Operational risk
WHAT IS THIS? Operational risks are those arising from people, processes and systems – the biggest form of exposure for many industries, but one that was neglected by financial firms until the collapse of Barings Bank in 1995. It was added to the Basel capital framework in 2004, but attempts to model operational risk were dealt a heavy blow by the huge, unforeseen losses suffered by banks in the aftermath of the financial crisis.
How FCA could help tackle third-party risk in AI
UK regulator’s supercharged sandbox is designed to boost explainability and reduce reliance on vendors
Op risk data: For Yes Bank, no mercy over insider fraud
Also: Cracking Brazil’s Pix hacks, Macquarie fund fumble, and taxing time for Crédit Agricole. Data by ORX News
Credit Suisse AT1 ruling may only benefit a third of bondholders
Swiss law may mean only bondholders who appealed writedown get compensation, if there is any
Basel III adoption gap widens as Turkey and India stall
With just a third of jurisdictions fully compliant, progress on the post-crisis banking reforms remains uneven worldwide
First line of defence dominates third-party risk management
1LoD survey finds 86% of control functions think they have sole responsibility for vendors
Fewer than half of banks rate their GRC vendor as ‘good’
Enterprise Risk Benchmarking study shows banks juggling multiple systems, adding costs and complexity
71% of banks automate escalation of appetite breaches
Automated processes are less common at banks where ERM sets overall risk appetite, research shows
North American banks outpace Europeans in ERM
New research shows US, Canadian banks have more developed enterprise risk management functions
Banks treat ERM as compulsory – even when it isn’t
More than 80% follow supervisory guidance or expectations for ERM, benchmarking shows
Enterprise risk managers: police or foot soldiers?
With more than 5,000 data points from 37 banks, our first ERM Benchmarking exercise shines a light on very different missions
Ice Credit below availability target after six-hour op failure
May 5 outage longest since public disclosure began in 2015
Op risk data: 1MDB scandal still haunts Wall Street
Also: Woodford in hot water, Salesforce voice phishing hooks multiple firms. Data by ORX News
Dora delay leaves EU banks fighting for their audit rights
Regulation requires firms to expand scrutiny of critical vendors that haven’t yet been identified
Rumblings over UK review of ‘bad apples’ regime
Plans to reform Senior Managers and Certification Regime raise concerns over backsliding on conduct in financial industry
CFTC operational resilience rules have ‘no chance’ of revival
Commissioner Johnson touts framework as response to Ion hack, but lawyers say it misses target
How some banks aced the EBA stress test
Four banks actually increased their capital ratios, while US subsidiaries were hit worst
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
ECB may force banks to rethink cloud just months after Dora
EU regulator pushes multi-cloud strategy for banks, but guidance will not be binding
Op risk data: Santander takes hefty historic hit over PPI mis-selling
Also: Brazil’s cyber screw-up, Barclays’ AML mishap, and MAS metes out more AML fines. Data by ORX News
Almost all banks mandate cyber security training
And unlike other risks, information security coaching moves the internal confidence dial
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now
Regulators zero in on third-party risk, resilience
In latest survey, 35% of banks say watchdogs have “significantly increased” focus on third-party risk, with reports of arduous inspections and growing resource strain
Mapping the influence of enterprise risk management: a systematic review and bibliometric analysis
The authors conduct a bibliometric analysis and systematic review to investigate the influence of enterprise risk management research.
Ninety-one per cent of banks have specialist teams for resilience risk
Latest survey shows regulatory pressure is driving broader framing of resilience, beyond IT and cyber