Aligning operational risk management (ORM) with strategy could enable strategic change, improve business performance and enhance customers' experience for financial institutions. However, only about half of firms with less than $250bn in assets leverage ORM to challenge business models, according to a survey by KPMG and The Risk Management Association (RMA).
The ‘Operational Risk Management Excellence Survey’ found that larger institutions appear more advanced in aligning ORM with strategy, with 90% at or above $250 billion in assets leveraging ORM to challenge business models.
“Aligning ORM with business strategy enables financial institutions to identify, assess and mitigate risks, while adding business value,” said KPMG operations and compliance risk services principal Philip Bray. “We’ve observed that, for many institutions, the first priority is to resolve regulatory issues and then take a broader look at how ORM is integrated into strategy.”
The survey found that digital transformation spend is lacking, with only 20% of firms at or above $250bn and 27% under $250bn dedicating a portion of annual budgets to digital transformation, including automation and data and analytics.
In contrast, all those surveyed were of the view that the following areas are most important to regulators, in decreasing order of importance—operational risk aggregation / profile (92%), operational risk appetite (88%), information / cyber security (85%), risk control self assessments (85%), operational risk monitoring (81%) and vendor risk management (77%).
Just 27% and 21% of larger and smaller firms respectively have dashboards to report risk exposures and their impacts on business strategy and performance. This is down from 80% for larger firms in 2014.
While prioritising compliance is understandable in this challenging regulatory landscape, institutions that cannot evolve their ORM from a ‘check-the-box approach’ to one that informs the organisation as a whole, are not realising the full value of their operational risk spend, said RMA chief administrative officer and director of operational risk Edward J. DeMarco, Jr.
He said that they are also missing opportunities that could be transformational to their businesses.
The survey was conducted across North America, Europe and Asia on over 85 leading financial institutions, including over 20 global systemically important banks.
It aimed to give participants insights into leading industry ORM practices in support of enhanced business value and heightened regulatory expectations to help firms gauge positioning against evolving industry practices, assess and improve their ORM frameworks, and enhance risk management.
The full findings can be found here.