ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

A New Way Forward with Risk Operation Centers

July 23, 2020
Reading Time: 4 mins read
A New Way Forward with Risk Operation Centers

By Atul Vashistha

Although it’s unclear when the negative effects of COVID-19 will be fully played out, one thing is certain: The traditional third-party risk management, or TPRM, practices that financial institutions have relied on are inadequate going forward. Many current risk programs are reactionary in nature, thereby crippling effective risk mitigation. The problem is compounded by the fact that risk mitigation decisions rely on static data collected during point-in-time assessments.

In today’s rapidly changing risk environment, reactive responses and stale risk data are passé. Leading financial institutions are recognizing the need to reset their TPRM programs. Making the shift to investing in continuous risk monitoring through a proactive risk operations center enables effective risk anticipation to mitigate or even avoid costly business disruptions.

The shortcomings of today’s TPRM programs

For most financial services TPRM programs, the main risk focus occurs during the third-party selection process. Due diligence is performed at the point of onboarding to understand the risk associated with a new location or a new third party.

Assessments are performed periodically, usually once a year or every other year, to ascertain whether risk profiles have changed. Additional efforts are typically limited to reactively responding when a risk event has already occurred. The downfall of these practices results from the continuous, dynamic nature of risk. The time between assessments leaves financial institutions exposed and vulnerable to potentially significant disruptions.

The inadequacy of today’s programs stems from an underinvestment in risk due to a reliance on outdated risk models. For too long risks such as global pandemics have been considered high impact, but low probability. This isn’t logical when you consider both the frequency of recent disease outbreaks (four pandemics since 2002—SARS, H1N1, MERS, and COVID-19) and the hyper-connectivity of our global financial markets and travel. When financial institutions tested their disaster recovery and business continuity plans pre-COVID-19, few if any tested a scenario where 100 percent of employees would be forced to work from home or that all global operations would be affected at once. Today’s risk leaders need to challenge their assumptions on risk impact, frequency and worst-case scenario.

Operational disruptions result not only in lost revenue, but also reputational damage, customer churn, regulatory penalties, litigation, attrition, lost productivity of internal employees tasked with resolving the incident and often much more. When you evaluate the potentially astronomical cost of disruptions, it’s easy to see why investment in risk management is now being recognized as a competitive advantage.

Introducing a permanent risk operations center

Leading financial institutions will establish a permanent risk operations center to continuously monitor for changes, assess potential impact, identify risk mitigation actions, track incident resolution and identify risk trends. The competitive benefits realized are improved speed and quality of response to minimize or avoid disruptions and the related costs.

While permanent, an ROC can be staffed up or down as the risk environment requires. It is continuously monitoring, planning and proactively ready to act. Enterprises that wait to establish a risk operations center in a reactionary manner, once a crisis is declared, will miss out on key risk intelligence and valuable time to make effective risk mitigation or avoidance decisions.

The foundation for building an ROC

An ROC relies on four components: a monitoring post, a workflow tool, a response center and a feedback loop. The monitoring post continuously monitors risk across a broad framework of third-party and location-based risks to collect real-time risk intelligence. Traditionally, TPRM programs have been heavily focused on financial and cyber risks, but today’s business disruptions come from a wide spectrum of risk, such as compliance, sanctions, people, solutions maturity, client and location-based risks.

Relevant and validated risk intelligence is routed through a workflow tool. The response center, ideally divided into specialized workstreams like technology, facilities and workforce, will then assess the intelligence for relevance and risk level to the institution. From there, risk mitigation guidance and recommended actions, both internal and external, are provided to the relevant business functions. When action is taken, results are entered into the feedback loop to know what is working and when alternative actions are required. Risk events are then tracked to resolution.

Staffing an ROC for a financial services enterprise should be considered through the view of competencies needed. These functions can be covered through a combination of technology, tools, analytics and people. Data collected needs to be continuous and analyzed in real-time for relevancy and impact to produce risk intelligence that can be used for mitigation, trending and forecasting. As the response center team will need to work well with other business functions, they need skills related to relationship management and collaboration. Team members will need risk mitigation knowledge and the ability to look beyond the individual risk event to make connections to other possible related or cascading risks in a truly proactive fashion.

A new way forward

COVID-19 has highlighted that our current risk models and third-party risk practices are no longer adequate. Instead of focusing on risk management as an expense, financial enterprises should pivot to a new way forward with risk management as an investment. Making the proper investment in continuous risk monitoring through a proactive and permanent risk operations center, financial enterprises can reap the competitive advantages of business resilience, regulatory compliance and brand enhancement.

Atul Vashistha is a leading expert on globalization, governance, and risk. He has authored three best-selling books: The Offshore Nation, Globalization Wisdom and Outsourcing Wisdom. He is also founder and Chairman of Supply Wisdom, the real-time and continuous risk intelligence and monitoring solution.

ADVERTISEMENT
Tags: CoronavirusRisk managementThird-party risk
ShareTweetPin

Related Posts

FBI: Crypto-related fraud losses increased 45% in 2023

Justice Department seizes millions of dollars linked to alleged crypto investment scams

Compliance and Risk
June 20, 2025

The Department of Justice announced it has seized $225.3 million in funds linked to cryptocurrency investment scams. The action marks the largest cryptocurrency seizure in Secret Service history.

ABA urges FinCEN to reevaluate BOI collection burden on banks

FinCEN releases figures on BSA filings

Compliance and Risk
June 20, 2025

Financial institutions filed 4.7 million suspicious activity reports in fiscal year 2024. They filed 20.5 million currency transaction reports during the same time frame.

FinCEN to propose new rules on money laundering, whistleblower program

Treasury official outlines principles for Bank Secrecy Act modernization

Compliance and Risk
June 18, 2025

The Treasury Department is exploring ways to streamline the filing process for suspicious activity reports and currency transaction reports as part of a broader effort to modernize BSA enforcement, Deputy Secretary of the Treasury Michael Faulkender said.

ABA suggests splitting proposal to expand Fedwire, NSS operating hours

FATF releases revisions to international standard for payment transparency

Compliance and Risk
June 18, 2025

FAFT announced several revisions to its recommendation on payments transparency, which it said will enhance the safety and security of cross-border payments to better detect financial crime.

BAFT releases report on best practices, guidance for ISO 20022 migration

CFPB to delay small-business lending data collection compliance dates

Compliance and Risk
June 17, 2025

The CFPB will issue an interim final rule today to push back by roughly a year the compliance dates for its small-business data collection requirements, according to a filing in the Federal Register.

Is deepfake technology shifting the gold standard of authentication?

Will fraud prevention ever be autonomous?

Technology
June 17, 2025

Anti-fraud systems are learning to anticipate fraud rather than merely react to it. Better anticipatory abilities inch systems closer to full automation.

NEWSBYTES

ABA DataBank: Planned/announced office conversions spike

June 20, 2025

OCC releases mortgage performance report for Q1 2025

June 20, 2025

Justice Department seizes millions of dollars linked to alleged crypto investment scams

June 20, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.