The potential impacts of the digital revolution on the operational risk profiles of banks

Abstract

Society is undergoing a digital revolution. This is altering the business profiles of banks in terms of their systems, processes, controls and usage of third parties; their competitive landscape, ie competition from both digitising incumbents and new BigTech and FinTech entrants; and the behaviours of stakeholders, ranging from customers to cyber-criminals. This digital revolution is amplifying some of their existing risks, while also creating new risks, eg the potential for artificial intelligence (AI) tools to change behaviours over time (AI model drift). Some of these changes in operational risk profile will be transient, as they are associated with digital transformation, while others will be both ongoing and characterised by a high degree of dynamism. In this digitised endstate higher frequency/lower value human errors, may be replaced by lower frequency/higher impact systemic losses, arising from both catastrophic and silent failures. The influence of the digital revolution spans almost all of the Basel operational risk event categories, and may also lead to the enhancement of some controls (eg surveillance), while others may be undermined (eg by voice-spoofing). There is no silver bullet to mitigate these risks; instead, a portfolio of existing control frameworks need to be enhanced, including the following: change management; model risk management; third party vendor management; business continuity management, disaster recovery and operational resilience; and cybersecurity, with new controls required to address the new risks associated with AI. This will be a key factor in the operational risk losses of banks over the next decade.