Nos derniers articles

The UK Financial Conduct Authority (FCA) has clarified that serious bullying and harassment in financial firms constitute misconduct under its rules. Previously, the classification of such behaviors as conduct breaches was often unclear for firms other than banks.
Effective September 1, 2026, these regulations will encompass approximately 37,000 additional regulated firms, aiming for consistent standards across the financial services sector. Substantial cases of poor personal behavior will also be mandated for inclusion in regulatory references, similar to financial misconduct, to prevent individuals from avoiding accountability by changing employers.
The FCA is consulting on further guidance to aid firms in implementing these changes, considering feedback on earlier drafts. This guidance addresses how firms should evaluate non-financial misconduct, including social media use and private life behavior, when assessing an individual's fitness for financial services roles. The consultation period for this guidance extends until September 10, 2025.

The EBA released three final draft technical standards to support the EU Banking Package, enhancing supervisory oversight. These include Regulatory Technical Standards (RTS) for calculating the Business Indicator (BI) for operational risk capital, Implementing Technical Standards (ITS) mapping BI to FINREP for consistency, and amended ITS on operational risk reporting. The standards refine BI components, address mergers and disposals, and improve reporting accuracy. Set for adoption, the EBA will release IT tools and a technical package in Q4 2025, with reporting starting March 31, 2026.

This paper, in Spanish, criticizes the Basel Committee's proposal to replace the Advanced Measurement Approach (AMA) for operational risk capital with the Standardized Measurement Approach (SMA). SMA is argued to be flawed due to instability, insensitivity to risk, and potential for systemic risk. The paper advocates for maintaining the AMA framework and proposes standardized recommendations for internal operational risk modeling.

This research develops a taxonomy of operational risks impacting corporate sustainability. A literature review and analysis of 100 business cases reveal relationships between these risks, their causes, and their economic, social, and environmental consequences. The findings help companies classify and manage sustainability-related operational risks, though the specific relationships may vary across sectors and individual cases.

The OCC reports that operational risk is elevated due to cyber threats and complex operations. Compliance risks are also significant, especially in areas like BSA/AML and fraud prevention. External fraud targeting consumers and banks is increasing, requiring strong fraud management practices. Banks should prioritize risk management, maintain sound controls, and educate customers to mitigate these risks.

"the typical organization loses 5% of revenues yearly because of fraud. Businesses are subject to fraud risk, and it is critical for organizations to put in place effective control mechanisms to prevent fraud".

The article explores the importance of critical infrastructure (CI) and essential services (ES) for population security and business continuity. It examines the challenges posed by the interdependence of CI and ES, which complicates threat identification and risk management. The study identifies new research directions on operational risk management, public security, and resilience in critical supply networks.

“We lay a theoretical foundation for the choice of an exponential–Pareto combined distribution to model the severity of the operational risk. We derive, on a theoretical basis, the functional form of the operational risk severity distribution. The resulting loss severity distribution, in theory, is consistent with the parametric distribution that previous empirical works suggest is the best fit for loss data.”

“Gaps in the data available for assessing cyber risk have limited the development of metrics that would help the public and private sectors prevent and recover from cyberattacks and reduce systemic risk. Cyber incident disclosure rules, introduced to close the data gaps, help but fall short in supporting the effective management of cyber risk. This article examines current and proposed reporting requirements, especially in the financial sector, where they are the most advanced.”

“This study presents a structured workflow applying text analysis to operational risk event descriptions. It identifies managerial clusters causing risks, enhancing traditional quantitative methods, and improving risk mitigation based on historical loss events.”