Ninety-one per cent of banks have specialist teams for resilience risk
Latest survey shows regulatory pressure is driving broader framing of resilience, beyond IT and cyber
This piece is part of a series benchmarking bank operational risk management practices. Sign up for Risk Benchmarking emails here.
Most banks describe their resilience risk frameworks as functional but far from bulletproof. Just 19% of institutions in Risk.net’s latest benchmarking survey said they were “very confident” in the way they structure and staff resilience risk, while 59% opted for the
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Operational risk
Second line seeks to stamp its authority on AI risk
Risk Benchmarking study finds fragmented accountability for AI risk among banks, and most are short of controls to contain it
Op Risk Benchmarking 2026: explore the data
View interactive charts from Risk.net’s 61-bank study, covering risk appetite breaches, controls, scenario analysis, GRC tech and regulation
Appetite breaches climb for top op risks
Risk Benchmarking: Low tolerance and heightened threat environment combine to test banks’ limits for cyber, resilience, third-party risk
Op Risk Benchmarking: Banks seek a home for AI risk
Risk.net’s 2026 study sees record participation and collective unease, as banks race to incorporate AI into op risk frameworks
Banks curb frequency of GRC vendor reviews
Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
Almost all banks mandate cyber security training
And unlike other risks, information security coaching moves the internal confidence dial
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
