This research develops a taxonomy of operational risks impacting corporate sustainability. A literature review and analysis of 100 business cases reveal relationships between these risks, their causes, and their economic, social, and environmental consequences. The findings help companies classify and manage sustainability-related operational risks, though the specific relationships may vary across sectors and individual cases.
The OCC reports that operational risk is elevated due to cyber threats and complex operations. Compliance risks are also significant, especially in areas like BSA/AML and fraud prevention. External fraud targeting consumers and banks is increasing, requiring strong fraud management practices. Banks should prioritize risk management, maintain sound controls, and educate customers to mitigate these risks.
"the typical organization loses 5% of revenues yearly because of fraud. Businesses are subject to fraud risk, and it is critical for organizations to put in place effective control mechanisms to prevent fraud".
The article explores the importance of critical infrastructure (CI) and essential services (ES) for population security and business continuity. It examines the challenges posed by the interdependence of CI and ES, which complicates threat identification and risk management. The study identifies new research directions on operational risk management, public security, and resilience in critical supply networks.
“We lay a theoretical foundation for the choice of an exponential–Pareto combined distribution to model the severity of the operational risk. We derive, on a theoretical basis, the functional form of the operational risk severity distribution. The resulting loss severity distribution, in theory, is consistent with the parametric distribution that previous empirical works suggest is the best fit for loss data.”
“Gaps in the data available for assessing cyber risk have limited the development of metrics that would help the public and private sectors prevent and recover from cyberattacks and reduce systemic risk. Cyber incident disclosure rules, introduced to close the data gaps, help but fall short in supporting the effective management of cyber risk. This article examines current and proposed reporting requirements, especially in the financial sector, where they are the most advanced.”
“This study presents a structured workflow applying text analysis to operational risk event descriptions. It identifies managerial clusters causing risks, enhancing traditional quantitative methods, and improving risk mitigation based on historical loss events.”
“The study demonstrates the capability of certain public sector banks to bear operational risk on a particular level of regulatory capital. The ability of a bank to be successful under unfavorable conditions is related to its operational risk, regulatory capital and management processes.”