Tuesday, 29 October 2024
by Andrea Briganti, Director and Head of e-Learning at Indigita SA
Operational risk is the risk of loss resulting from inadequate or failed internal processes, personnel, systems, or external events. While it encompasses legal risks, operational risk does not include reputational risks. This risk is inherent in all banking products and activities and has gained increasing importance due to the growing complexity and globalization of the financial system.
Additionally, the rapid proliferation of artificial intelligence and the growing adoption of blockchain-based products and services have added new layers of complexity to managing operational risks. To appreciate the evolution of this landscape, let's take a step back:
In 2008, the Swiss Financial Market Supervisory Authority (FINMA) issued Circular 2008/21 on operational risk management for banks, focusing on emerging concerns like cross-border service provision, cyber risks, and the need for systems ensuring operational continuity. This guidance was released at a time when banking secrecy was still prevalent and just before the subprime mortgage crisis triggered sweeping regulatory changes worldwide. In Switzerland, these developments led to the phasing out of banking secrecy, updates to the Swiss Banking Code of Conduct (CDB) in 2016 and 2020, and the adoption of frameworks such as automatic information exchange, FATCA, MiFID I & II, GDPR, among others.
To adapt to this evolving regulatory landscape, banks have been required to implement new processes and procedures, adopt both in-house and outsourced technological solutions, and hire additional personnel for front-office, compliance, risk management, and cybersecurity roles. Although these changes have been costly and resource-intensive, they have also improved service efficiency for clients through e-banking and mobile banking solutions.
This transformation has required bank employees to master new systems and procedures powered by technological advancements, often replacing prior knowledge and expertise. Consequently, banks, their employees, and clients are more exposed to potential errors and the resulting operational losses. Among the most persistent and widespread challenges in this area are cyberattacks, which range from minor breaches to sophisticated, international fraud schemes.
Simultaneously, the initial instances of cross-border regulatory violations have led to substantial fines and other associated costs, which have notably impacted client trust and the reputation of financial institutions.
Managing operational risks remains complex, particularly in a rapidly evolving technological environment. In response to these challenges, FINMA revised its circular on operational risk, with the updated version coming into effect in January 2024. This update places greater emphasis on data protection, cybersecurity, employee proficiency in new technological systems, and organizational resilience. It also underscores the importance of managing cross-border risks effectively.
While clients have undoubtedly been affected by these regulatory shifts, they have ultimately benefited from the increased protection these regulations afford. Beyond performance and risk profiles, clients value the assurance that their assets are secure, a critical expectation that financial intermediaries must meet.
Ongoing compliance with regulatory standards, regular professional development, and continuous system upgrades are essential for effectively mitigating operational risks and fostering trust.
Comentários