How do banks respond to the increasing regulatory requirements around operational risk?
Costs and charges arising from banks’ non-financial risks have increased sharply in recent years. In part this reflects the compensation and litigation costs relating to misconduct, but it has also been driven by the costs of IT failures and cyber-attacks. Recent and prospective regulatory requirements and supervisory actions not only impose additional compliance costs but also require banks to take a more strategic view of how they identify, measure and control their non-financial risks.
To better understand how banks are responding to these developments and to provide banks with an opportunity to share and compare their views with peers across the market KPMG undertook a survey of 36 banks across Europe. The survey results highlighted the importance of banks’ non-financial risks. Nearly half of the respondents reported that such risks accounted for more than 10 percent of their banks’ total losses, and that operational risk represented more than 10 percent of risk weighted exposures.
- Non-financial risks are important
- Banks are planning to develop their frameworks for non-financial risks
- The assessment and measurement of non-financial risks is the main areas for improvement
- Banks also identify the need to align more effectively the elements of managing non-financial risks, to enhance risk reporting and to strengthen risk culture
- Many banks do not specify an effective risk appetite for non-financial risks
- Risk ownership and challenge remain unclear
- Many banks are addressing non-financial risks primarily through an emphasis on IT and compliance risks
Strategic and business risks remain out of focus in most banks’ frameworks for non-financial risk