Op risk benchmarking
Welcome to Op Risk Benchmarking, a new research service scrutinising op risk practices at a range of financial institutions. Each quarter, we’ll share some of the findings from one of four cohorts – G-Sibs, other banks, asset managers and insurers, and FMIs.
Participants get to see all the data – message us for details: ORMBenchmarking@risk.net
![](/sites/default/files/styles/landscape_750_463/public/2024-03/Top-10-wrap-montage.jpg.webp?itok=MDAzdwa2)
Top 10 operational risks for 2024
• Ransomware attacks, combined with the emerging threat of AI, have cemented cyber risk as the financial industry’s number one operational risk for 2024.
• Third-party risk takes third spot in the rankings, following hack attacks on tech vendor Ion Group and securities lending platform EquiLend last year.
• External fraud also re-enters the Top 10 as criminals harness the power of gen AI to defraud financial firms in more creative ways.
![](/sites/default/files/styles/article_100_width/public/2024-03/cyber-risk.jpg.webp?itok=Uc0uP7sY)
Top 10 op risks: AI fears drive cyber risk to record high
External fraud re-enters top 10; change management now a top five concern
![](/sites/default/files/styles/article_100_width/public/2024-01/Geopolitical%20risk%20Getty%201310120654.jpg.webp?h=019a51a6&itok=qE9khee1)
Geopolitics is harsh terrain for FMIs
Idiosyncratic nature of disputes and flare-ups leaves exchange and infrastructure operators blending metrics with guesswork
![](/sites/default/files/styles/article_100_width/public/2023-12/Regulatory%20compliance%20Getty%201248867449.jpg.webp?h=1d0fd8ca&itok=GmA50yLG)
FMIs get busy, as supervisors circle
Via new roles and controls, exchanges and clearers hope to “get ahead” of regulatory wave
![](/sites/default/files/styles/article_100_width/public/2023-12/IT%20disruption%20Getty%201287699228.jpg.webp?itok=QMR8PdXG)
On cyber, FMIs seek to avoid being weapons of mass disruption
Controls focus on basic cyber hygiene, but communicating the risk remains a challenge
![ORB hero thinner left ORB hero thinner left](/sites/default/files/styles/free_crop/public/2023-08/ORB-Montage-hero-Width2250x350-v3-leftofc.png.webp?itok=m9UWLH4O)
Op Risk Benchmarking: The G-Sibs
Using data submitted by 11 G-Sibs, our new Benchmarking series explores how the world’s largest banks are managing their biggest operational risks. Team sizes and setups, modelling practices, internal reporting, GRC vendors – take a look here.
Big Figure
Safety in numbers?
FMIs demonstrate broad variability in the size of the second-line teams tasked with overseeing infosec – but that’s starting from a relatively low base: many have teams comprising of just one specialist, while the mean average is slightly more than five.
![Op Risk Benchmarking - The Banks hero slide](/sites/default/files/styles/free_crop/public/2024-01/Op%20Risk%20Benchmarking%20-%20The%20Banks%20hero%20slide%202.jpg.webp?itok=dRnD1mdT)
Op Risk Benchmarking: Banks
Our second Op Risk Benchmarking series focuses on op risk frameworks at large domestic and regional banks, taking a deep dive into each of their top five risks: information security; IT disruption; change management; execution & process errors; and regulatory compliance risk.