ORX: Safe digital transformation calls for fundamental shift in op risk models

Global financial institutions must manage risk more actively if they are to succeed with the digital transformations necessary to keep them relevant and competitive.

This is the warning from Simon Wills, executive director at global operational risk association, ORX whose latest report, Right Time, Right Place, explores ways in which operational and non-financial risk management functions can support their businesses as they go through vital digital transformations.

Wills's report seeks to demonstrate that risks are now faster, more complex and more ambiguous than we’ve seen in the past. Events are more interconnected than ever, and impacts are multifarious and interlocked.

As a result, ORX proposes that risk management be automated, real-time and pre-emptive, and reputation and service resilience be addressed side-by-side with financial resilience.

Wills comments: “We know that the COVID-19 pandemic has been a wake-up call for risk leaders within global financial services and the challenge now is to recognise and embrace the acceleration of digitalisation and develop new risk management practices to keep up. Many legacy frameworks and out-of-date approaches to risk will leave banks and insurers behind, and that will happen very quickly as digitalisation changes core business practice forever.

“Operational and non-financial risk management functions have had to optimise quickly and it is fair to say that it is now impossible to be successful at change as a business without active risk management. Getting the right skills on the team, embracing innovative technologies and inspiring a culture of change will help risk managers to see the shift they need to be more active and move the risk agenda forward for a digitalised future.”


Report highlights: Right Time, Right Place (Source: ORX)

The report urges risk managers to consider the following:
• Optimise, active, or both?

ONFR leaders must consider their ambition. Do they only want to “Optimise” (i.e. work more efficiently, reduce the administrative burden risk management places on others, simplify frameworks, deploy innovative tools and practices)? According to the report, this will only allow them to keep pace with the risk profile. To get ahead of the rapidly changing risk profile, ONFR leaders need to consider being more active – which means being on the front foot at all times, pre-empting the risks associated with change initiatives by working with the business to mitigate them in the design and development phase. It means translating the risks into actionable processes for senior management, offering active crisis management, ensuring a sharp focus on the most material risks, and scanning the horizon for the risks that lie ahead. To be active, the risk function needs to be fast, dynamic and innovative – both in the digital tools it deploys but also in how it positions itself in the organisation.

• Strategic capabilities

Banks and insurers need to embed a set of strategic capabilities – technological, cultural, and organisational. The technological enablers revolve around using analytics on data that already exists to see the risks that lie ahead, to get in front of them and to introduce the appropriate control. The cultural enablers involve establishing senior-level relationships and being able to persuade and influence actions before risk events occur. Organisational enablers revolve around skills, for example specialist data science skills, skills in cyber security, and strong scenario development skills.

• Capitalising on new technology

ONFR leaders should consider using the following available technologies to enhance their risk management practices:
o Cloud Computing provides a platform to bring together disparate datasets and information to create the portfolio view of risk that is central to ONFR
o APIs break down the boundaries between functions and institutions, allowing risk to take advantage of an ecosystem of innovative providers and scale efficiently
o AI and machine learning underpin some of the most significant innovations in risk management. Activities that were once slow or even impossible, can now be done in real time

• Being the umbrella function

ONFR needs to provide an overarching framework, bringing consistency across specialist second line control functions and working with compliance teams for an integrated approach to non-financial risk management.

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021

Advertisement