Last week, risk.net published their survey results for the top 10 operational risks facing financial services in 2021. The list is almost identical to last year’s top 10, although the weightings are likely to be much heavier towards the top 5 in this year’s list.
Ranking as follows:
Many of our own conversations reflect the risk.net findings, however, we felt it would be useful to compile our own list of the key risks we are discussing with our customers at this time.
Conduct Risk and Vulnerable Customers
The 2021 FCA Business Plan closely mirrors last year’s, with the FCA again highlighting the importance of identifying and managing customer vulnerability.
The FCA released their Finalised Guidance (FG21/1) for firms on the fair treatment of vulnerable customers. Although the deadline for implementation is not until 2023, firms should be aware of the strength of the regulator’s rhetoric.
Initial considerations are not heavy-duty, and some firms are starting to act now in:
Following HMT’s November 2020 roadmap, leading financial services firms have further ramped up resourcing and delivery programmes ahead of the publication of climate risk regulation in H1 2021. Over the next 6–12 months, we expect to see the remainder of firms develop climate risk frameworks as the time-consuming challenges of the pandemic start to ease. These programmes will not be the reserve of larger banks and investment firms with any with “large exposure to climate risk due to geographic or sectoral concentration” will fall into scope.
Risk leaders are being asked pointed questions about climate risk strategy, financial risk challenges due to climate change, credit risk exposure in asset classes with the potential for devaluation, modelling capabilities and reputational risk.
Firms currently seeking our advice on climate risk are considering the skills required to resource this complex and cross functional work. We advise them to consider the following:
Operational Resilience / Resilience Risk
With the PRA and FCA Policy Statements due by the end of Q1 2021, financial services firms are starting to make tangible progress in their Operational Resilience programmes.
Implementation requires a deep understanding of your business processes and the assets used to deliver the most critical of these. The four pillars of Operational Resilience are:
The most pressing gap we have identified is firms’ understanding between Operational Resilience and Business Continuity, Disaster Recovery and Operational Risk and how the development of an Operational Resilience framework can support business objectives.
Firms advancing with their programmes in Operational Resilience have already appointed or are appointing an internal lead, hiring new experts from the external market or engaging consultancy to support implementation whilst using internal resource to beef up programme headcount.
Fraud and Financial Crime Controls
Fraudsters are becomingly increasingly complex and innovative in their methods, and 66% of attendees to our 2020 webinar, said that improving fraud controls was high priority.
For firms still working on improving fraud controls, there are some straightforward actions to start your review:
Credit Risk
The COVID-19 pandemic has placed greater emphasis on robust and reliable credit risk for financial services firms. Many models have either been updated quickly via manual overlays or even not updated at all to reflect the changing landscape.
For lenders, the probability of commercial and retail loan default is now greater than ever. Modelling new PD vulnerabilities in credit portfolios is a priority for those firms and with PRA spotlighting new banks and high growth lenders, they hold be focused on pricing, risk appetite and appropriate oversight.
FourthLine is seeing the work in this area fall into two categories:
If you're looking to develop your Operational Resilience Framework FourthLine can provide you with a variety of talent and consulting solutions to fit your business needs.
Schedule a call with our Director Dan Waltham by clicking on the link below: