Operational risk is, or should be, at the top of every organisation’s agenda. Its gravity is such that if ignored, the repercussions have the potential to be disastrous – a genuine ‘make or break’ issue.

While a comprehensive understanding of operational risk is clearly in the interests of any organisation, whatever its size and scope, within financial services (FS) it is particularly desirable given the nature of the work the sector undertakes.

How then should we define operational risk and its proximity as a threat? According to the Basel Committee on Banking Supervision, operational risk is: “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. As such, operational risk captures business continuity plans, environmental risk, crisis management, process systems, and operations risk, people-related risks and health and safety, and information technology risks.”

Risk practitioners themselves rank the top operational risks in 2019 as data compromise, IT disruption, IT failure, organisational change, theft and fraud, outsourcing and third-party risk, regulatory risk, data management, model risk, unauthorised trading, Brexit and mis-selling. When these threats, and others, are placed against a backdrop of the more than $200bn of operational risk losses incurred by banks over the past decade, FS firms’ risk practitioners most assuredly have their work cut out for them.

Jul-Sep 2019 Issue

Fraser Tennant