively low base: many have teams comprising of just one specialist, while the mean average is slightly more than five.

Op Risk Benchmarking: Banks
Our second Op Risk Benchmarking series focuses on op risk frameworks at large domestic and regional banks, taking a deep dive into each of their top five risks: information security; IT disruption; change management; execution & process errors; and regulatory compliance risk.