Op risk managers could be Covid long-haulers
New threats sprang from old sources in this year’s Top 10 op risks, belying a big drop in losses
Like many, operational risk managers were glad to see the back of 2020. Unlike most, their worries show few signs of easing. The giant sources of op risk engendered by the coronavirus – opportunistic cyber attacks, creative money laundering and vast new possibilities for internal fraud – aren't going anywhere, even as the world charts a course out of lockdown.
Among broad categories of concern, this year’s Top 10 Op Risks look superficially similar to previous years, with movement between them as expected: conduct and resilience risk have both risen up firms’ agendas, with more esoteric concerns like organisational change and talent risk dropping. Employee wellbeing was the sole new entry – both a welcome sign that managers are taking the human element seriously, and a worrying one that the scale of the problem is big enough to be top of mind.
Yet within each category, risk profiles have changed dramatically in ways that are difficult to predict and impossible to fully track. The threat of IT disruption remains the top collective concern, for instance, but conversations suggest that owes as much to insider threats from disgruntled employees – those on notice or paid leave who still have access to systems and controls, for instance, or sensitive data – as it does longstanding worries over outages and overloads.
And perhaps counterintuitively, the trend in op risk losses has been falling since the pandemic erupted, along with attendant capital numbers – 2020 marked a post-crisis low in both frequency and severity of losses, according to data from ORX News.
When might the increased array of threats firms face in the work-from-home era crystallise as loss events? That all depends. When modelling losses, firms tend to divide events between those stemming from conduct-related issues, and everything else. In part this is due to the difficulty of modelling the former, given it is skewed by infrequent, but catastrophically large losses.
But conduct losses are also a slow burn: fines for mis-selling, market manipulation and most forms of internal fraud take a long time to come to light, then hang around like a yoke on the neck for far longer – perhaps forever, in reputational terms.
“When we model, we assume that most conduct losses will show a three-to-five-year lag – whereas normal, transaction-style losses will appear within a one-year window. One year into Covid, we've not seen any transaction losses of any real note – so I don’t know whether we will now. But who knows what conduct looks like,” says the head of op risk capital at one European bank.
Covid has also exposed the limitations of point-in-time year-ahead forecasts, including Risk.net's Top 10 Op Risks survey. Few risk managers reported pandemic risk among their top concerns last year – one honest bank admitted to having drawn up a pandemic scenario, before dismissing it as unrealistic. It last appeared in 2013’s Top 10, in the wake of the Asian swine flu epidemic.
So, Risk.net is considering ways to shake up the format of the Top 10 Op Risks going forward, to try and make it more dynamic and informative for readers. What might that look like? A quarterly poll, to see how the main areas of concern for op risks managers evolve over the course of a year? A more granular survey that provides a detailed breakdown of perceived threats? Or a free-form exercise designed to identify emerging risks?
Let us know your thoughts: send suggestions to Tom.Osborn [at] Risk.net.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Our take
How Risk.net’s robots unlocked Ucits trade data
Machine learning tool helps reveal the largest European derivatives users – and who they trade with
Running the numbers on Barr’s Basel III endgame revisions
Fed vice-chair’s plan to ease capital requirements for big banks still lacks critical details
Another post-Libor rate aims to clear Iosco bar
After two rivals were slapped down by the benchmark overseer last year, will Axi fare differently?
Nvidia is growing up. It’s not settling down
Chip maker is a mega cap that doesn’t act like one
FX forwards dealers face added challenges in P&L analysis
Mark-out tools for forwards and swaps trading may not be a panacea
Can history resolve factor investors’ p-hacking questions?
Quants seek reassurance in the far distant past
Insurance double-hatters like Apollo can expect more scrutiny
Regulators are homing in on conflicts of interests at private-equity-owned insurers
Podcast: Lorenzo Ravagli on why the skew is for the many
JP Morgan quant proposes a unified framework for trading the volatility skew premium