Many Financial Institutions yet to Align Operational Risk Management with Strategy, KPMG and RMA Survey

Many Financial Institutions yet to Align

Less than 20 percent of institutions have achieved full ORM and strategy alignment.

Related content

Aligning operational risk management (ORM) with strategy is critical for financial institutions to effectively identify, assess and mitigate risks, however, many have yet to fully align risk and strategy, according to a new survey report released by KPMG LLP, the US audit, tax and advisory services firm, and The Risk Management Association (RMA), a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. For further information, please read the report, KPMG/RMA Operational Risk Management Excellence – 2015 Global Heightened Practices Survey Executive Report.

Only 17 percent of the survey’s Basel Advanced Measurement Approach (AMA) respondents, which span North America, the Middle East, Africa and the Asia-Pacific region, said that their firms fully align ORM with strategy. This was slightly higher at North American institutions, with 19 percent achieving full alignment of ORM with strategy. These results bring into question whether operational risk is fully considered when financial institutions implement significant strategic change.

“Integration of operational risk management across the organization coupled with the collection and analysis of robust risk data is an essential component to a financial institution’s successful business strategy and regulatory compliance efforts,” said Tim Phelps, US Operations Risk  Network Leader at KPMG LLP. “Financial institutions must continue to evolve their operational risk management efforts due to heightened regulatory expectations and a focus on enhanced prudential standards for ‘strong’ risk management.”

Financial institutions are beginning to address the issue by restructuring their ORM frameworks to help ensure compliance with heightened regulatory expectations and to drive greater strategic value. However, much remains to be done, as only 13 percent of North American financial institutions surveyed have completed resetting their ORM framework. Results are consistent across Europe, the Middle East, and Africa, but reach 50 percent in the Asia-Pacific region.

“Integrating operational risk management across the organization is critical to drive culture, and also to take a non-siloed approach to managing cyber risk, third party/vendor risk, and business continuity planning,” said Edward J. DeMarco, Jr., General Counsel and Director of Operational Risk of RMA.

“Organizations who are able to fully integrate ORM will be in a superior position compared to their competitors as they transform, whether through product and service innovation or through M&A activity.”

Additional Findings

  • More Consistency Needed in Approach to Multiple Risk Assessments – Only 38 percent of AMA respondents in North America said they have established a consistent Risk Control Self-Assessment (RCSA) approach for multiple risk assessment types (i.e., ORM, compliance, business continuity planning, vendor, and information technology security). As these efforts continue to progress, firms can expect enhanced risk management effectiveness, integration and efficiency.
  • Quality Data and Metrics Improving Risk Intelligence – 77 percent of North American AMA respondents said their ORM reporting dashboards are supported by robust and integrated data and metrics, edging out the 70 percent of respondents at AMA firms worldwide. The quality of data collected is critical in financial institutions’ efforts to improve their risk intelligence.

“It is encouraging that many leading financial institutions across the globe are moving beyond the traditional compliance exercise by strengthening their risk intelligence in support of more effective risk management, and enhanced business decision-making and performance,” said David Stone, Director with KPMG LLP’s Operations Risk Network. 

About the Survey

KPMG and RMA teamed to develop the Operational Risk Management Excellence – 2015 Global Heightened Practices Survey. The survey focused on key areas of operational risk excellence and heightened regulatory expectations which include: strategy and value; stature, risk appetite, and governance; assessment, measurement, and management; and data, analysis, and reporting. Of the 80-plus respondents, over 20 included Global Systemically Important Financial Institutions (G-SIFIs). Other respondents included Basel AMA banks, non-AMA large banks, mid-size banks and others. 

KPMG’s and RMA’s broader efforts to advance ORM discipline and establish benchmark data on ORM practices has also entailed ORM Excellence Executive Round Tables in New York, London, and Sydney, Australia.

About the Risk Management Association

Founded in 1914, The Risk Management Association is a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. RMA promotes an enterprise approach to risk management that focuses on credit risk, market risk, and operational risk. Headquartered in Philadelphia, Pennsylvania, RMA has 2,500 institutional members that include banks of all sizes as well as nonbank financial institutions. They are represented in the association by more than 18,000 risk management professionals who are chapter members in financial centers throughout North America, Europe, and Asia/Pacific. Visit RMA on the Web at

© 2016 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.

KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 155 countries and have 174,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.

Connect with us


Request for proposal



KPMG's new digital platform

KPMG's new digital platform