
The top 10 op risks – a field guide
Survey should be read as industrywide attempt to relay and share worries anonymously
Click on category for full analysis
\#1 IT disruption | \#2 Data compromise | \#3 Regulatory risk | \#4 Theft and fraud | \#5 Outsourcing | \#6 Mis-selling | \#7 Talent risk | \#8 Organisational change | \#9 Unauthorised trading | \#10 Model risk
This year’s top 10 operational risks look a little different to last year’s, but the changes owe less to any seismic shift in the industry’s prioritisation of the threats it faces and more to the way Risk.net has asked it to list them.
As in the past, respondents were asked to select the top operational risks faced by their organisation over the year ahead. This time, however, they were asked to supplement these risks with real-world examples of potential loss events, which were then aggregated and mapped to the taxonomy above, with broad categories broken down and analysed in a separate chapter for each.
The new method has brought a few boundary changes. No, the industry has not collectively decided cyber risk is not a true operational risk; rather, its impact is now considered so all-pervading that it is treated as a causal factor across multiple categories – principally IT disruption, data compromise, and theft and fraud, but also outsourcing – rather than as a wide group in itself.
The aim, simply, is to give readers a better insight into what their peers spend their time worrying about. The knowledge that more practitioners consider loss of functionality from a cyber attack – whether intended to be disabling or not – to be a (marginally) greater threat than that of data compromise or plain old theft should prove valuable to firms, if not exactly comforting.
The effect of asking for specific examples has not seen broad categories being broken up and atomised; instead, some groupings have expanded.
The resulting taxonomies may look alien to some firms, but the way in which many banks categorise and manage risks is also changing
For instance, many practitioners say they now consider the threat of losses from unauthorised trading from rogue algorithms to outweigh that of rogue humans. The growing risk from errant algos, as well as tighter conduct risk regulations clarifying risk managers’ responsibility for overseeing them, sees the two being considered alongside one another for the first time.
The resulting taxonomies may look alien to some firms, but the way in which many banks categorise and manage risks is also changing – nowhere more so than in the realm of operational risk.
Ashley Bacon, chief risk officer at JP Morgan, last year detailed the bank’s approach to grouping emerging exposures into one of six buckets. Non-financial risks dominate most of them. Deutsche Bank, meanwhile, became perhaps the first large global bank to appoint a group-wide head of non-financial risk last year in Balbir Bakhshi.
In the past, some have criticised the survey for choosing to focus on broad categories of risk concern, rather than specific potential loss events. That approach is deliberate. The survey is inherently qualitative and subjective; the weighted list of concerns it produces should be read as an industrywide attempt to relay and share worries anonymously, not as a how-to guide. Such a list would be brief and dull, with its value to a broad group of readers as an annual health check severely limited.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Our take
Korea’s ‘worst-of’ times are here to stay
Chinese houses’ success in Korean autocalls could stymie hopes of diversifying the product mix
Could intraday FX swaps help reduce settlement risk?
New swap platform hopes to ease funding pains, but can it promote more use of PvP?
Talking Heads 2023: A turf war in credit markets
Banks are looking to reclaim territory they previously ceded to market-makers and private funds
FX-style crypto platforms could bridge gap with TradFi
Emergence of execution-only ECNs, prime brokers and clearing houses brings new confidence in crypto
Skew this: taking the computational burden off basket options
Dan Pirjol presents a snap formula for estimating implied volatility skew in an instant
Shhh, don’t tell: the struggle to keep skew under wraps
Liquidity recycling by clients has made it more difficult for banks to keep skews quiet
How a machine learning model closed a hidden FX arbitrage gap
MUFG Securities quant uses variational inference to control the mid volatility of options
The AOCI elephant in the DFAST room
After March’s banking crisis, Fed stress tests should adopt harsher and wider ranging rate scenarios