The Increasing Importance of Operational Risk in Enterprise Risk Management

Enterprise Risk Management, as a corporate undertaking, has its deepest roots in financial services. Historically, for banks and insurance firms, the focus within enterprise risk has largely been credit and market risk. The Great Recession of 2008 showed us that liquidity risk and the interplay between a firm and capital markets were also important to consider. Now that sufficient time has passed since the Great Recession, we see that credit and market risk were not the sole causes. Indeed, critical operations and processes at many lending institutions failed. Underwriting procedures, loan processing, and the like were subject to little if any confirmation and oversight, leading to larger and higher credit risk positions than anticipated. Operational risk had reared its ugly head. The wave of regulation that has overtaken the financial services industry since then is largely driven by concerns over processes and procedures that caused harm to customers. The impact of processes and policies has never been greater. There are drivers at work to suggest that operational risk is still increasing, and that in particular, firms should be mindful of certain risk drivers, in the context of enterprise risk management, such as Increasingly Complex Operations, Development of New and Untested Products, Automation and Digitization, Increasing Reputational Impact from Operational Risk, New Focus of Regulators on the Treatment of Customers as Victims, and lastly, Cyber Risk. The disturbing and uncomfortable reality is that operational risk is unintended and, in theory, should not happen, if critical processes are well designed. Operational risk is self-inflicted, or if not self-inflicted, it is the result of unexpected errors or mistakes, all proving to be much more costly and dangerous than initially anticipated. Therefore, this leads firms to pay specific focus on operational risk management as part of enterprise risk management.