According to an OCC review of examined bank risk1, operational risk has overtaken credit risk as the most important risk type, and the LIBOR scandal, product mis-selling, fraud in ETF and securities financing markets in Europe have brought it to the forefront. With further neighboring disciplines being incorporated into and extending on from operational risk management, it occupies a position at the core of the modern risk function.
Chartis has noted a number of trends in the demand side, which are listed below:
Preparing for future crises: The definition of a safe financial institution has changed - it is not one which takes no risks or is risk-compliant, but one which is organizationally and technologically able to withstand the crises of the future.
Observation bias: The low-frequency, high-severity events cannot be accounted for by traditional operational risk systems, yet firms continue to believe that their risk metrics are effectively managing operational risk. The observational bias of measuring risk in a simplistic manner, and then assuming that these simplistic views of risk are accurate, is one of the biggest dangers facing the financial services sector.
The shortcoming of compliance-based operational risk: There is a growing divergence between risk management and compliance - regulation is backwards-looking, and will be unable to capture the risk events of the future.
No respite from regulation: The regulatory cost of operational risk continues to increase in both direct and indirect ways. The costs of databases and data models and non-compliance are coupled with the transformation of market and counterparty risks into operational risk.
Allocation and optimization: It is critical to optimize the risk taken in the context of the risk appetite of shareholders. Operational risk is becoming a trigger for firms to exit or modify their business portfolios.
The future of operational risk: The market leaders in operational risk will be those looking ten years or more into the future. The scope of operational risk will widen and come to primacy as the most important risk discipline, incorporating and closely linking with other risk disciplines such as conduct risk, model risk, and reputational risk and new systems focused on discovery and “unknown unknowns” within data sets will detect the black swan risks just around the corner.
Within the supply side of operational risk management systems, Chartis has observed the following trends:
The range of solutions and functionalities offered by vendors can make it difficult for buyers to decide which solution best suits their operational risk needs. Consolidation of vendors, increasing requirements and demands from buyers, and continued innovation has altered the operational risk technology landscape.
Operational risk systems are increasingly including cyber-security. With the increased connectivity of modern banking, including cloud-based and mobile solutions, the potential cost of cyber-security failures has increased dramatically and is swiftly becoming a priority.
Consolidation of systems: Although some firms are utilizing separate systems for operational risk requirements, cost and complexity pressures are driving them to consolidate into enterprise operational risk platforms.
Linkage of systems: As an extension of the above trend, neighboring disciplines are being incorporated into operational risk such as audit, compliance, and financial crime. These in turn are leading to the incorporation of advanced analytics from these systems.
Advanced analytics: Traditional operational risk models have focused on over-fitting and data adequacy. New research methodology is focusing on a variety of analytical methodologies, such as factor based models, fuzzy logic systems, and concept maps.