Insights into material risks: Scenario library summary 2019
- 16 September 2019
“Over the last two years, cyber fraud and cyber business disruption registered the highest number of new scenarios.”
Each year, we analyse our scenario library and produce a report on the results for subscribers to ORX Scenarios. The report analyses the emerging trends in the data, regional concerns and the risk drivers and cost components associated with these.
If your firm subscribes to ORX Scenarios you can read the full report here. If not, then read our summary to learn about the highlights and key findings from our scenario library in 2019.
What is the scenarios library?
The ORX scenario library is a database of over 1,000 actual scenarios submitted by leading financial firms from around the world. It's one of the many resources available to subscribers of ORX Scenarios. ORX Scenarios is a practical solution, which supports scenario practice from identification and assessment to quantification and validation.
Trends in the data
Six trends identified in the ORX Scenarios library in 2019
Highlights and findings
Scenarios are created for a wide range of risks, not only emerging topics
The core objective of scenario analysis is to assess potential events arising from what financial firms consider their most impactful risks. A close look at the scenarios shared in 2019 reveals that financial institutions develop the following:
- Scenarios for current significant risks (e.g. cyber and conduct)
- Scenarios for risks which have increased in significance (e.g. model)
- Scenarios for risks for which they have a good understanding and history (e.g. anti-money laundering and human errors)
The 2019 ORX Operational Risk Horizon Report ranks conduct and cyber risks as the two most important current risks. Therefore, we weren't surprised to see that the vast majority of subscribers contributing to the ORX Scenarios library have conduct-related and cyber-related scenarios in their portfolio.
The popularity of conduct risk is driven by mis-selling scenarios, which are very common in the European, African and Asia-Pacific regions. Most firms in these geographical areas have at least one conduct-related scenario among their ten most severe scenarios.
Cyber risk is the other significant current theme. Although the financial industry has experienced a relatively small number of big losses, cyber is a key concern for most firms. In particular, the industry is concerned about cyber fraud and cyber business disruption due to the increasing number of attacks we now see happening. Over the last two years, cyber fraud and cyber business disruption registered the highest number of new scenarios.
Risk culture and staff training play a key role in conduct-related scenarios
Conduct-related losses accounted for almost three quarters of the total publicly-reported operational risk losses In the first half of 2019, according to ORX News.
The narratives for these events indicate that key risk drivers include risk culture and staff training. These two drivers are considered to be environmental factors which increase the likelihood of the scenario materialising.
The scenario narratives describe how a lack of training or awareness around anti-money laundering and counter terrorism financing requirements can cause a higher number of breaches and, consequently, large fines from regulators or supervisors.
Similarly, inadequate training of retail sales staff can lead to mis-selling activities, such as proposing complex financial products to an inappropriate customer segment, or being unable to fully explain product details to customers.
Scenario impacts: regulatory fines and customer compensation are the most significant cost drivers
Scenario severities are heavily influenced by financial fines and customer compensation. Regardless of the nature of the risk, these two cost components are the most prevalent and are the highest weight in scenario severities.
Financial fines from regulators account for 80 per cent of the total estimated loss, particularly for international sanctions breaches, AML failures, improper business practices and tax fines. In addition, unfair employment practices, such as gender discrimination, are estimated to result in very high fines; however, this appears to be limited to the North American region.
For certain scenarios, customer compensation or restitution can represent a large part of the total severity. Almost three quarters of the estimated loss for processing errors and cyber fraud scenarios is due to customer compensation payments.