Op risk benchmarking
Welcome to Op Risk Benchmarking, a new research service scrutinising op risk practices at a range of financial institutions. Each quarter, we'll share some of the findings from one of four cohorts – G-Sibs, other banks, asset managers and insurers, and FMIs.
Participants get to see all the data – message us for details: ORMBenchmarking@risk.net
Top 10 operational risks for 2024
• Ransomware attacks, combined with the emerging threat of AI, have cemented cyber risk as the financial industry’s number one operational risk for 2024.
• Third-party risk takes third spot in the rankings, following hack attacks on tech vendor Ion Group and securities lending platform EquiLend last year.
• External fraud also re-enters the Top 10 as criminals harness the power of gen AI to defraud financial firms in more creative ways.
Top 10 op risks: AI fears drive cyber risk to record high
External fraud re-enters top 10; change management now a top five concern
Geopolitics is harsh terrain for FMIs
Idiosyncratic nature of disputes and flare-ups leaves exchange and infrastructure operators blending metrics with guesswork
FMIs get busy, as supervisors circle
Via new roles and controls, exchanges and clearers hope to “get ahead” of regulatory wave
On cyber, FMIs seek to avoid being weapons of mass disruption
Controls focus on basic cyber hygiene, but communicating the risk remains a challenge
Op Risk Benchmarking: The G-Sibs
Using data submitted by 11 G-Sibs, our new Benchmarking series explores how the world’s largest banks are managing their biggest operational risks. Team sizes and setups, modelling practices, internal reporting, GRC vendors – take a look here.
Big Figure
Safety in numbers?
FMIs demonstrate broad variability in the size of the second-line teams tasked with overseeing infosec – but that’s starting from a relatively low base: many have teams comprising of just one specialist, while the mean average is slightly more than five.
Op Risk Benchmarking: Banks
Our second Op Risk Benchmarking series focuses on op risk frameworks at large domestic and regional banks, taking a deep dive into each of their top five risks: information security; IT disruption; change management; execution & process errors; and regulatory compliance risk.