Top 10 operational risks for 2013
IT sabotage, reputational damage and fraud are among the chief risks seen affecting financial firms’ operations in the coming year.
The year to come will see, at best, sluggish economic growth worldwide. International Monetary Fund forecasts show a third year of lacklustre growth in the advanced economies (1.5%, after 1.6% in 2011 and 1.3% in 2012) with no hope of making up the shortfall created by the 2008 crisis (although the US, relatively unhampered by austerity policies or the European debt crisis, will grow considerably faster than the UK or the eurozone), and growth of just 5.6% in the emerging economies.
The stress this causes throughout the financial world will manifest itself in a number of ways: fraud, money laundering, regulatory change and uncertainty, mistrust of banks and the risk of control failure.
Some of the 10 operational risks on this list will be obvious – the challenge to business continuity from natural disasters, for example, was underlined by the impact of October’s hurricane on the north-east US, in particular its impact on the financial industry in southern Manhattan. Some, though, are less obvious – it’s a near-certainty that 2013 will see natural disasters somewhere in the world, but the odds of a worldwide disease outbreak are lower. Still, it deserves inclusion on the list as a risk against which many institutions may not be well prepared. Others again are closely linked – a failure in internal controls may be the result of problems with organisational culture, and may be the immediate cause of a breach in sanctions or money-laundering rules, and this in turn may attract political attention and cause reputational damage.
In no particular order, here are Operational Risk & Regulation’s Top 10 operational risks for 2013. Click on the links to read full analysis on each of the risk types.
Internet-based or cyberattacks have crossed the line from being a relatively minor institution-level threat to a significant danger to the stability of the financial system. A year which saw a growing chorus of warnings of the systemic dangers of cyberattack culminated in a speech by Atlanta Federal Reserve Bank president David Lockhart in late November. “In the last few months, the United States has experienced an escalating incidence of distributed denial of service attacks aimed at our largest banks,” Lockhart said.
A good reputation has never been easier to lose – although this may not be a problem for much of the financial sector, as it doesn’t have one. Once again in 2012, the annual Trust Barometer survey conducted by US PR firm Edelman found banks and financial services the least trusted sector of business – less trusted even than they were in 2011.
In 2011, UK banks ring-fenced a total of £5 billion for expected compensation payments to customers who had been mis-sold financial protection products – in particular, payment protection insurance (PPI). In 2012, it emerged that they had been too optimistic – the major banks have more than doubled their provisions for PPI payouts.
Internal fraud remains, as ever, a high priority for risk managers across the financial sector. Economic downturns are known to generate fraud: as employees come under real or anticipated financial pressure, they face the temptation to steal, or to concoct favourable-looking sales and profits in order to reap higher bonuses or simply to ensure they remain employed.
The past decade has seen two high-profile widespread outbreaks of respiratory disease: severe acute respiratory syndrome in 2003 and H1N1 influenza in 2009-10. The risk of a severe influenza pandemic – in which a sudden genetic shift creates a new strain of the influenza virus, which spreads to affect a significant proportion of the world – has been estimated at one in every 25-30 years.