The financial services industry is losing more than $120 million annually due to poor operational risk management practices, according to research commissioned by business intelligence outfit SAS.
The survey of 400 risk managers at 300 financial institutions indicates that although operational risk management is moving up in the priority list for financial institutions, they are still suffering annual losses that range into the millions of dollars.
The results show that a fifth of all companies in the financial sector still do not have an operational risk management programme, despite the fact that 90% of them lose more than $10 million a year because of poor risk management.
Even those companies that have put programmes in place are reluctant to spend on the personnel and additional software functionalities needed for it to work, says SAS. One-third of the risk managers surveyed expect to spend $1 million dollars or less in improving operational risk management in 2003.
Peyman Mestchian, head of risk management for SAS UK, says: "While new regulations such as Sarbanes-Oxley and Basel II have pushed risk management further up the agenda, expenditures - both in terms of systems and procedures and headcount - are still a fraction of what they should be."
Much of the op risk losses stem from inaccurate or obsolete data, he says. Respondents from 28% of the companies feel that the difficulty in collecting the volume of data required to accurately identify and manage operational risk represents the major obstacle to preventing losses. One-third blame poor data quality as the major stumbling block.
The issue of data quantity and quality has led to a rise in the implementation of internal loss databases and self-assessment tools. Nearly 50% of companies surveyed have implemented a database and 45% have established an assessment tool. However, more than 90% of respondents admit that they have yet to invest in the modeling and analysis tools required to make sense of the data once it has been collated.
Says Mestchian: "While the new regulations that are coming into effect have forced companies to implement the systems needed to collect and store data, few have tackled the problem of what to do with it once they have it."
Further results of the study indicated that a perceived lack of functionality in existing software packages combined with fears about the high cost of modelling and analysis packages are the main obstacles to implementation. Sixty-eight percent of respondents had built at least one operational risk system in-house because it was seen to be cost-effective and could be designed to meet the specific needs of the business.