Less than 20 percent of institutions have achieved full ORM and strategy alignment.
Aligning operational risk management (ORM) with strategy is critical for financial institutions to effectively identify, assess and mitigate risks, however, many have yet to fully align risk and strategy, according to a new survey report released by KPMG LLP, the US audit, tax and advisory services firm, and The Risk Management Association (RMA), a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. For further information, please read the report, KPMG/RMA Operational Risk Management Excellence – 2015 Global Heightened Practices Survey Executive Report.
Only 17 percent of the survey’s Basel Advanced Measurement Approach (AMA) respondents, which span North America, the Middle East, Africa and the Asia-Pacific region, said that their firms fully align ORM with strategy. This was slightly higher at North American institutions, with 19 percent achieving full alignment of ORM with strategy. These results bring into question whether operational risk is fully considered when financial institutions implement significant strategic change.
“Integration of operational risk management across the organization coupled with the collection and analysis of robust risk data is an essential component to a financial institution’s successful business strategy and regulatory compliance efforts,” said Tim Phelps, US Operations Risk Network Leader at KPMG LLP. “Financial institutions must continue to evolve their operational risk management efforts due to heightened regulatory expectations and a focus on enhanced prudential standards for ‘strong’ risk management.”
Financial institutions are beginning to address the issue by restructuring their ORM frameworks to help ensure compliance with heightened regulatory expectations and to drive greater strategic value. However, much remains to be done, as only 13 percent of North American financial institutions surveyed have completed resetting their ORM framework. Results are consistent across Europe, the Middle East, and Africa, but reach 50 percent in the Asia-Pacific region.
“Integrating operational risk management across the organization is critical to drive culture, and also to take a non-siloed approach to managing cyber risk, third party/vendor risk, and business continuity planning,” said Edward J. DeMarco, Jr., General Counsel and Director of Operational Risk of RMA.
“Organizations who are able to fully integrate ORM will be in a superior position compared to their competitors as they transform, whether through product and service innovation or through M&A activity.”
“It is encouraging that many leading financial institutions across the globe are moving beyond the traditional compliance exercise by strengthening their risk intelligence in support of more effective risk management, and enhanced business decision-making and performance,” said David Stone, Director with KPMG LLP’s Operations Risk Network.
KPMG and RMA teamed to develop the Operational Risk Management Excellence – 2015 Global Heightened Practices Survey. The survey focused on key areas of operational risk excellence and heightened regulatory expectations which include: strategy and value; stature, risk appetite, and governance; assessment, measurement, and management; and data, analysis, and reporting. Of the 80-plus respondents, over 20 included Global Systemically Important Financial Institutions (G-SIFIs). Other respondents included Basel AMA banks, non-AMA large banks, mid-size banks and others.
KPMG’s and RMA’s broader efforts to advance ORM discipline and establish benchmark data on ORM practices has also entailed ORM Excellence Executive Round Tables in New York, London, and Sydney, Australia.
Founded in 1914, The Risk Management Association is a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. RMA promotes an enterprise approach to risk management that focuses on credit risk, market risk, and operational risk. Headquartered in Philadelphia, Pennsylvania, RMA has 2,500 institutional members that include banks of all sizes as well as nonbank financial institutions. They are represented in the association by more than 18,000 risk management professionals who are chapter members in financial centers throughout North America, Europe, and Asia/Pacific. Visit RMA on the Web at www.rmahq.org.
© 2017 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.
KPMG is a global network of professional services firms providing Audit, Tax and Advisory services. We operate in 155 countries and have 174,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.