Large financial institutions are continuing to make strides in increasing recognition of operational risk among the board and C-level executives, according to a new survey report released by KPMG and the Risk Management Association (RMA).
However, the survey also points to opportunities to improve the alignment of operational risk management (ORM) with business strategy, and to more effectively deploy operational risk stature and appetite across all levels of the enterprise.
The survey, which queried executives from some of the largest North American financial institutions, is an in-depth analysis of the current state of operational risk management programs and the drivers for further evolution of the ORM discipline. The survey revealed that, while the institutional stature of ORM continues to improve, only 54% of Basel Advanced Measurement Approach (AMA) firms and 40% of non-AMA firms reported that their boards and executive management have elevated ORM to fully align with their business strategy and heightened regulatory expectations. Approximately 23% of AMA and 10% of non-AMA respondents have yet to begin these efforts.
“Insights from the survey show the need for ORM to be fully aligned with a firm’s strategy in order to ensure effective risk identification, assessment, and management,” says Jitendra Sharma, global head of KPMG’s Financial Risk Management Service Line. “However, the survey results underscore the positive strides that continue to be made by financial institutions in this field and the essential role ORM plays in the strategic success of these firms.”
Survey results also indicate that financial institutions are likely to face considerable challenges responding to competitive business pressures and complying with new regulatory standards. The cumulative impact of recent regulatory imperatives will require expanded efforts by enterprise risk management and business lines to continue strengthening ORM and optimizing its value.
“Although there is still room for ORM to mature so that it is truly viewed organizationally as the ‘third leg of the enterprise risk management stool’ along with credit and market risk, the survey results are very encouraging, as they confirm the industry is continuing efforts to further evolve ORM to meet the challenges presented by our increasingly complex regulatory environment,” says Edward DeMarco, general counsel and director of Operational Risk and Regulatory Relations/Communications at RMA.
The research also identified the following trends in ORM:
- Encouragingly, 85% of AMA respondents have at least partially integrated and embedded their ORM processes and systems into business activities across their enterprise.
- With respect to monitoring and managing risk tolerance, 54% of AMA and 60% of non-AMA respondents indicated that ORM is fully escalating issues that exceed their firm’s operational risk appetite.
- Work is still needed to fully deploy both quantitative and qualitative measures of operational risk appetite across the enterprise, as 38% of AMA and 70% of non-AMA respondents stated they have yet to define and cascade their operational risk appetite to the business line level.
- In a positive industry trend, 85% of AMA and 60% of non-AMA respondents stated that their ORM data is at least partially supported by effective governance, standards, and data stewards.
“The survey results pertaining to ORM data, analysis, and reporting are consistent with the findings of the Basel Committee on Bank Supervision in this area,” says Hugh Kelly, principal and national lead of KPMG’s Bank Regulatory Advisory Practice. “As the regulatory community continues to stress sound risk data principles, the survey shows that data-related issues are gaining prominence within firms, but they are still wrestling with comprehensively reporting material risk across all areas, such as process, product, location, and legal entities.”