As the financial industry faces a catalogue of rising operational risks around the world, banks are in a much stronger position to mitigate potential threats than just 12 months ago. According to Acin’s risk control score—which measures the completeness of controls of members within its network—banks have improved their control environment by a third over the past year. This is significant because most financial institutions in Acin’s network are global systemically important banks (GSIBs), which implies the industry is managing risk better through better control design, stimulating a safer banking industry. 

Those improvements come as banks stare down a wave of disruption. From the ongoing challenges of the Covid-19 pandemic, which have transformed working practices globally, to mounting geopolitical tensions following Russia’s invasion of Ukraine earlier this year, the operational risk landscape has only been intensifying. More disruption is also on the cards. The proportion of analysts expect operational risk from political and economic developments to double to 80% from 40%, according to the European Banking Authority’s (EBA) Spring Risk Assessment questionnaire. Geopolitical risk saw the biggest individual increase (35% of respondents flagged it as a concern, compared to 10% in the previous survey). Conduct risk and legal risk were also among the top emerging risk trends. 

Macro-economic risks are also adding to the more uncertain operating environment. For starters, inflationary pressures are surging worldwide. In the UK, annual inflation hit a fresh 40-year high in June of 9.4%. The US is not far behind, with prices rising 9.1% in June compared to a year earlier, the fastest pace since the end of 1981. Against that backdrop, the International Monetary Fund said the risk of a global recession is increasing, cutting its growth forecast for this year to 3.2%. 

Another emerging operational risk since the start of Russia’s war in Ukraine is around sanctions and the potential speed at which new sanctions are applied to individuals, entities and countries. This means banks must rapidly review and find all counterparties related to any sanctioned parties; merely checking for sanctioned individuals while carrying out know-your-customer (KYC) diligence at onboarding is no longer enough. Underscoring the scale of the issue, during just one week in July, Acin’s Horizon Scanning alerts flagged 100 new entities sanctioned by the US Department of the Treasury in response to the conflict. 

In addition, Acin’s Horizon Scanning alerts have highlighted a number of behavior-related operational risk trends (supported by network data) that banks need to monitor: 

• Social media platforms morphing into an emerging risk 

Remote working has increased the risk of employees communicating with colleagues or clients on unmonitored social media platforms, potentially evading regulatory oversight.  

• Increase in fines for using unauthorized communications channels 

Regulators have been cracking down on banks using such channels: Since December 2021 we have witnessed a number of global banks being fined $200 million each where employees have used unauthorized communication channels such as WhatsApp, Signal or others to circumvent record-keeping rules. 

• Mounting global regulatory pressures 

Regulators are ramping up scrutiny of how banks are adjusting to the post-pandemic operating environment where the use of Whatsapp and alternatives have surged. The SEC, for example, has urged banks to install call monitoring apps on personal phones to deter the use of unauthorized comms activity. 

• Talent risk increases amid shifting work expectations 

The pandemic-fueled ‘Great Resignation’ trend that saw 47 million Americans voluntarily quit their jobs last year means it is tougher than ever to attract and retain talent—which also raises conduct risk concerns about employee behavior.

Banks have been increasing their focus on the operational risk environment, particularly around the potential for further market disruption and also associated behaviours when things go wrong. By being a part of Acin’s network, banks can see how they stack up against the wider industry. That gives them more confidence that they are focusing on the right risks and have the appropriate controls in place—or gives them clearer insights into what they need to change to ensure they are aligned with the majority consensus amongst other banks operating in their market. 

Key areas where banks’ front offices have been tightening and changing their risk controls are: 

• Order management/trade execution 

Banks need to check if trades are being made with newly sanctioned entities, not just at the point of execution but also any pending settlements that need to be cancelled or unwound. 

• Training and procedures 

The heightened sanctions environment means bank employees need to be aware of changing processes around sanctions management. 

• Supervision 

Increased levels of remote working as a result of the Covid-19 pandemic mean banks need to update their supervision policies to ensure sufficient oversight is maintained when employees are working outside of the office. 

• Unauthorized trading 

Banks need to put appropriate controls in place to ensure traders can’t execute trades without the right authorization. 

• Trade pricing and pricing review 

Banks are increasingly putting in place control measures to ensure trades are executed at the best price for clients. 

Acin’s unique perspective of banks’ operational risk and controls from the front to the back office gives a comprehensive birds-eye view of how the industry is performing and where individual banks within it need to improve. 

Here is a rundown of the latest key insights that Acin’s network data is showing: 

• There are up to six times more missing controls in the back office than in the front office. 

• Control completeness varies by 27% across risk types with similar expected losses. 

• Some firms are operating a 1:4 ratio of ‘prevent’ to ‘detect’ across common top risks compared to a network average of 1:3. This means there is too much reliance on detecting rather than preventing these risks (this is most pronounced among top risks such as market abuse). 

• Given the missing controls in the back office, the heavier focus on detection means some banks are far more exposed to operational risks than their peers. 

• Almost three-quarters (72%) of missing front office controls are related to four regulations
  
• Global FX accounts for 27% of all missing front office controls. 

Acin’s network provides member banks with an up-to-date stream of regulatory alerts and loss scenarios so they can stay on top of emerging trends and protect themselves faster.

To learn more about how Acin can help your bank better manage operational risk, get in touch today.