Top Operational Risks of 2023

01 February 2023
Knowledge Base

by Elena Pykhova

This year’s view of the risk landscape, with input from Best Practice Operational risk forum comprised of practitioners from over 50 national and international organisations. In this turbulent year, firms face a complex web of risks, some new and others very familiar but re-shaped due to new aspects and features.

  1. Change risk: emanating from the need for organisations to orient in the world challenged by macroeconomic and geopolitical factors, recession and rising interest rates; pushing to revisit the resilience of the business models and thus impacting people, their workload and priorities; as well as systems and processes. Those rising to the challenge will need to apply situational awareness, show adaptability, innovation and a clear sense of direction.
  2. Supply chain / third-party risk: failures in the supply chain impacting service delivery; and concentration risk, especially as it relates to cloud service providers. Core supply chain ecosystems are becoming more complex, with lack of firms’ visibility over 4th and 5th parties.
  3. Cyber: widespread cybercrime and cyber insecurity is quoted by the WEF Global Risk Report1 as a key risk for near- and longer-term horizon (2 and 10 years). It continues to top the charts in terms of impact and likelihood, and is now firmly seen as a business risk, rather than solely an IT problem.
  4. Financial Crime control weaknesses: inability to evidence robust control environment, more so than acts of fraud and money laundering. Based on the analysis of 2022 ORX top Operational risk losses, there are significantly more fines received by firms due to inadequate control environment rather than as a result of being implicated in criminal activities as such. Organisations are required to continuously invest in processes and controls in this area.
  5. Technology failures: system downtime, inadequate use of new technologies or poor change and integration could result in potential customer and market detriment. ORX Top Risk review2 ranks technology failures amongst the top 5 Operational risk challenges.
  6. People risk: skills set, succession & well-being. As per Forbes report3, ‘there’s not enough succession planning or workforce replacement’. In tightening talent market, attracting new skills in short supply, for example caused by the adoption of digital technologies, as well as retaining top talent will remain problematic. Additionally, mental health issues which increased during the pandemic will continue to manifest, with workplaces potentially not prepared to provide phycological support. As stated in the World Health Organisation’s mental health report4, ‘business as usual for mental health simply will not do’. More needs to be done to ensure employee well-being.
  7. Data mis-management: data breaches, acts of non-compliance with GDPR as well as inadequate data management frameworks will pose challenges, given the amount of data continues to raise. This is a broad inherent risk not only in financial services, which is expected to firmly remain in the leading place.
  8. Regulatory risk: fines and penalties due to inability to timely identify and implement regulatory requirements. Not new, and remains high on the agenda.
  9. Risk culture: employee disengagement and decline in organisational risk culture leading to acts of misconduct. Since the beginning of the pandemic, enforced and prolonged working from home led to partial loss of informal interactions, which in turn, somewhat eroded corporate cohesiveness. The full impact of hybrid/WFH environment has not yet been fully studied and understood. This raises the questions on the future workplace and mode of working, and the impact on employee loyalty. Culture-related issues occupy 2 out of 10 places in Protiviti’s executive perspectives on top risks5, with particular concerns over sustaining the culture and ensuring open and honest escalation of issues.
  10. Climate action failure: insufficient progress, inability to embed the requirements beyond the regulatory minimum. While the need is well understood and everyone agrees more needs to be done, as KPMG CEO Outlook6 demonstrated, economic pressures could see ESG side-lined. The position of the risk reflects many chief executives’ focus on immediate pressures of uncertain economic conditions and change risk (1), with ‘50 percent pausing or reconsidering their existing or planned ESG efforts’, based on KPMG survey.

As for Emerging Operational Risks considered by the Best Practice Forum, the majority of risks are related to people, technological developments or further intense change agendas impacting on business models. The reason, and the inspiration for Operational risk professionals to remain at the heart of the change agendas and continue embedding robust risk management practices with new found energy and enthusiasm.

Per Benjamin Franklin, ‘Energy and persistence conquer all things.’

*1 https://www.weforum.org/reports/global-risks-report-2023/

*2 https://managingrisktogether.orx.org/insights-resources/top-risk-review-november-2022

*3 https://www.forbes.com/sites/edwardsegal/2023/01/01/the-10-biggest-risks-and-threats-for-businesses-in-2023/?sh=643cb5830c0e

*4 https://www.who.int/publications/i/item/9789240049338

*5 https://www.protiviti.com/uk-en/survey/executive-perspectives-top-risks-2023-and-2032

*6 https://kpmg.com/xx/en/home/insights/2022/08/kpmg-2022-ceo-outlook/esg-and-diversity-trends.html



Leave a Reply

Your email address will not be published. Required fields are marked *