Speed of change is making assessing emerging risks difficult according to the annual ORX 2022 Operational Risk Horizon report. The report predicts cyber threats, macroeconomic change and geopolitical turbulence will significantly influence the emerging risk landscape.  

Published by ORX, the world’s largest operational risk association with a membership of over 100 banks and insurers globally, the Horizon report reveals that the industry is grappling with how to assess and monitor the emerging risk landscape given the speed of change both within and outside of financial services firms. 

The report, based on a survey of over 50 financials firm, was conducted immediately prior to the conflict in Ukraine. Despite this, advanced cybercrime, in particular cyber warfare, is cited as the most worrying emerging risk category. 

Steve Bishop, Research & Information Director at ORX comments, “With a high level of organisation and sophistication, often state-backed, groups of cyber criminals are displaying agility and adaptability. Since the survey was carried out, we have seen the Ukraine conflict resulting in financial services institutions across the world further raising their alerts against cyber-attacks, and the threat is now both immediate and rapidly evolving.” 

In addition to cyber warfare, other top concerns mentioned around cyber crime included: 

• Ease and speed of attack – automation and AI allow cyber criminals to quickly adapt and learn while the commoditisation of cybercrime means specialist skills are no longer required  
• Lack of internal expertise and skills to prevent attacks 
•  Evolving and emerging cyber fraud types, typically exploiting emerging technologies 

Complex digital ecosystem 

The second and third largest risks identified in the report are digital strategies and emerging technologies. The report shows a broader and more complex digital ecosystem has emerged and will continue to evolve. Accelerated by the pandemic and competition from digital disruptors, this includes traditional market players rapidly digitalising across a range of organisational areas with increasing use of AI and Application Programming Interfaces (APIs).  

The technology of greatest concern selected by the survey participants was AI (79%) followed by APIs (38%), robotics/robotic process automation (PRA) (33%), digital currencies (33%) and blockchain (21%). 

Whilst it remains important for many report participants, climate and natural catastrophe has fallen as a priority overall due partly to the immediacy of other threats and the complexity and transversal nature of the issue.  

Bishop continues, “The world is more turbulent than it has been in a long time. The events of more than the last 24 months have created a highly dynamic and uncertain risk landscape. As a 

result, the focus is on the here and now as well as the things we are able to assess, but we do also urge firms to incorporate additional longer-term horizon scanning to facilitate more predictive analysis to identify future changes in the risk landscape.” 

Impact of Ukraine conflict on operational risk landscape 

The 2022 Horizon report includes editorial comment of the evolving situation in Ukraine including setting out some of the potential downstream changes to emerging risk profiles. Since the Horizon report was published, ORX has hosted several virtual roundtables with their members to discuss the operational risk impacts of conflict. The roundtables highlight that, amongst other risks, the last six weeks of global turbulence will have had a pronounced effect again on the impact of cyber threats. 

The roundtables, involving 70 representatives from almost 50 ORX member firms, revealed several key and immediate themes: 

Operations - Firms with operations and entities in the region are experiencing a range of adverse effects from the conflict, including those related to risks such as physical safety and security, business continuity and technology. 

People - Firms are trying to ensure employees and their families in the region are safe and feel supported during the crisis. 

Financial crime – Sanctions are a key focus for members globally, especially when facing the challenge of how to correctly apply rules in different jurisdictions. 

Information security (including cyber) - As the information security landscape evolves and cyber risk persists, members are devoting significant resources in this area, along with monitoring the wider geopolitical implications. 

Social expectation and reputational risk - Stakeholders have high expectations of firms in their response to the crisis, and firms need to ensure they handle the situation sensitively. 

Longer-term impacts - Much like the coronavirus pandemic, the crisis in Ukraine is fluid, and it is still in the early stages. Firms are trying to consider what could happen as the situation evolves.