The evolution of operational risk including resilience, cyber and future trends

By Shannon Harris, Senior Research Executive, CeFPro 

Over the last ten years the operational risk landscape has changed beyond recognition and included a drive towards holistic risk management practices. In a constantly evolving environment it is often the role of the risk professional to have oversight of multiple disciplines and keep on top of emerging trends. In this new era of risk management, previously segregated departments are now collaborating. Regulatory bodies are also echoing these themes by placing more focus on enhanced standards around operational resilience, assessment and mitigation. The operational risk professional of today has an increased agenda in trying to mitigate traditional risks, collaborate with teams and be aware of the industry’s future outlook. In addition to this the financial landscape is experiencing enormous changes in the way of emerging technology, latest advancements are revolutionising the industry but can also bring a wave of unexplored risks.

Given the latest developments within the industry The Center for Financial Professionals conducted its annual research study into the leading trends and challenges surrounding operational risk. The research allowed us to interview over 100 industry professionals from across Europe who are directly managing operational risk. Throughout the course of the study we gathered some fascinating insight on the leading themes which ultimately contributed towards the agenda for our 6^th Annual New Generation Operational Risk Summit. In celebration of the official launch of the summit we have collated some of the key findings from the study. Below are the top three areas mentioned by a large number of industry professionals as the leading challenges for 2019/2020.

Operational Resilience

One of the key themes mentioned throughout the research was operational resilience, overall many experts had concerns around industry expectations and regulatory uncertainty. Operational resilience has been a focus for a few years now, however the PRA are expected to solidify some expectations within their next consultation paper. Our survey highlighted that many firms are at different levels of implementing operational resilience frameworks and the impending consultation paper should provide some feedback on expected standards. As operational resilience encompasses so many areas of the business it is a top priority for many financial institutions and requires a considerable amount of time and resources. Below are just some of the comments we received whilst gathering feedback on operational resilience;

“I think most people are looking at how to implement an operational resilience framework and develop impact tolerances and metrics”

“With operational resilience were not all on the same level yet. There needs to be more understanding and shaping of the organisation. Things like outsourcing and third party suppliers are coming into focus more”

“It’s a question of how we best document resilience for the regulators, you can either do a lengthy narrative presentation or summary slides. There needs to be clarification in their revised publication, otherwise people can do lots of work which isn’t wanted”

“Over the next year we are expecting a period of more embeddedness around the requirements and increased governance. But we also need to know what the next expectations are going to be thinking past 2020”

Cyber Risk

Another major area of focus highlighted from the study which links to operational resilience was the topic of cyber risk. Due to technological advancements within the industry it seems that cyber risk is increasingly growing in importance and adding new pressures to financial institutions. As criminal fraudsters get more advanced it’s often a race to keep one step ahead and provide stability and security. In regards to risk management industry professionals will have to consider the evolving threats of cyber risk and the possible impacts to the business. However technological advancements could bring benefits to risk management and lead to enhanced practices and assessment. Highlighted below are just some of the comments we received from survey participants relating to cyber risk;

“It’s a big challenge to quantify these big major cyber threats which disable a bank, they are hard to quantify and how do we do that across a range of cyber-attacks. The op risk managers should lead across the bank so it is prepared for an attack when it happens and knows how to respond to it”

“It would be helpful to get an operational risk perspective on cyber and find out what most people think are the top priorities”

“I like to look at the pace of change, looking at the change in technology and cyber and how that impacts business and how people have to react and change. Cyber resilience is a big deal now so how do we manage that?”

“Everyone seems to look at technology and cyber as a bad thing. But looking at it from a different perspective things like machine learning are making a big difference in cyber security and kill chains. I am sure with the correct implementation and understanding it can help to reduce a number of risks across a wide range of sectors through AI and machine learning”

Climate Change

Finally, the last area mentioned as a top priority for the next twelve months was climate change. Progressively we are seeing regulatory bodies and governments showing more interest in climate change and the actions of worldwide institutions. The financial landscape is also subject to such scrutiny and is feeling pressure from both regulators and customers. Risk managers have the difficult task of incorporating climate change outcomes into risk planning and assessment. However this is no easy feat as the full impacts are unknown and may span over a long period of time. Many of our survey participants agreed that climate change will continue to grow in importance and will dominate many institution’s agenda for the foreseeable future. We received several comments relating to climate change, below are a few of the core points;

“Regulators are now pushing firms to make long and short term plans for climate change. So it will be interesting to see how firms do that, what are the considerations and approach. I think regulators are going to be looking at this a lot more”

 “Climate change is a big issue and we need to start thinking about it in terms of impact on customers, banking book and operations from physical climate change. The industry is starting to think more about the impact on regulation, current investment and the world we operate in”

“I think the climate change agenda is being driven by customer patterns, customers now days are much more concerned about the environment and general ethics in business”

“A lot of the climate change talk is coming from political and cultural pressures, but you could argue some countries are more invested in this than others. So where does that leave those who operate across jurisdictions?”

In summary operational risk management continues to be vitally important to the stability of the financial landscape. But in this constantly changing environment risk professionals have an increased workload and must create sustainable plans which tackle the issues of today whilst also focusing on future outcomes. Our survey allowed us to gain a rare insight into the top challenges being faced by multiple industry professionals, interestingly the top areas of concern were operational resilience, cyber risk and climate change. All of these areas are of importance today but will also be a priority for many years to come. As many financial institutions are working towards common goals in this space it could be suggested that thought-sharing and collaboration could be beneficial to the industry. Having a common understanding of industry trends, regulatory expectation and emerging threats could further strengthen risk management practices.

In order to encourage collaboration The Center for Financial Professionals will be hosting the 6^th Annual New Generation Operational Risk Summit taking place on the 10-11 of March, 2020 in London. The two day gathering will feature over 30 hand-picked industry professionals delivering presentations and panel discussions on a variety of topics. CROs, COOs, Global Heads and MDs will share their insight on the following topics;

Change Management | Operational Resilience | Non-Financial Risk | Culture & Conduct | Third Party Risk | Compliance | Climate Change | Fraud | Blockchain | SMCR | AI & Machine Learning | Lines of Defence | Cloud | Risk Appetite and much more

To view the full details of the conference including the latest agenda and speaker line up please visit our website at www.cefpro.com/oprisk . Alternatively for any specific questions on the event or the above report feel free to get in touch with me at shannon.harris@cefpro.com