ORX Scenarios Insights Into Material Risks 2022 Public Report
ORX Scenarios Insights Into Material Risks 2022 Public Report
ORX Scenarios Insights Into Material Risks 2022 Public Report
Insights into
Material Risks
2022
• Scenarios drawing increasingly on information from other functions (e.g., resilience) and programmes
(e.g., risk appetite) as scenario practitioners look to integrate knowledge, data, and techniques from other
areas of the business as the use of scenarios widens
2
Insights into Material Risks 2022
3
Insights into Material Risks 2022
• An evolving cyber threat – The pace of digital change is likely 1 Western Europe 2 North America 3 Global
increasing nation-state involvement to intensify in the coming years as
and growing commoditisation of institutions consider how the use of AI
ransomware-as-a-service (RaaS) and, in the longer term, APIs, robotics, 34% Retail banking Scenario
quantum computing, open banking Business 30% Corporate Items impact rank
• Widening attack surface – legacy and digital currencies (among others)
systems, digitalisation programmes,
Lines 7% Commercial banking
impact their business and customer
increasingly regular remote working Impacted 6%
needs. Private Banking
and a growing reliance on third and 23% Other 42% Very high
subsequent parties to deliver critical These developments will also likely
services be incorporated into new and current
System Security
scenarios impacting risk profiles, 39% External - Wilful Damage 27% High
• Safeguarding data – data business continuity plans and 3rd Event External Theft
breaches impacting institutions’ party arrangements. 29% and Fraud
reputation and customer/ types Improper Business
17% Medium
5%
stakeholder confidence or Market Practices
14% Low
27% Other
4
Insights into Material Risks 2022
now including 3 or more risk drivers, the five most prevalent risks in the 30% Other
the interconnected landscape in which library (see table on page 6). 22% High
External Theft
35% and Fraud 23% Medium
Event 34%
Internal Theft
and Fraud
types
16% Unauthorized 32% Low
Activity
15% Other
Library consideration
Key risk drivers
Institutions’ preparedness for fraud
Transaction Number of
attempts are emphasised in the 1 Value of fraud or
assets affected
2 values 3 affected customers
library, with 55% of Fraud scenarios
categorised as having a low or medium
impact and median severity being the Key direct financial impacts
joint lowest of the risk types analysed.
Customer restitution Legal
1 Internal costs (excluding
legal expenses)
2 and compensation 3 costs
5
Insights into Material Risks 2022
entered the Top 5 (for a full table, see Appendix). Both risks are intrinsically types Improper Business
linked to, and impacted by, the interconnected themes highlighted above. Both 10% or Market Practices
24% Low
Data Management Risk and People Risk are likely to become more visible in
20% Other
upcoming library cycles, whether in the form of standalone scenarios, risk drivers
or embedded factors within storylines.
Key risk drivers
Number of System or
1 Transaction
values
2 transactions 3 process type
Library consideration
Only 17% of Transaction Processing and Execution
scenarios were given a very high impact rank. Key direct financial impacts
However, the prominence of this risk type in the Internal costs External costs
library is indicative of the level of consideration 1 Customer restitution
and compensation
2 (excluding legal 3 (excluding legal
expenses) expenses)
given to its potentially significant consequences.
6
Insights into Material Risks 2022
7
Insights into Material Risks 2022
Transaction Processing
3rd Third Party Technology External Fraud
and Execution
8
Insights into Material Risks 2022
We work closely with over 100 member firms to develop a deeper understanding • Handbooks and resources
of the discipline and practical tools. We set the agenda, maintain industry • Benchmarking
standards, and garner fresh insights.
• A global community of scenario practioners
ORX is owned and controlled on an equal basis by its members.
• And much more...ney with ORX Scenarios
Find out more about us at www.orx.org
Contact Visit
www.orx.org
Roland Kennett
Disclaimer: ORX has prepared this document with care and attention. ORX does not accept [email protected] Follow
responsibility for any errors or omissions. ORX does not warrant the accuracy of the advice,
statement or recommendations in this document. ORX shall not be liable for any loss, expense,
damage or claim arising from this document. The content of this document does not itself constitute @ORX_association
a contractual agreement, and ORX accepts no obligation associated with this document except as
expressly agreed in writing. ©ORX 2022 @ORX_Association
Scenarios