Risk Management
  • Home
  • Features
  • Columns
    • ForeFront
    • Last Word
    • Findings
    • Q&A
    • Time Line
    • Risk Atlas
    • Fine Print
  • Topics
    • Insurance
    • Enterprise Risk Management
    • Strategic Risk Management
    • Natural Catastrophes
    • Cyber Risk
    • Pandemics
    • Emerging Risks
    • International
  • Blog
  • Digital Issue
  • Subscribe
  • RIMS.org
  • Home
  • 2021
  • February
  • 17
  • 7 Key Challenges for Operational Risk Professionals

7 Key Challenges for Operational Risk Professionals

Rupal Patel
February 17, 2021January 29, 2021 4 Comments
FF Operation Risk Risk Management

Operational risk management teams in financial institutions had a tumultuous year in 2020, and it seems likely that 2021 will bring even greater challenges as regulators around the world press ahead with delayed plans, new risks emerge, and existing ones rise up the agenda. For risk professionals and their organizations, navigating these risks effectively will directly impact whether firms are able to deliver on crucial business goals. In the process of meeting these challenges, operational risk management will in turn likely be transformed.

Risk professionals will likely face seven key challenges for the upcoming year:

1. Navigating the new working model: The pandemic has changed the world of work forever, with higher levels of remote working either from home or from business continuity back-up sites expected to continue. Regulators and firms fear that this could cause both increased market abuse and a rise in other financial crimes. In fact, according to Acin data, 60% of all data-driven risk intelligence produced since COVID-19 arose is connected to conduct risk, with a surge at the height of the March 2020 lockdown.

Financial institutions are looking to navigate this new, dispersed approach to work in a variety of ways, including using technology to more intensely digitally monitor employees. But it also means fostering and developing work culture, which requires other types of controls to be applied. This is starting to happen already—Acin’s risk intelligence observations show a 30% rise in controls related to supervision and surveillance since the pandemic struck.

2. Paying back the regulatory debt: COVID-19 has created the phenomenon of “regulatory debt,” which can be broken into two parts. First, when the pandemic started, regulators around the world relaxed certain rules to enable financial services firms to continue operating with changes to working models. In 2021, these rules will likely be tightened, and firms will have to rapidly adapt—for example by enhancing their ability to monitor calls at remote work locations—or face significant enforcement actions.

The second part is regulators’ desire to make up for lost time implementing new rules, particularly related to issues impacted by the pandemic, such as operational resilience and third-party risk management. Firms will need to be prepared to invest in keeping up with the pace of regulatory change in 2021.

3. Improving risk data quality: Data quality has long been an issue for operational risk, with information shared on spreadsheets or in point solutions, usually without data lineage or accuracy checks. At many firms, boards and senior managers under pressure to react quickly to the pandemic were surprised by the poor quality of their risk and control data. Regulators are keener than ever for operational risk management teams to embrace the data governance revolution.

The Basel Committee on Banking Supervision’s (BCBS’s) recent consultation paper, Revisions to the Principles for the Sound Management of Operational Risk, put data governance front and center. It asked firms to “establish risk reporting and management information systems (MIS) producing timely, and accurate data” and that the data’s “integrity is ensured by strong governance and robust verification and validation procedures.” The BCBS also called for “a common taxonomy of operational risk terms to ensure consistency of risk identification, exposure rating and risk management objectives across all business units.”

4. Controlling third-party risk: This emerging risk was attracting interest from both regulators and boards of directors before the pandemic hit and is set to continue to evolve through 2021 and beyond. Originally, much of the focus was on cyberrisks in third-party relationships, especially given that the financial services industry is increasingly outsourcing key activities to third parties. But now, owing to COVID-19, other risks are being amplified too, such as the financial viability risk of third parties, fourth-party risk and concentration risk.

Regulatory activity is picking up in this space. The International Organization of Securities Commission (IOSCO) issued a consultation on Principles on Outsourcing in May 2020 and the Financial Stability Board published Regulatory and Supervisory Issues Relating to Outsourcing and Third-Party Relationships in November 2020. Other regulators, in the United States and United Kingdom for example, are preparing new guidance and rules on this topic for 2021. Boards of directors are increasingly recognizing the potential strategic importance of managing this risk.

5. Building operational resilience: When the U.K. Financial Conduct Authority (FCA) published a consultation on operational resilience back in 2018 and a follow-up at the end of 2019, proposed a number of things, including making critical business processes more robust, whether conducted internally or by a third party. While some questioned the need for these proposals, today, boards and senior managers in financial services firms no longer argue over them, as the pandemic has underscored the need for significantly enhanced operational resilience. Firms are also recognizing that robust operational resilience nurtures agility, and that the ability to adapt under trying circumstances can create competitive advantage. Internationally, regulators are accepting the idea of operational resilience. The BCBS’s August 2020 consultation on its Principles for Operational Resilience is creating a roadmap for jurisdictions to follow when setting their own rules.

6. Increasing regulatory sophistication: Supervisory technology (SupTech) is on the rise, and in some areas is far more advanced than the technology that firms have to detect wrongdoing. Both the U.S. Securities and Exchange Commission (SEC) and the U.K. FCA are now using technology to review trade data for signals of market abuse, and both regularly flag market abuse incidents to unaware compliance teams. SupTech could usher in an era in which the regulators have the upper hand in many non-financial risk areas. For firms grappling with trading teams working remotely, and a lack of technology to monitor remote workers for market abuse producing potential regulatory debt, this presents a clear source of compliance risk.

7. Embedding new technology: Firms with fragmented operational risk infrastructures found it difficult to respond quickly and with agility during the pandemic crisis, and it shone a spotlight on the shortcomings of financial institutions’ current systems and processes. Although many firms were starting to recognize that they could not manage their operational risk management programs on a mass of spreadsheets and a handful of point solutions, the pandemic revealed how critical this transformation is.

As firms adapt and evolve their approach to managing operational risk, there will be significant changes to the operational risk discipline. Looking forward, we are likely to see significant improvements in data quality, increased automation, and a more sophisticated use of technology to proactively manage risk, as well as risk-related processes. As a result, operational risk teams should be much better placed to deliver real value to their business, their senior management teams, and their boards in 2021 and beyond.

Post navigation

Mitigating Risk by Modernizing Legacy IT Systems
Making Proactive Strategic Changes to Address Risk

Related Articles

FF Strategic Changes Risk Management

Making Proactive Strategic Changes to Address Risk

Anand Bhakta
February 18, 2021January 29, 2021 No Comments
FF Legacy IT Technology Risk

Mitigating Risk by Modernizing Legacy IT Systems

Brandon Edenfield
February 16, 2021January 29, 2021 No Comments
FF Spend Risk Internal Audit

Minimizing Spend Risk by Improving Employee Compliance and Policy Awareness

Nathanael L’Heureux
February 11, 2021January 27, 2021 No Comments

4 thoughts on “7 Key Challenges for Operational Risk Professionals”

  1. Ian Max Ewart says:
    February 18, 2021 at 5:34 am

    Thank you for this article – change to a data based approach is on the march in Operational Risk Management

    Reply
  2. Rajesh Zaveri says:
    February 20, 2021 at 11:39 am

    good article

    Reply
  3. Damian Hoskins says:
    February 22, 2021 at 10:27 am

    Excellent round-up of the hot topics in the operational risk landscape this year and beyond. Really enjoyed reading it.

    Reply
  4. Margaret Farinella says:
    February 28, 2021 at 8:17 am

    Excellent articles regarding operational risk issues on the horizon for 2021.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

1 × 2 =

Current Issue

Don’t Miss Out

With many continuing to work remotely, keep in mind that you can always update your mailing address by clicking here to ensure future issues of Risk Management are sent directly to you.

RSS Risk Management Monitor blog

  • Human Trafficking and Supply Chains: Q&A with Tim Nelson of the Slave-Free Alliance February 12, 2021
  • How to Prepare Now for Your Next Crisis Post-COVID February 3, 2021
  • Strengthening Diversity, Equity and Inclusion Efforts February 1, 2021
  • On Data Privacy Day, Catch Up on These Critical Risk Management and Data Security Issues January 28, 2021
  • Supply Chain Stability and COVID-19 Vaccine Delivery January 28, 2021
Copyright 2020. All rights reserved | Theme: OMag by LilyTurf Themes
  • About
  • Subscribe
  • Advertise
  • Contribute
  • Editorial Calendar
  • Contact