![Risk.net](https://www.risk.net/sites/default/files/styles/print_logo/public/2018-09/print-logo.png?itok=1TpHrpuP)
The top 10 op risks – a field guide
Survey should be read as industrywide attempt to relay and share worries anonymously
Click on category for full analysis
#1 IT disruption | #2 Data compromise | #3 Regulatory risk | #4 Theft and fraud | #5 Outsourcing | #6 Mis-selling | #7 Talent risk | #8 Organisational change | #9 Unauthorised trading | #10 Model risk
This year’s top 10 operational risks look a little different to last year’s, but the changes owe less to any seismic shift in the industry’s prioritisation of the threats it faces and more to the way Risk.net has asked it to list them.
As in the past, respondents were asked to select the top operational risks faced by their organisation over the year ahead. This time, however, they were asked to supplement these risks with real-world examples of potential loss events, which were then aggregated and mapped to the taxonomy above, with broad categories broken down and analysed in a separate chapter for each.
The new method has brought a few boundary changes. No, the industry has not collectively decided cyber risk is not a true operational risk; rather, its impact is now considered so all-pervading that it is treated as a causal factor across multiple categories – principally IT disruption, data compromise, and theft and fraud, but also outsourcing – rather than as a wide group in itself.
The aim, simply, is to give readers a better insight into what their peers spend their time worrying about. The knowledge that more practitioners consider loss of functionality from a cyber attack – whether intended to be disabling or not – to be a (marginally) greater threat than that of data compromise or plain old theft should prove valuable to firms, if not exactly comforting.
The effect of asking for specific examples has not seen broad categories being broken up and atomised; instead, some groupings have expanded.
The resulting taxonomies may look alien to some firms, but the way in which many banks categorise and manage risks is also changing
For instance, many practitioners say they now consider the threat of losses from unauthorised trading from rogue algorithms to outweigh that of rogue humans. The growing risk from errant algos, as well as tighter conduct risk regulations clarifying risk managers’ responsibility for overseeing them, sees the two being considered alongside one another for the first time.
The resulting taxonomies may look alien to some firms, but the way in which many banks categorise and manage risks is also changing – nowhere more so than in the realm of operational risk.
Ashley Bacon, chief risk officer at JP Morgan, last year detailed the bank’s approach to grouping emerging exposures into one of six buckets. Non-financial risks dominate most of them. Deutsche Bank, meanwhile, became perhaps the first large global bank to appoint a group-wide head of non-financial risk last year in Balbir Bakhshi.
In the past, some have criticised the survey for choosing to focus on broad categories of risk concern, rather than specific potential loss events. That approach is deliberate. The survey is inherently qualitative and subjective; the weighted list of concerns it produces should be read as an industrywide attempt to relay and share worries anonymously, not as a how-to guide. Such a list would be brief and dull, with its value to a broad group of readers as an annual health check severely limited.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Our take
Podcast: Lorenzo Ravagli on why the skew is for the many
JP Morgan quant proposes a unified framework for trading the volatility skew premium
Quants see promise in DeBerta’s untangled reading
Improved language models are able to grasp context better
Counterparty risk model links defaults to portfolio values
Fed’s Michael Pykhtin proposes using copula models to capture effects of margin calls on default risk
Does Basel’s internal loss multiplier add up?
As US agencies mull capital reforms, one regulator questions past losses as an indicator of future op risk
Is JSCC-CFTC stalemate about to be broken?
Japan CCP gains allies in battle to clear yen swaps for US clients, but CFTC shakeup could dash hopes
What T+1 risk? Dealers shake off FX concerns
Predictions of increased settlement risk and later-in-the-day trading have yet to materialise
Go your own way: departures pose new challenges for CFTC
Loss of Democratic majority would impede chairman’s ambitions for regulatory agenda
Altice’s dropdown is a warning for European creditors
Carve-out used to shield assets from lenders may occur in a fifth of European deals