NEW YORK, Dec. 9, 2015 /PRNewswire/ -- Aligning operational risk management (ORM) with strategy is critical for financial institutions to effectively identify, assess and mitigate risks, however many have yet to fully align risk and strategy, according to a new survey report released by KPMG LLP, the U.S. audit, tax and advisory services firm, and The Risk Management Association (RMA), a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. For further information, please read the report, KPMG/RMA Operational Risk Management Excellence – 2015 Global Heightened Practices Survey Executive Report.
Only 17 percent of the survey's Basel Advanced Measurement Approach (AMA) respondents, which span North America, the Middle East, Africa and the Asia-Pacific region, said that their firms fully align ORM with strategy. This was slightly higher at North American institutions, with 19 percent achieving full alignment of ORM with strategy. These results bring into question whether operational risk is fully considered when financial institutions implement significant strategic change.
"Integration of operational risk management across the organization coupled with the collection and analysis of robust risk data is an essential component to a financial institution's successful business strategy and regulatory compliance efforts," said Tim Phelps, U.S. Operations Risk Network Leader at KPMG LLP. "Financial institutions must continue to evolve their operational risk management efforts due to heightened regulatory expectations and a focus on enhanced prudential standards for 'strong' risk management."
Financial institutions are beginning to address the issue by restructuring their ORM frameworks to help ensure compliance with heightened regulatory expectations and to drive greater strategic value. However, much remains to be done, as only 13 percent of North American financial institutions surveyed have completed resetting their ORM framework. Results are consistent across Europe, the Middle East, and Africa, but reach 50 percent in the Asia-Pacific region.
"Integrating operational risk management across the organization is critical to drive culture, and also to take a non-siloed approach to managing cyber risk, third party/vendor risk, and business continuity planning," said Edward J. DeMarco, Jr., General Counsel and Director of Operational Risk of RMA. "Organizations who are able to fully integrate ORM will be in a superior position compared to their competitors as they transform, whether through product and service innovation or through M&A activity."
- More Consistency Needed in Approach to Multiple Risk Assessments – Only 38 percent of AMA respondents in North America said they have established a consistent Risk Control Self-Assessment (RCSA) approach for multiple risk assessment types (i.e., ORM, compliance, business continuity planning, vendor, and information technology security). As these efforts continue to progress, firms can expect enhanced risk management effectiveness, integration, and efficiency.
- Quality Data and Metrics Improving Risk Intelligence – 77 percent of North American AMA respondents said their ORM reporting dashboards are supported by robust and integrated data and metrics, edging out the 70 percent of respondents at AMA firms worldwide. The quality of data collected is critical in financial institutions' efforts to improve their risk intelligence.
"It is encouraging that many leading financial institutions across the globe are moving beyond the traditional compliance exercise by strengthening their risk intelligence in support of more effective risk management, and enhanced business decision-making and performance," said David Stone, Director with KPMG LLP's Operations Risk Network.
About the Survey
KPMG and RMA teamed to develop the Operational Risk Management Excellence – 2015 Global Heightened Practices Survey. The survey focused on key areas of operational risk excellence and heightened regulatory expectations which include: strategy and value; stature, risk appetite, and governance; assessment, measurement, and management; and data, analysis, and reporting. Of the 80-plus respondents, over 20 included Global Systemically Important Financial Institutions (G-SIFIs). Other respondents included Basel AMA banks, non-AMA large banks, mid-size banks and others.
KPMG's and RMA's broader efforts to advance ORM discipline and establish benchmark data on ORM practices has also entailed ORM Excellence Executive Round Tables in New York, London, and Sydney, Australia.
About KPMG LLP
KPMG LLP, the audit, tax and advisory firm (www.kpmg.com/us), is the U.S. member firm of KPMG International Cooperative ("KPMG International"). KPMG International's member firms have 162,000 professionals, including more than 9,000 partners, in 155 countries.
About the Risk Management Association
Founded in 1914, The Risk Management Association is a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. RMA promotes an enterprise approach to risk management that focuses on credit risk, market risk, and operational risk. Headquartered in Philadelphia, Pennsylvania, RMA has 2,500 institutional members that include banks of all sizes as well as nonbank financial institutions. They are represented in the association by more than 18,000 risk management professionals who are chapter members in financial centers throughout North America, Europe, and Asia/Pacific. Visit RMA on the Web at www.rmahq.org.
SOURCE KPMG LLP