KPMG And RMA Survey: Board And C-level Recognition Of Operational Risk Management Rising Within Financial Institutions

Need for Greater Alignment with Strategy Identified

May 07, 2014, 16:37 ET from KPMG LLP

NEW YORK, May 7, 2014 /PRNewswire/ -- According to a new survey report released by KPMG LLP, the U.S. audit, tax and advisory firm, and The Risk Management Association (RMA), large financial institutions are continuing to make important strides in increasing recognition of operational risk among the Board and C-level executives.  However, there are opportunities for improving operational risk management's (ORM) alignment with business strategy and more effectively deploying operational risk stature and appetite across all levels of the enterprise, according to the survey.

The KPMG/RMA Operational Risk Management Excellence – Get to Strong Survey, which queried executives from some of the largest North American financial institutions, is an in-depth analysis of the current state of operational risk management (ORM) programs and the drivers for further evolution of the ORM discipline.  The survey revealed that, while the institutional stature of ORM continues to improve, only 54% of Basel Advanced Measurement Approach (AMA) firms and 40% of non-AMA firms reported that their Boards and Executive Management have elevated ORM to fully align with their business strategy and heightened regulatory expectations.  Approximately 23% of AMA and 10% of non-AMA respondents have yet to begin these efforts.

"Insights from the survey show the need for ORM to be fully aligned with a firm's strategy in order to ensure effective risk identification, assessment, and management," said Jitendra Sharma, Global Head of KPMG's Financial Risk Management Service Line. "However, the survey results underscore the positive strides that continue to be made by financial institutions in this field and the essential role ORM plays in the strategic success of these firms."

The information gained from the survey will help firms gauge their positioning against evolving industry practices, optimize their ORM frameworks, and enhance their risk management processes.  Survey results also indicate that financial institutions are likely to face considerable challenges responding to competitive business pressures and complying with new regulatory standards.  The cumulative impact of recent regulatory imperatives will require expanded efforts by enterprise risk management and business lines to continue strengthening ORM and optimizing its value.

"Although there is still room for ORM to mature so that it is truly viewed organizationally as the 'third leg of the enterprise risk management stool' along with credit and market risk, the Survey results are very encouraging, as they confirm the industry is continuing efforts to further evolve ORM to meet the challenges presented by our increasingly complex regulatory environment," said Edward DeMarco, General Counsel and Director of Operational Risk and Regulatory Relations/Communications at RMA.

The KPMG/RMA Operational Risk Management Excellence – Get to Strong Survey polled leading financial institutions on the evolution of their ORM frameworks in support of enhanced business value and alignment with heightened regulatory expectations and enhanced prudential standards for "strong" risk management.  Respondents included executives from North American financial institutions (banks and investment companies), including global systemically important financial institutions (G-SIFIs) and Basel AMA banks, investment companies, and non-AMA large and mid-size banks.

The research also identified the following trends in ORM:

  • Encouragingly, 85% of AMA respondents have at least partially integrated and embedded their ORM processes and systems into business activities across their enterprise.
  • With respect to monitoring and managing risk tolerance, 54% of AMA and 60% of non-AMA respondents indicated that ORM is fully escalating issues that exceed their firm's operational risk appetite.
  • Work is still needed to fully deploy both quantitative and qualitative measures of operational risk appetite across the enterprise, as 38% of AMA and 70% of non-AMA respondents stated they have yet to define and cascade their operational risk appetite to the business line level.
  • In a positive industry trend, 85% of AMA and 60% of non-AMA respondents stated that their ORM data is at least partially supported by effective governance, standards, and data stewards.

"The Survey results pertaining to ORM data, analysis, and reporting are consistent with the findings of the Basel Committee on Bank Supervision in this area," said Hugh Kelly, Principal and National Lead of KPMG's Bank Regulatory Advisory Practice.  "As the regulatory community continues to stress sound risk data principles, the Survey shows that data related issues are gaining prominence within firms, but they are still wrestling with comprehensively reporting material risk across all areas, such as process, product, location, and legal entities."

An in-depth analysis of the survey results can be found here and in the May 2014 issue of The RMA Journal.  In addition, at RMA's upcoming Annual Governance, Compliance, and Operational Risk Conference (GCOR VIII) on May 7-8, 2014, Hugh Kelly will moderate a panel of operational risk executives who will discuss the Survey results and next steps for enhancing the ORM discipline.

KPMG LLP, the audit, tax and advisory firm (, is the U.S. member firm of KPMG International Cooperative ("KPMG International"). KPMG International's member firms have 155,000 professionals, including more than 8,600 partners, in 155 countries.

About KPMG's Operational Risk Practice
KPMG's Operational Risk team leverages its deep financial services industry knowledge and experience to help clients address complex business challenges, assisting them in developing practical solutions that incorporate leading risk management practices. KPMG helps organizations strategically realign the mission and focus of Operational Risk Management by simultaneously supporting and constraining front-office risk-taking within the confines of their defined risk appetite and then driving transparency that can be independently verified by Internal Audit.

About The Risk Management Association
RMA is a member-driven professional association whose sole purpose is to advance sound risk principles in the financial services industry.  RMA helps its members use sound risk principles to improve institutional performance and financial stability, and enhance the risk competency of individuals through information, education, peer sharing, and networking.


Mark Bonacci