Navigating operational risk challenges

Today, the landscape of operational risk is being reshaped by cyber threats, third-party dependencies, artificial intelligence adoption and regulatory scrutiny. With operational resilience under the spotlight, senior op risk leaders at Risk.net’s Leaders’ Network meeting held in London in June discussed a shift in mindset – from treating scenarios as regulatory exercises to leveraging them as strategic business tools. Amid heightened regulatory scrutiny, growing cyber and third-party exposures, and rising expectations for resilience, participants emphasised the need for greater business engagement, quantification rigour and integration of scenario outputs into forward-looking governance. 

Key takeaways:

• Scenario analysis is underutilised despite being viewed as valuable – institutions are working to make it more tangible, data-driven and business-relevant.
• Many firms run fragmented scenario programmes (capital, resilience, risk and control self-assessment); leaders are pushing to align these for consistency and efficiency.
• Quantification of scenario outcomes is increasingly used to set stress appetite, inform board governance and justify capital buffers.
• Regulatory scrutiny is rising globally, though inconsistently: European regulators press for integration, while US regulators deprioritise capital but elevate resilience.
• Business engagement remains a major challenge; scenario insights often fail to translate into strategic action or daily decisions.
• Some firms are using scenarios to guide decisions on AI deployment, product growth and infrastructure investments – moving from reactive to strategic use.
• Integrating scenario results into strategic planning cycles and risk appetite frameworks is gaining momentum across leading firms.
• The long-term goal: transform scenario analysis into an indispensable management tool that links controls, capital and business performance.