Operational risk management in financial institutions: 5 key risks you need to know about

Abbie Glossop Date published: May 11, 22

The last few years have been tough for us all. Operational risk management in financial institutions faced difficult challenges in particular. Brexit, Covid-19, IT and data problems, theft and fraud, technological changes, and regulatory obligations were just some of the risks that caused organisations the most hardship.

Unfortunately, many of these risks have persisted into 2022. To understand operational risk in financial services, Risk.net and Baker McKenzie surveyed one hundred risk management professionals working within the financial services industry. They gathered insight that allowed them to establish broad risk categories that are a concern for the industry this year.

We’ve rounded up five key operational risks from this survey that financial services should be aware of as we continue to navigate yet another tricky year. That way, you can ensure your business is ready to meet these challenges, as well as be prepared to mitigate any emerging risks of the future.

1. IT challenges

IT disruption has emerged as a serious risk in recent times as cyberattacks become more advanced and IT failures are a common occurrence. This situation was not helped by the seismic shift to remote working when the coronavirus pandemic took hold.

If contending with unstable Wi-Fi connections, VPN failures, and even ransomware attacks is a reality you are all too familiar with, you wouldn’t be alone. As a result of inadequate security and weak technical infrastructure, financial services were victim to a 238% surge in cyberattacks during the pandemic. And the danger has continued into 2022.

With hybrid setups here to stay, we can expect further IT challenges as we continue to adapt to fresh ways of working.

2. Data breaches

In a similar vein, data breaches have also surged since the onset of the pandemic and the consequent rise in home working. Whilst this was noted as usually down to flawed processes and procedures, it was also due to employee mistakes or even deliberate wrongdoing.

As staff continue to work from home, it’s unlikely that cyberattacks and data breaches will ease up over the coming years. If you have not already put controls in place to reduce the risk of data breaches, it would be wise to do so. After all, failing to protect your organisation’s data could lose you the trust of your customers and have a detrimental impact on your reputation.

What’s more, data breaches can be costly. Financial services have lost $4.2 million per attack according to a recent report. It therefore goes without saying that the risk of data breaches is not one to underestimate.

3. Theft and fraud

Theft and fraud is yet another area where the impact of a turbulent economy can be seen. Financial handouts from governments have opened the door to fraudulent activity, as has remote working. Banks have also struggled to cope with the surge in customers using online banking.

As we become an increasingly-digital world, there’s no sign that our reliance on online financial services – and the threat of theft and fraud that comes with it – will slow down in 2022. Already, digital fraud attempts have risen by 24% since last year.

4. Regulation, regulation, regulation

Although some regulators had eased off issuing fines during the difficulty of the pandemic, the risk of non-compliance with regulation is ongoing. 

With new rules and requirements constantly being introduced, financial services firms need to be ready to deal with this rapidly changing regulatory landscape. Ensuring that non-compliance is considered within your risk management strategy alongside other operational risks is a good start. Although risk and compliance are often dealt with separately within organisations, coordinating your risk and compliance practices can help ensure that you are well-equipped to handle regulatory risk.

5. The wellbeing of employees

Employee wellbeing has become an increasingly hot topic, but it has only recently surfaced as a top operational risk for financial services. And it’s no surprise as to why. Added to the general anxiety created by much uncertainty over the past few years, juggling a work-life balance continues to be almost impossible for some, with burnout being seen across many businesses.

Employee wellbeing may seem like a difficult risk to manage. Nonetheless, employers must do what they can – and act quickly.

Worryingly, one recent survey has reported that 62% of financial services employees are considering changing careers. This has mostly been put down to a poor work-life balance – and that’s despite 77% stating that they felt supported by their employer during the past year. When it comes to the wellbeing of employees in 2022, organisations evidently have a challenge on their hands. If this threat is not effectively managed, financial services could risk losing staff.

How can operational risk in financial services be managed?

IT challenges. Data breaches. Theft and fraud. Regulatory obligations. Employee wellbeing… Traditional risk management processes may not be enough to cope with the varied operational risks of 2022, and a robust risk management strategy is a necessity for businesses.

Cyberattacks and data breaches, for example, are best dealt with using an enterprise risk management strategy (ERM). This method is proactive, reliable, and more suited to handling today’s risks. ERM also provides you with a greater senior-level view of the risks your organisation needs to manage, helping you to better collaborate, allocate resources and prioritise risks.

Risk management software also brings numerous benefits. If recent years have proved anything, it’s that operational risk management in financial institutions will need to ensure they have the best tools and strategies in place to ensure that their strategies are effective. Investment in technology, as well as adopting an ERM strategy, can support you. Find out more about ERM in our latest white paper: Who owns enterprise risk?

Who owns enterprise risk?

Learn more about ERM and how you can manage operational risk within your organisation.