Last week, risk.net published their survey results for the top 10 operational risks facing financial services in 2021. The list is almost identical to last year’s top 10, although the weightings are likely to be much heavier towards the top 5 in this year’s list.
Ranking as follows:
- IT disruption
- Data Compromise
- Resilience Risk
- Theft and fraud
- Third party risk
- Conduct Risk
- Regulatory Risk
- Organisational change
- Geopolitical risk
- Employee wellbeing
Many of our own conversations reflect the risk.net findings, however, we felt it would be useful to compile our own list of the key risks we are discussing with our customers at this time.
Conduct Risk and Vulnerable Customers
The 2021 FCA Business Plan closely mirrors last year’s, with the FCA again highlighting the importance of identifying and managing customer vulnerability.
The FCA released their Finalised Guidance (FG21/1) for firms on the fair treatment of vulnerable customers. Although the deadline for implementation is not until 2023, firms should be aware of the strength of the regulator’s rhetoric.
Initial considerations are not heavy-duty, and some firms are starting to act now in:
- Understanding the needs of their target market and customer base when designing products and services
- Identifying which customers have become newly vulnerable over the last 12 months and redefining customer profile accordingly
- Ensuring staff have the right skills and capability to recognise and respond to the needs of vulnerable customers
Following HMT’s November 2020 roadmap, leading financial services firms have further ramped up resourcing and delivery programmes ahead of the publication of climate risk regulation in H1 2021. Over the next 6–12 months, we expect to see the remainder of firms develop climate risk frameworks as the time-consuming challenges of the pandemic start to ease. These programmes will not be the reserve of larger banks and investment firms with any with “large exposure to climate risk due to geographic or sectoral concentration” will fall into scope.
Risk leaders are being asked pointed questions about climate risk strategy, financial risk challenges due to climate change, credit risk exposure in asset classes with the potential for devaluation, modelling capabilities and reputational risk.
Firms currently seeking our advice on climate risk are considering the skills required to resource this complex and cross functional work. We advise them to consider the following:
- Understand the capability and capacity of risk teams and their ability to build simple scorecards or far more complex and long-term stochastic models.
- Review the experience of financial teams to understand any further economic modelling or actuarial skills required.
- Across a subject where so many perspectives, biases and conflicts of interest are prevalent, consider where you will source the most valuable and accurate data.
- Does the risk team have anyone from an insurance background with experience of building catastrophe and climate models?
- What expertise does the firm possess to help create potential technology solutions and / or automate some of the modelling?
Operational Resilience / Resilience Risk
With the PRA and FCA Policy Statements due by the end of Q1 2021, financial services firms are starting to make tangible progress in their Operational Resilience programmes.
Implementation requires a deep understanding of your business processes and the assets used to deliver the most critical of these. The four pillars of Operational Resilience are:
- Identifying important business services
- Developing impact tolerances
- Scenario testing
- Identifying potential vulnerabilities and establishing plans to mitigate these
The most pressing gap we have identified is firms’ understanding between Operational Resilience and Business Continuity, Disaster Recovery and Operational Risk and how the development of an Operational Resilience framework can support business objectives.
Firms advancing with their programmes in Operational Resilience have already appointed or are appointing an internal lead, hiring new experts from the external market or engaging consultancy to support implementation whilst using internal resource to beef up programme headcount.
Fraud and Financial Crime Controls
Fraudsters are becomingly increasingly complex and innovative in their methods, and 66% of attendees to our 2020 webinar, said that improving fraud controls was high priority.
For firms still working on improving fraud controls, there are some straightforward actions to start your review:
- Controls – Review your fraud controls to ensure they are robust and fit for purpose in the current operating environment.
- IT Security – Review IT Security on customer accounts to prevent them from being hacked.
- Customer Services – Review the security levels in your customer service teams to ensure that it is definitely a customer on the other side of the phone or screen.
- Technology usage - Strengthen eKYC checks by asking for ID, proof of address and getting visual verification from the customer to confirm identity.
- Documentation - Documenting your findings and all your decisions should take ensure a productive discussion with the FCA.
Credit Risk
The COVID-19 pandemic has placed greater emphasis on robust and reliable credit risk for financial services firms. Many models have either been updated quickly via manual overlays or even not updated at all to reflect the changing landscape.
For lenders, the probability of commercial and retail loan default is now greater than ever. Modelling new PD vulnerabilities in credit portfolios is a priority for those firms and with PRA spotlighting new banks and high growth lenders, they hold be focused on pricing, risk appetite and appropriate oversight.
FourthLine is seeing the work in this area fall into two categories:
- Policy - Alignment of risk appetite statements to a rejigged credit risk policy with an urgent review of pricing and PD models. This has led to a framework uplift in many cases.
- Recruitment - Review of internal capability has focused most lenders on the need to inject credit risk leadership and hands-on credit risk managers.
If you're looking to develop your Operational Resilience Framework FourthLine can provide you with a variety of talent and consulting solutions to fit your business needs.
Schedule a call with our Director Dan Waltham by clicking on the link below:
How FourthLine can help:
FourthLine is working with a number of financial service firms to help them with Operational Resilience enablement and Outsourcing and 3rd-Party Risk Management, through a mixture of end-to-end consulting and resourcing options.
