Consultancy of the year: EY
Operational Risk Awards 2015: Offering an enterprise-wide view and multi-disciplinary skill set is important to tackling op risk challenges
The failure of firms to take an integrated view of their risk positions in the lead-up to the financial crisis was a costly mistake for the banking industry. Just as credit and market issues were found to impact liquidity, operational risk failures were severe enough to damage reputations and trigger concerns about credit and liquidity risk.
Those stark lessons have broadened the scope and stature of operational risk, says Dan McKinney, New York-based operational risk lead partner at consultancy EY. This has occurred alongside a more gradual transformation in how banks manage their non-financial risks, which has been driven by increased regulatory and public scrutiny. "If you look back 15 years, you would see a very different profile of operational risk management leaders and size of their teams," he says. "I don't think people truly appreciate how much the discipline has changed, but that's because it has happened slowly over time."
EY's financial risk practice – a 3,500-strong team boasting backgrounds across risk, business, regulatory, technology and data analytics – has kept pace with the trajectory of the operational risk discipline, an achievement that has helped it win Operational Risk's award for consultancy of the year. The consultancy takes an enterprise-wide approach to support firms as they enhance their systems and control frameworks or carry out regulatory remediation programmes, in order to better cover sub-categories of op risk including cyber security, vendor risk, corporate governance, conduct risk, GRC (governance, risk and compliance), and risk culture.
McKinney says that while sub-topics such as cyber risk may have been owned in the past by other areas of the firm, such as IT, chief risk officers are now also sizing them up, alongside the work of their firm's chief information security officers. "There probably isn't a single risk committee not asking questions about cyber right now," he says. "Firms are realising that it's not just the size of the fine or how much money you could lose due to a control failure; it's the reputational damage that can have a significant and lasting impact. And so it's these events that impact the public perception of the institution that are really getting the board's attention."
The breadth and size of EY's team allows it to tackle projects that require multiple skill-sets from different disciplines. "It's something we've worked hard at," says McKinney. "We make sure we look broadly across our skill-sets to ensure we have the right skills, no matter what team our consultants may technically come from. If we approached our clients with our blinders on – that the client is the head of operational risk and this is therefore an operational risk issue – we would not be doing our best for our clients. We really look at how the problem extends to other risk types and try to make sure we bring the right skills to bear."
The approach extends to setting risk appetite, too, with EY working with clients to assess how their unique operational risk, market risk and credit risk exposures and appetites tie together as part of a consistent and comprehensive risk appetite framework. That means team members dedicated to operational risk management often work closely with those more focused on enterprise risk management, and can cross into both disciplines when called upon. They could also find themselves working alongside the portion of the EY credit risk team predominantly focused on the annual stress tests carried out by the US Federal Reserve – formally known as the Comprehensive Capital Analysis and Review – because of the operational risk element now included in this.
As they work closely with all levels of an organisation, EY consultants are able to keep an eagle-eye on risk management trends as they develop, many of which are occurring in the operational risk space, McKinney says. For instance, while op risk managers have long used scenario analysis and market simulations for capital modelling purposes, managers are realising that more qualitative risk management frameworks can also benefit from the same form of review, and are asking consultants for advice on how they should tackle such an opportunity.
Another new tool can be found in advanced data analytics. The continual flow of real data points stemming from a bank's processes, indicators, metrics and loss data can be used to help clients to unearth trends and patterns in a firm's risk and control self-assessment, for instance, which helps to nurture an enterprise-wide view.
McKinney says that a growing number of firms are also realising they can leverage their operational risk programmes to identify and define processes for regulatory pressure points such as recovery and resolution planning and risk programmes for cyber security or outsourcing services to third parties.
"Operational risk can add value by looking across the firm, front-to-back, to identify hand-off points and dependencies and potential weaknesses," he says. "You're not just simply rolling out a framework any more. You're actually using the framework, the data, to drive risk management decisions."
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Awards
Collateral management and optimisation product of the year: LSEG Post Trade
LSEG Post Trade wins Collateral management and optimisation product of the year for interconnected services that help mitigate counterparty risk and optimise capital usage
Clearing house of the year: LCH
Risk Awards 2025: LCH outshines rivals in its commitment to innovation and co-operation with clearing members
Driving innovation in risk management and technology
ActiveViam secured three major wins at the Risk Markets Technology Awards 2025 through its commitment to innovation in risk management and technology
Regulatory reporting product of the year: Regnology
Regnology retains its award for Regulatory reporting product of the year at this year’s Risk Markets Technology Awards.
Electronic trading support product of the year: TransFICC
TransFICC’s One API and automation solutions earned the Electronic trading support product of the year award by tackling fragmentation and streamlining workflows in fixed income and derivatives markets
Market data vendor of the year: S&P Global Market Intelligence
S&P Global Market Intelligence wins Market data vendor of the year for its comprehensive data solutions and tools supporting trading, risk management and compliance
Best use of machine learning/AI: CompatibL
CompatibL’s groundbreaking use of LLMs for automated trade entry earned the Best use of machine learning/AI award at the 2025 Risk Markets Technology Awards, redefining speed and reliability in what-if analytics
Clearing house support product of the year: FIA Tech
FIA Tech won Clearing house support product of the year for its TDN solution, which streamlines post-trade processing in ETDs by increasing efficiency, reducing risk and enhancing transparency