Managing Operational Risk in the
Financial Services Industry with ERM


Financial services organizations are under intense scrutiny from regulators, customers, investors, employees, and even the public at large to efficiently manage operational risk.

One misstep – say a compliance problem or data breach – can jeopardize customer confidence, raise the ire of regulators, and result in costly fines. And that’s especially unwelcome news for an industry already contending with decreasing margins and increasing competition from nontraditional sources in a rapidly digitizing world.

These days, there is no patience or forgiveness for disparate risk management systems that obscure the truth.

The complex operational risks of financial services firms need to be viewed collectively, not individually. You must be able to connect the dots between all risks to make intelligent decisions that will achieve your goals. And a growing number of financial services firms are turning to Enterprise Risk Management to manage operational risk more consistently, more efficiently, and more accurately.

ERM pulls all of the pieces together so you can anticipate, assess, mitigate, and monitor every form of operational risk throughout your organization. It helps you understand the full impact of risk – negative and positive – so you can minimize threats, capitalize on opportunities, and build resilience. With ERM, risk transforms from an organizational liability into a strategic advantage.

Having the right technology is critical to managing operational risk efficiently and objectively across the enterprise. But that’s just the beginning. To be successful, the ERM mindset must be embedded into the very fabric of the organization. After all, risk is everywhere.

This guide will help you understand what ERM is, how it can be used to manage operational risk, and how to begin holistically managing risks and opportunities in a truly integrated way.


operational risk management icon2Operational risk arises from any threat that could disrupt operations. It includes many risk types – e.g., compliance, third party, cyber, fraud – that relate to serving customers and operating internally. Effectively managing these risks requires oversight and transparency across virtually all of an organization’s processes and business activities.

And that’s where ERM comes in.

ERM is a structured, proactive, and continuous process that is applied across the organization to better understand all risks, how they relate to each other, and the cumulative impact on the organization. It looks to increase an organization’s value by both minimizing losses and maximizing opportunities for growth.

Applying ERM to operational risk brings consistency, clarity, and efficiency to managing the diverse risks included under the operational umbrella. ERM adds discipline and accountability, transforming operational risk management from a subjective, manual list of disparate activities to an objective, data-driven, purposeful process.

With ERM, you can reduce the risk of operational damage by proactively identifying and managing potential threats – which is particularly critical in the high-stakes world of financial services.

Equally important is to recognize what ERM is not. It is not just one more risk management tool that works independently of other technology.

True ERM integrates risk management across the organization. It breaks down departmental silos and helps all disciplines work together more efficiently. It also recognizes that risks are interrelated, helps eliminate duplicate efforts, and provides the big-picture view necessary to identify trends and potential risks early enough to do something about them.

operational risk data icon2


Say an employee opens an email and clicks on a link which turns out to be a phishing scam. The immediate risk is that the employee’s information has been stolen. However, there is also the risk that corporate, financial, or client data has been compromised. The slower the response, the greater the harm.

ERM can help minimize the fallout from such a risk event. All relevant information is already in one place where it can be instantly shared, discussed, and acted upon. ERM facilitates collaboration across the business to quickly pinpoint the problem, mitigate the damage, and institute controls to prevent future harm to operations.

With ERM you can understand the situation, prioritize actions, and report on results – all in record time.


The idea of managing risk on an enterprise-wide basis may seem daunting. But migrating toward ERM is essential for next-generation operational risk management.

Here are five ways ERM creates value specifically for financial services organizations:

ERM Operational Risk Process

Streamlines Processes

ERM breaks down silos, eliminates duplicate efforts, and encourages communication and collaboration across all areas of the organization.

ERM Operational Risk Time response

Improves Response Time

ERM gives you the unobstructed view of risk and real-time reporting capabilities necessary to quickly make sense of a complicated situation.

ERM Operational Risk Resilience

Elevates Resiliency

ERM identifies both the upside and downside of risk, which can help you better absorb internal and external shocks and take advantage of opportunities in an ever-changing marketplace.

ERM Operational Risk Compliance

Facilitates Compliance

ERM helps you stay in compliance by consolidating risks and regulations in one location, leveraging a single assessment across multiple mandates, and maintaining a clear audit trail – an invaluable advantage for financial services firms grappling with continuous updates from more than one thousand global regulators.

ERM Operational Risk decision making

Enhances Decision-Making

ERM has a flexible yet consistent process for identifying risks, prioritizing actions, and measuring results in terms of the value created for the firm.


Managing operational risk at an enterprise level is virtually impossible with spreadsheets or other manual methods. It takes the power of today’s cloud-based technology for financial services organizations to bring together multidisciplinary teams that can respond quickly to emerging threats and build agility and resilience for the future.

ERM software integrates all risk-related information into one source – which alone adds value to the organization by increasing efficiency in the process, as well as accuracy and consistency in the data. The software also can:

  • Identify threats – including compliance, third party, cyber, fraud, and human behavior.
  • Digitize operations – to minimize human error.
  • Assess the impact of risks – both positive and negative with real-time analytics.
  • Visualize interdependencies between risks – by frequency, severity, and exposure for both insurable and noninsurable risks.
  • Enhance communication – with automated workflows, reporting, and dashboards.
  • Prioritize risks – so you can take action where it matters most.

Interested in learning more? Check out Riskonnect’s ERM software solution


Technology is critical to implementing ERM in a financial services organization. Success depends on selecting the vendor that understands the needs of the organization, as well as of every stakeholder.

Here are 10 questions to help you make the right choice:

1. How secure is the system?

Financial information is sensitive. Make sure your vendor offers end-to-end security in the form of password policies, security roles, encryption, and audit logs. Vendors with a cloud-based platform should be able to explain how the data is secured and guarded. Data centers also should be audited regularly.

2. How reliable is the system?

Look for a system that is fast and reliable. Technology should provide information on-demand, with virtually no wait times for queries, searches, or analysis. Invest in a system with minimal downtime from a vendor that offers up-to-the-minute details on planned maintenance.

3. Is it scalable?

The world of financial services is constantly changing, and risks are always evolving. Give priority to a solution that can expand with your needs without costly and time-consuming overhauls.

4. Is it integrated?

Look for a system that includes a multitude of solutions – heat maps, risk assessments, risk hierarchies, risk registers, reporting and analytics, and more – that can be used across operational-risk disciplines. End-to-end integration minimizes errors, maximizes collaboration, and gives you more powerful insights for better decision-making.

5. Who should be included in the buying process?

ERM touches many functional areas, and it’s important for all voices to be heard – especially beyond the second-line risk function. And if the C-suite holds the purse strings, be sure to detail the tangible ways ERM will benefit the business.

6. Can we take the software for a test drive?

Take the time to request a demo. How easy and intuitive is the user experience? Are all the features you need accessible from a tablet, phone, and laptop? Are the reports and analytics sophisticated enough for your needs? And are they easy to do?

7. Whom will we be working with?

Technology is great, but people make the real difference. You want to work with people you like and trust. Will the person answering your call or email know you, your organization, and the financial services industry – and will they be able to resolve issues within a reasonable amount of time?

8. What about implementation?

Find out how long implementation typically takes, what the process is, what information is needed from you, and who is involved. And ask what type of support is offered post go-live and the expected response time.

9. What is included?

Have a clear understanding of what features and services are included in the pricing structure, and what it might cost if your needs change.

10. Will you have our back?

Always make sure the vendor has demonstrated expertise in the financial services industry, as well as technology and risk – and the longevity and resources to go the distance with you.


Managing uncertainty, while creating and protecting value at a strategic level, has obvious appeal to risk managers and leaders alike. In reality though, different departments, isolated by disparate technology, can end up working at cross purposes.

With old-school techniques like spreadsheets, there is no practical way to eliminate this tunnel vision. But with an integrated ERM program, you can.

operational risk erm 360 ViewToday’s ERM software can break down the silos and pull all the pieces together for a powerful 360-degree view of all operational risk within your enterprise. It can aggregate large amounts of data to uncover the individually rare, but collectively important, problems that make up a significant portion of things that go wrong. And you have the insight to react quickly and change the trajectory.

The whole is truly greater than the sum of the parts.

Already thin margins and stretched staff, however, can make it a challenge to generate enthusiasm for what can be a significant undertaking. And it can feel uncomfortable at first to involve disciplines outside the risk management department. Is it worth the time and effort to implement a new approach?

The answer is yes.

ERM software will certainly boost productivity by eliminating duplicate efforts. And being able to manage operational risk proactively instead of reactively will likely reduce costs of future risk events. But the real value lies in ERM’s ability to enhance your ability to make intelligent decisions that will help you achieve your strategic goals.

ERM doesn’t eliminate risk – of course – but it will minimize surprises. And if something unexpected does happen, you’ll have the knowledge, tools, and culture to turn those challenges into opportunities for success.

ERM operational risk ebook

Banking on Balancing Risk and Opportunity

Download this e-book, Banking on Balancing Risk and Opportunity, to learn more about ERM in the financial services industry.