Cyber is biggest operational risk fear, say practitioners
Regulator emphasis and high-profile attacks keep cyber threat top-of-mind
Click for Top 10 Operational Risks for 2016
Cyber risk has emerged as the most common operational risk concern cited by respondents in a survey of op risk practitioners conducted by Risk.net.
In a series of interviews that took place in November and December last year, Risk.net journalists spoke to chief risk officers, heads of operational risk and other op risk practitioners at financial services firms, including banks, insurers and asset managers. Based on the op risk fears most frequently mentioned by those practitioners, Risk.net compiled a list of the Top 10 Operational Risks for 2016.
Topping the list is cyber risk, which was described as “a clear and present danger” to firms and the public by one London-based director of operational risk.
Mark Cooke, group head of operational risk at HSBC, is similarly concerned. “The expansion of digital service channels, along with the increase in the sophistication of attacks, has seen a marked uptick in vulnerability to cyber risk and particularly the reputational impact through loss of client information or denial of core customer services,” he says.
Cyber risks have been kept at the forefront of practitioners’ minds due to a strong focus on the topic from financial regulators and the level of media attention garnered by high-profile attacks. The Federal Reserve Bank of New York has identified cyber as one of its top risk priorities, with a senior supervisor warning the OpRisk North America conference in March 2015 that it could be the source of the next financial crisis.
Op risk practitioners note that cyber attacks regularly make the headlines, both inside and outside the financial sector. One example cited as part of the survey was the hacking of UK-based telecoms provider TalkTalk in October last year, which caused a major loss of customer data.
“With TalkTalk, their shares plummeted when they first had to announce it,” notes one head of op risk at a hedge fund, who did not wish to be named. “If you’re a TalkTalk customer you’re not likely to renew your contract; if you’re a new customer, you’re not likely to go to TalkTalk because you perceive their controls are not really robust enough to protect your data. So these incidents do impact the bottom line and they tend to hurt the smaller guys more than they hurt the big guys.”
This year, the second most frequently cited op risk worry is conduct risk. Practitioners note that poor conduct can result in problems such as mis-selling, market abuse and fraud, which may lead to lawsuits and regulatory penalties. Since the 2008 financial crisis, a brighter spotlight has been shone on conduct due to the creation of the UK Financial Conduct Authority (FCA) in 2013 and the US Consumer Financial Protection Bureau in 2011.
“What I would highlight as one of the biggest issues is conduct risk,” says Rajat Baijal, London-based head of enterprise risk at Cantor Fitzgerald. “It’s certainly been hot on the FCA’s agenda, but is increasingly becoming a global phenomenon.”
In third place on the list is regulation. Op risk practitioners point to the sheer volume of regulatory changes seen in recent years, including those triggered by the US Dodd-Frank Act, Europe’s Mifid II, and changes in capital rules from the Basel Committee on Banking Supervision. The Risk.net survey found that concerns about regulation were widely spread among op risk practitioners – regardless of whether those practitioners worked at banks, insurers or asset managers.
“There is increasing uncertainty around the requirements and expectations of regulators, shifting timelines and a lack of transnational consistency,” complains Enda Collins, an operational risk manager at GE Capital in Dublin. “This has also put pressure on firms’ infrastructure, as limited resources are being directed towards regulatory requirements, as opposed to business [and] customer needs.”
Some of the other most popular op risk worries in this year's survey are organisational change, recruitment and retention, outsourcing, and the risk of IT failure. The timing of the survey, which coincided with the November 13 Paris attacks, helps push the risk of terrorism into the top 10.
An in-depth feature detailing the Top 10 Operational Risks of 2016 will be released on Risk.net tomorrow (January 20). The feature will also be included in the February 2016 issue of Operational Risk magazine.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Dora flood pitches banks against vendors
Firms ask vendors for late addendums sometimes unrelated to resiliency, requiring renegotiation
Quant Finance Master’s Guide 2025
Risk.net’s guide to the world’s leading quant master’s programmes, with the top 25 schools ranked
Regionals built first-line defences pre-CrowdStrike
In-business risk teams vary in size and reporting lines, but outage fears are a constant
Op risk data: Santander in car crash of motor-finance fail
Also: Macquarie fined for fake metals trade flaws, Metro makes AML misses, and Invesco red-faced over greenwashing. Data by ORX News
Public enemy number one: the threat to information security
Nearly half of domestic and regional banks report risk appetite breaches amid heightened sense of insecurity
Credit risk transfer, with a derivatives twist
Dealers angle to revive market that enables them to offload counterparty exposures, freeing up capital
Op Risk Benchmarking 2024: the banks
As threats grow and regulators bore down, focus shifts to the first line
Fed stress-testing operational readiness of discount window
Experts say consultation on improved ops should be accompanied by focus on willingness to borrow