Financial services firms are well aware of the heightened political and regulatory pressure on them to be more risk aware and proactive in measuring and managing their risks. Although the financial crisis is reaching its seventh anniversary, the fallout continues in the form of punitive fines for past indiscretions and continuously evolving regulatory guidance.
Since the global financial crisis, regulatory change has been an almost constant issue in the financial services industry. Operational risk has been at the heart of many of the recent enforcement actions, and yet regulations specifically governing operational risk management were largely overlooked by regulators in the years immediately after the crisis hit. That has recently changed, however. In 2014, the U.S. Federal Reserve and the U.S. Office of the Comptroller of the Currency (OCC) both published enhanced risk management standards for large banks to follow. The Federal Reserve issued Enhanced Prudential Standards for Bank Holding Companies and Foreign Banking Organizations that set out broad-based risk management and corporate governance requirements for large banks, while the OCC released its “Heightened Standards for Large Financial Institutions” specifically aimed at strengthening the governance and risk management practices of large financial institutions. In June 2015, the European Banking Authority (EBA) issued its final draft regulatory technical standards (RTS) on assessment methodologies for the use of Advanced Measurement Approach (AMA) models for operational risk. Finally, the Basel Committee on Banking Supervision (BCBS) issued a consultation paper on its intended revisions to the simpler approaches to the operational risk capital framework.
The result of these regulatory changes has been additional pressure on financial services firms to strengthen further their operational risk management capabilities and processes. Organizations with strong operational risk programs are starting to reap the business benefits of implementing more advanced risk management practices. Predictive key risk indicators (KRIs), stronger and more efficient operational processes, as well as more emphasis on identifying thematic risks combined with a strengthening of the control environment, are helping firms gain real value out of going beyond compliance with these heightened risk management standards.