In a series of interviews that took place in November and December 2016, Risk.net spoke to chief risk officers, heads of operational risk and other op risk practitioners at financial services firms, including banks, insurers and asset managers.
Based on the op risk concerns most frequently selected by those practitioners, we present our ranking of the top 10 operational risks for 2017.
1. Cyber risk and data security
An overwhelming number of risk managers ranked the threat from cyber attacks as their top operational risk for 2017 – the second year in a row it has topped the rankings, this year by an even larger margin.
And this is no surprise as the threat from cyber attacks is not only growing, but also mutating into new and insidious forms, say risk practitioners.
To many op risk practitioners, the landmark regulations of the post-crisis era – the overhaul of the capital adequacy framework, widespread market structure reforms, far-reaching changes to accounting practices – represent a laundry list of potential operational risks for their institution.
Fines and penalties for noncompliance, the restructuring of desks and operations and the shuttering of businesses all present complex and hard-to-model threats. In the US, the Dodd-Frank Act alone – irrespective of President Trump’s promise to expunge it – has produced thousands of pages of rulemakings from prudential and markets regulators, covering everything from stress testing to clearing, trade execution to hedge fund reporting.