Many Financial Institutions Not Using Operational Risk Management to Challenge Business Models: KPMG and RMA Survey

No Progress in Aligning Strategy with Operational Risk Since 2014

NEW YORK and PHILADELPHIA, Nov. 8 – Aligning operational risk management (ORM) with strategy could enable strategic change, improve business performance and enhance customers’ experience for financial institutions. However, only half of firms surveyed with less than $250 billion in assets leverage ORM to challenge business models, according to a report by KPMG LLP and The Risk Management Association (RMA).

According to the Operational Risk Management Excellence Survey, larger institutions appear more advanced in aligning ORM with strategy, with 90 percent at or above $250 billion in assets leveraging ORM to challenge business models. For more, please click here.

“Aligning ORM with business strategy enables financial institutions to identify, assess and mitigate risks, while adding business value,” said Phillip Bray, Principal in KPMG LLP’s Operations and Compliance Risk services. “We’ve observed that, for many institutions, the first priority is to resolve regulatory issues and then take a broader look at how ORM is integrated into strategy.”

“While prioritizing compliance is understandable in this challenging regulatory landscape, institutions that cannot evolve their ORM from a check-the-box approach to one that informs the organization as a whole are not realizing the full value of their operational risk spend,” said RMA Chief Administrative Officer and Director of Operational Risk Edward J. DeMarco, Jr. “They are also missing opportunities that could be transformational to their businesses.”

Other Key Findings

  • Digital Transformation Spend Lacking: 20 percent at or above $250 billion and 27 percent under $250 billion are dedicating a portion of annual budgets to digital transformation, including automation and data and analytics.

  • Regulatory Checklists: Larger and smaller institutions agreed the following areas are most important to regulators:
    • Operational risk aggregation / profile (92 percent)
    • Operational risk appetite (88 percent)
    • Information / cyber security (85 percent)
    • Risk control self assessments (85 percent)
    • Operational risk monitoring (81 percent)
    • Vendor risk management (77 percent)
  • Data Reporting: 27 percent and 21 percent, respectively, of larger and smaller firms have dashboards to report risk exposures and their impacts on business strategy and performance. This is down from 80 percent for larger firms in 2014.

About the Survey

KPMG LLP (KPMG) and The Risk Management Association (RMA) updated and redeployed the Operational Risk Management Excellence Survey completed across North America, Europe and Asia in 2014 by over 85 leading financial institutions, including 20+

Global Systemically Important Banks The objective is to give participants insights into leading industry ORM practices in support of enhanced business value and heightened regulatory expectations to help firms gauge positioning against evolving industry practices, assess and improve their ORM frameworks, and enhance risk management.


KPMG is one of the world’s leading professional services firms, providing business solutions and audit, tax, and advisory services to many of the world’s largest and most prestigious organizations. KPMG LLP is the independent U.S. member firm of KPMG International Cooperative (“KPMG International”). KPMG International’s independent member firms have 197,000 professionals working in 154 countries. Learn more at

About The Risk Management Association

Founded in 1914, The Risk Management Association is a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. RMA promotes an enterprise approach to risk management that focuses on credit risk, market risk, and operational risk. Headquartered in Philadelphia, Pennsylvania, RMA has 2,500 institutional members that include banks of all sizes as well as nonbank financial institutions. They are represented in the association by more than 18,000 risk management professionals who are chapter members in financial centers throughout North America, Europe, Asia/Pacific, and Australia. Visit RMA on the Web at 


Michael Rudnick/Pete Settles


201-307-7398/ 201-505-6065


Frank Devlin/Stephen Krasowski