![Risk.net](https://fastly.stage.risk.net/sites/default/files/styles/print_logo/public/2018-09/print-logo.png?itok=1TpHrpuP)
OpRisk Europe and North America wrap: cyber, 3LOD and the SMA
Future of op risk modelling a hot topic at conference, along with evolving three lines of defence framework
![Marriott Marquis NY Marriott Marquis NY](/sites/default/files/styles/landscape_750_463/public/2017-06/Marriott_Marquis_New_York.jpg.webp?itok=iBubw6bF)
Whatever the topic under discussion at the OpRisk Europe and North America conferences this month, the conversation inevitably turned to cyber risk. That’s hardly surprising: cyber risk, in its many guises, is an ever-present, ever-mutating danger for banks, consistently ranked the top threat in an institution’s operational risk framework. It also has an increasingly strong bearing on all the other risks in Risk.net’s annual industry poll, from fraud to outsourcing.
Regulators and practitioners alike at both conferences highlighted the business continuity risks posed by a major cyber attack, emphasised the need for rapid recovery from an outage, and called on businesses to improve their planning and modelling.
Banks are still adapting to the threat of attacks, evolving their own three lines of defence (3LOD) frameworks to better incorporate cyber risk, and channelling expertise from other functions across the bank such as IT and information security – and, increasingly, from other industries.
Many practitioners spoke openly about the need for constant fine-tuning of the 3LOD framework if it is to work successfully for larger banks, including the need for a clearer delineation of responsibility between risk managers and front-office staff when it comes to ‘owning the risk’.
Another much-discussed topic was the Basel Committee’s off-again, on-again standardised measurement approach (SMA) to operational risk capital calculation. Banks lamented the lost investment in bespoke models should the framework enter force, while others expounded the benefits of modelling smaller op risk events to help prevent losses in future.
To read more, please click on the articles below.
Fed official: banks must recover from cyber attack in two hours
“If you’re waiting for us to give you regulation, you’re behind the curve,” says Fed’s Ferlazzo
CCAR aids in op risk identification, banking experts say
Banks forced to consider link between risks and macroeconomic factors
Fed examiner calls on banks to rethink KRIs
Most banks fail to establish explicit link between KRIs and identified risk exposures
Banks move to model smaller op risk losses
Credit Suisse is using scenario analysis to model the risks associated with internal fraud losses
Better data key to cyber risk underwriting, say practitioners
Lack of loss data means predictions are a problem
OCC warns on cyber risks from subpar patches at US banks
Regulator says banks have good track record overall, but exams reveal weaknesses
Cyber insurance not a risk management tool, say banks
Lengthy payout mechanism of cyber policies makes it ineffectual against large losses, dealers argue
Three lines of defence model still evolving, say practitioners
Clearer split in responsibilities between first and second lines needed, say op risk chiefs
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Growing regulatory focus fuels climate risk staffing fight
Widespread poaching as banks find repurposing existing quants may not provide the right expertise
Tackling credit risk in turbulent times
Survey reveals Apac CROs’ top credit risk priorities
US climate guidance stokes debate over defining material risks
Banks welcome flexibility, but it could lead to big divergence on climate risk management
Geopolitics is harsh terrain for FMIs
Idiosyncratic nature of disputes and flare-ups leaves exchange and infrastructure operators blending metrics with guesswork
FMIs get busy, as supervisors circle
Via new roles and controls, exchanges and clearers hope to “get ahead” of regulatory wave
On cyber, FMIs seek to avoid being weapons of mass disruption
Controls focus on basic cyber hygiene, but communicating the risk remains a challenge
The top 10 investment risks for 2024
New fears include mounting government debt, the rise of AI, a credit crunch and regulatory overkill
Will generative AI crack the code for bank tech teams?
Banks could roll out tools to help translate old – or write new – code within months