2023 top 10 operational risk frequency and effect năm 2024

Hot off the press: Best Practice Operational Risk Forum, comprised of professionals from over 50 national and international organisations, met yesterday to examine industry top risk reports and consider the most prominent Operational risks financial services firms should have on their radar. Top 10 Risks are described below:

1.People risk: staff capacity and capability. This refers to issues such as the Great Resignation, difficulties in obtaining talent, tax regime not adequate to support global home working and all the unknowns related to the longer-term impact of hybrid working arrangements.

2.People risk: staff wellbeing - burnout and depression, increased stress levels of both leaders and staff, escalating during the last two years.

3.Cyber crime: complex threat landscape, highly coordinated, multi-step attacks. The risk continues to top the chart in terms of impact and likelihood. ORX notes two out of the top 5 Operational risk losses last year were cyber-related (specifically, crypto-related).

4.Theft and Fraud: external fraud (inc. retail card fraud, money laundering); internal fraud (inc. rogue trading); broad inherent risk in financial services which is expected to firmly remain in the top place.

5.Supply chain / third-party risk: failures in the supply chain impacting service delivery; and concentration risk, especially as it relates to cloud service providers. Became prominent as more services are moving to the cloud.

6.Legacy IT system / infrastructure: system downtime/ failures of legacy technology / underinvestment in technology leading to potential customer and market detriment.

7.Regulatory risk: fines and penalties due to inability to timely identify and implement regulatory requirements. Far from being new, and remains high on the agenda.

8.Climate action failure: inability to adjust the product set and embed requirements beyond the regulatory minimum; as well as organisational and business model change triggered by climate change programs. Topical, however not yet seen by practitioners as high and urgent as people and cyber risks.

9.Data breaches: acts of non-compliance with GDPR, given the amount of data continues to increase; this risk is also linked to and dependent on the legacy technologies. As noted in Forbes report, the frequency of data breaches are increasing and the types expanding.

10.Financial crises: impacts on people, systems and processes; despite not being a classical Operational risk sub-type by definition, the impact of the disruption that started during the pandemic cannot be underestimated.

And a note on Emerging Operational Risks considered by the Best Practice Forum - majority are people related. Operational risk professionals have a crucial role to play in escalating People risk up the organisational agenda, to ensure it is recognised as a major risk in its own right, evaluated and mitigated, with firm and thoughtful actions.

After extensive research into the main concerns for Chief Risk Officers, Chief Information Officers, Chief Technology Officers and Enterprise Risk Managers, ReadiNow has compiled everything you need to know about the top operational risks facing organisations.

1. Cyber attacks

in 2017, 54% of companies experienced one or more successful attacks that compromised their data and/or IT infrastructure. Given that this statistic has been steadily increasing the last few years, it is safe to say that 2018 will be the worst year to date for cyber attacks.

Successful cyber attacks on average cost an organisation $301 USD per employee. Given the security and financial impact that cyber attacks have on organisations, we have ranked this the number one operational risk for 2018.

Cyber attacks will continue to trend into the future as one of the top three operational risks for organisations. It is imperative for organisations to develop an effective cyber risk management framework that can scale as the organisation grows. This framework must also take into account the ever-increasing prevalence of external business software and applications and have clear, succinct security measures to ensure if these applications are compromised at the source, your organisation is not affected.

Only one in three organisations believe that they have the appropriate resources to manage their security effectively. While this is an extremely concerning statistic for Chief Risk Officers and Enterprise Risk Managers, funding for security budgets is continuing to rise with an 8% rise forecast for 2018. However, this increase in budget has been mainly due to organisations reacting to cyber attacks rather than proactively implementing operational risk management frameworks to prevent them from occurring in the first place.

2. Human Error

While all operational risks can be linked directly to human error, its proliferation in recent years has caused it to become an even greater concern for Chief Information Officers, Chief Risk Officers and Enterprise Risk Managers.

Over 50% of all the data breaches reported to Australia's Information Commissioner under the new laws were caused by human error. Although the laws have only recently been implemented, the severity of human error negatively affecting an organisation's operational risk is evident.

Human error is preventable and when operational risk management frameworks proactively account and develop strategies to minimise it, organisations often find great ROIs after implementing them.

A good general rule for preventing human error in your organisation's operational risk appetite is to reduce human influence on work processes that can be automated. Workflows that can be automated and laid out with automatic breach triggers and notification systems can greatly reduce the impact of human errors on your organisation.

3. Regulations

If you need to look for a real-world example of the impact of regulations for operational risk in Australia, look at the recent Royal Commission into the financial services industry. While fines were given to those businesses found in breach of laws and found guilty of misconduct, arguably the greatest impact for the financial services industry was the loss of social confidence from customers and shareholders.

Corporate social responsibility is continuing to play an increasingly more and more important role in operational risk for organisations. The regulatory landscape is playing catch-up with the technology and business of the digital era. However, when the regulatory enforcement bodies do catch up, organisations who are not properly prepared will be caught out and suffer severe financial and non-financial impacts that could be devastating for their organisation.

There is software out there can make the job of ensuring compliance for organisations simplified. However, decision-makers within organisations are often concerned about the perceived risks that come with automating operational risk management processes. If Chief Risk Officers and Enterprise Risk Managers are serious about their operational risk for 2018 and the future, technology is the key.

4. Outsourcing

Outsourcing is a major operational risk concern for 2018 and will continue to be in the future. Organisations are continuing to become more and more reliant on vendors for the expansion of all their processes from online CRM platforms to increased server storage capacity.

Given the overall acceptance and integration of outsourcing as a commonplace business practice for organisations today, poor third-party management is leaving many organisations exposed to unnecessary operational risks.

New laws such as the GDPR are a wakeup call for organisations who currently do not have a standardised and auditing and consistent selection process for third-party software and vendors.

Outsourcing has also negatively affected the preservation of daily business continuity for organisations as vendors, particularly the larger ones, are often extremely reluctant in negotiating and customising appropriate risk management clauses to satisfy their customer's needs.

5. Talent Retention

Attracting, retaining and training talent is a major concern for operational risk in 2018. One major reason for this is the increase in competition from buzz sectors such as technology and startups.

Recruitment consultants have reported that most acute shortages for organisations in recent times are jobs related to operational risk management. Organisations are increasingly looking for a specific set of skills as well as direct experience with the new and changing operational risk landscape that the digital era is exposing organisations to today and in the future.

6. Digital Disruption

The digital era has undoubtedly brought the most added operational risks to organisations in 2018 and will continue to do so in the near future.

Internal disruption is a major factor for organisations as they continue to keep up with the rapid pace of technology changes that their competitors and other industries are implementing. Because other organisations are using the technology, many companies often do not carry out their due diligence and research the technology from third-parties they are going to implement, leaving them severely exposed. It is imperative to do your own research when implementing new technology. Just because your competitors are using a new technology doesn't mean you should.

External disruption is a whole new ball game. As technology adoption rates are increasing dramatically across all industries, chances are your competitors may have a new, more shiny version of the business software and applications you are currently using. However, as stated earlier, just because it is shiny, does not make it operationally risk-friendly. A lot of the third-party technology being adopted by organisations have minimal security measures such as simple password access. Given the majority of people are notoriously bad at generating strong passwords, it is no wonder this is having such a big impact on operational risk for organisations.

7. IT Implementation

Planning for successful IT implementation involves more than just choosing the right software. It is imperative that organisations adequately prepare for the implementation of new IT services, particularly when they are enterprise-wide. IT implementation is a major operational risk for organisations today as they continue to transition and update their legacy-based IT services.

When implementing new IT services, information is key. Information on the software, but also information regarding how ready, and willing, their organisation is to adopt new IT that will change the way they work. While IT change brings operational risk with it, IT complacency is often a far greater concern.

To understand whether you really need an IT solution implemented, develop a succinct current-future state proposition of your organisation that takes into account the operational risks of all your paths moving forward. Make sure the IT implementation is aligned with your organisational vision, objectives and goals, because if it isn't, what's the point?

8. Data Analytics

Data analytics are continuing to be realised as a key metric for all organisations. Therefore data should be a key driver for all organisational decision-making. The digital era has served organisations as an invaluable resource that should not be overlooked. It is imperative that organisations found all their decision-making processes in data, rather than on instinct or familiarity.

However, how could data analytics possibly impact an organisation's operational risk? Well, it's not so much how organisation's are using data, but how they are obtaining it.

believe that personal information that is used for purposes other than it was provided for is a misuse of data. While current regulations do not make these current data usages illegal, regulations such as the GDPR are highlighting that Governments are listening to their citizens' concerns for data privacy.

Operational risk should come into play with the organisation's data analytics when they are judging the financial and non-financial fallouts if their customers were made aware of how they were using their information. Approaching data analytics like this means you will develop a healthy data appetite that your customers will not be upset with.

9. Cyber Fraud

One industry that is facing particularly concerning cyber fraud incidents on a daily basis is the financial services industry. Phishing attempts from scam emails to malware network integration attempts are daily occurrences for financial institutions of all sizes.

Interestingly, some operational risk managers are reporting that financial institutions which are perceived to have strong cyber defences are less likely to be targeted by cyber fraud.

Given these insights, it's no wonder operational risk managers in financial institutions are more worried about cyber bandits than physical robberies.

The difficulty for Chief Risk Officers and Enterprise Risk Managers for 2018 and the future will be developing effective operational risk management plans that are highly variable to the financial severity of similar cyber fraud attack types. For example, an email phishing attempt could result in a couple of hundred dollars lost or potentially millions, greatly increasing the overall impact it will have on a financial institution.

10. Organisational Change

Organisational change is a considerable operational risk for organisations when you consider the number of variables and different outcomes that could occur, particularly if the organisation is not used to change.

Organisational change is often necessary, yet is often not executed in the most practical and non-disruptive manner. As the digital era continues to force organisations to change their operations, those who are staying ahead of their competition by proactively changing are the organisations less likely to face operational risks during and after the process.

Organisational change does not have to increase an organisation's operational risk, yet it does because of the way organisations approach change. Make sure a solid pre, during and post approach is taken to any organisational change, no matter how small. This structure will make sure best practice is the norm for your organisation which will be especially vital when larger change projects take place.

11. Existing Work Processes

No organisation likes to admit it, however, every business can improve its current work processes to reduce their overall operational risk. Whether your operational risk management is done on spreadsheets or through intelligent software, there is always room for improvement. Regular testing and internal auditing are just two of the many ways in which an organisation can easily scope out new operational risks that have not been accounted for.

Make internal testing and auditing a habit. If you are regularly stress-testing and looking for gaps in your risk frameworks, it is guaranteed you will find problems, but more importantly, improve your current risk management processes.

However, it is important to remember, the more you are regularly testing and updating your operational risk management frameworks, the more tedious working with spreadsheets and inefficient framework processes will become.

Intelligent software isn't the solution for all businesses when it comes to optimising operational risk processes, yet it is certainly worth looking into.

What is the top operational risk for 2023?

Top 5 operational risks to watch.

Cybersecurity threats. In an increasingly digital world, banks are vulnerable to cyber attacks that can compromise customer data, disrupt operations, and erode trust. ... .

Technological disruptions. ... .

Regulatory compliance. ... .

Talent management. ... .

Geopolitical and economic uncertainties..

What is the frequency of operational risk?

Frequency and severity represent two dimensions of a bank's operational risk exposure. Frequency reflects how often operational loss events occur in a bank, while severity reflects how damaging these events are on average. Total operational losses combine these two dimensions into a single measurement of exposure.

What is the operational risk horizon 2023?

The highest-ranked risk in the 2023 Operational Risk Horizon study was cybercrime, with 89% of respondents choosing it as one of their top five. The next top risk was business service disruption, reflecting the increased likelihood of simultaneous disruption in a turbulent external macroenvironment.

What is the top risk survey for 2023?

The 2023 risk environment is rated at the highest noted in the 11 years we have conducted this survey. People and culture are at the top of the agenda. Finding and keeping talent is THE top risk. Rising labor costs are a significant concern.