Weekly Operational Risk News Update
The RiskSpotlight Portal is the world's first forward-looking operational risk content service, providing financial service organisations with comprehensive insights into emerging risks, best practices, regulatory updates, and external loss events. By leveraging daily updates from global risk news sources, it enables proactive risk management and informed decision-making across various organisational roles.
Here are some highlights of the emerging operational risks and loss events from the last week taken from the Portal. This is just a glimpse of the detailed analysis and insight available in the Portal. To find out more go to RiskSpotlight-Portal – RiskSpotlight
Emerging Operational Risk Topics
Overdraft Fee Regulations in the United States
The Consumer Financial Protection Bureau (CFPB) has introduced a significant new rule targeting overdraft fee in the United States. Starting October 2025, financial institutions with assets exceeding $10 billion will be required to cap fees at $5, limit fees to their actual costs, or comply with standard loan regulations, which include detailed disclosures and periodic statements for consumers. This change is projected to save consumers $5 billion annually and is part of the CFPB’s broader campaign against “junk fees”. Since the campaign’s inception, the CFPB has compelled financial institutions to refund hundreds of millions of dollars and driven several banks to reduce or eliminate overdraft fees, resulting in an estimated $6 billion in annual savings for consumers.
DORA Compliance and Data Quality Challenges in Europe
In Europe, preparations for the Digital Operational Resilience Act (DORA) are intensifying as the January 2025 deadline approaches. A dry run by the European Supervisory Authorities (ESAs) revealed progress and challenges, with 93.5% of submitted data exhibiting at least one quality issue. While most financial entities are on track to meet compliance requirements, common problems include missing mandatory information and errors in using unique identifiers for ICT third-party service providers. Addressing these issues is critical as financial entities prepare their Registers of Information to enable comprehensive reporting, monitor third-party ICT risks effectively, and ensure regulatory authorities can oversee these risks at the EU level.
Cybersecurity Threats in the Financial Sector
The financial sector continues to face significant cybersecurity threats, with financial organisations ranking among the top five most targeted industries globally in the first half of 2024, according to Positive Technologies. Social engineering attacks more than doubled from the previous year, and malware remained the dominant tool in cybercriminals’ arsenals, accounting for 56% of incidents. While ransomware attacks declined by 28% compared to 2023, they remain a major concern. The increasing use of remote access trojans (RATs), often delivered via phishing emails, highlights the ongoing need for vigilance in the financial sector.
AI-Driven Scams and Sophisticated Cybercrime
Cybercriminals are leveraging artificial intelligence (AI) to execute increasingly sophisticated scams, according to Visa’s latest threat assessment. In one striking example, fraudsters used AI-generated deepfake technology to impersonate a company’s chief financial officer, stealing $25.6 million in Hong Kong. The report also noted the growing use of AI in social engineering, the resurgence of physical card theft, and delayed cashout tactics aimed at evading detection. Visa’s multi-layered defence strategy, which blocked over $11.8 billion in fraudulent transactions in the first half of 2024, underscores the importance of proactive monitoring.
Third-Party Risk Management in Europe
Third-party data breaches remain a critical concern, with a SecurityScorecard report revealing that 98% of Europe’s top 100 companies experienced breaches over the past year. France recorded the highest rate of breaches, affecting nearly all organisations. As the implementation of DORA approaches, prioritising third-party risk management will be essential for ensuring compliance and maintaining resilience against operational disruptions.
Challenges in Cryptocurrency Regulation in the United Kingdom
The Financial Conduct Authority (FCA) in the United Kingdom faces difficulties in enforcing its crackdown on illegal cryptocurrency advertisements. Despite issuing over 1,700 alerts between 2023 and 2024, only 54% of flagged ads were removed. With plans to finalise cryptocurrency regulations by 2026, the FCA is under mounting pressure to strengthen its enforcement measures and protect consumers from fraudulent promotions.
Workforce and Climate Risks in Indian Banking
In India, the Reserve Bank of India (RBI) has highlighted two critical concerns: high employee attrition rates in private banks and the increasing risks posed by climate change. With a 25% attrition rate disrupting services and inflating costs, the RBI emphasises the importance of strategic workforce management. Additionally, enhanced regulatory frameworks and stress testing are recommended to address climate-related risks and ensure financial stability in the banking sector.
Security Challenges in Cloud Technology Adoption
The rising reliance on cloud technologies is exposing organisations to new security challenges. A survey by Dark Reading found that nearly half of respondents are concerned about cloud exploits and data breaches, while over a third struggle to enforce security policies in cloud environments. These issues are compounded by staffing shortages and the complexities of managing shared responsibilities with cloud service providers. The findings stress the need for robust risk assessments and a focus on securing machine identities in cloud-native environments.
Key Operational Risk Loss Events Update
Cyberattack on Mizuho Bank in Japan
Mizuho Bank, a major Japanese financial institution, experienced connection disruptions on December 31, 2024, affecting online transactions for individuals and corporations for approximately three hours. The bank suspects a distributed denial-of-service (DDoS) attack, a method that has recently targeted other prominent Japanese companies, including MUFG Bank, Japan Airlines, and NTT Docomo.
Regulatory Sanctions on Capitec Bank in South Africa
Capitec Bank, South Africa’s largest bank by subscribers, has been fined approximately $3 million by the South African Reserve Bank for failing to comply with anti-money laundering regulations. Inspections revealed significant deficiencies in the bank’s customer due diligence processes, highlighting the ongoing need for strict adherence to compliance in the South African banking sector.
Data Privacy Breach by Former OCBC Bank Executive in Singapore
In Singapore, a former assistant vice president at OCBC Bank, Au Jia Hao, was sentenced to 10 weeks in prison for illegally accessing the banking details of 369 customers over an eight-month period. The executive used his position to view account balances and personal information of various individuals, including politicians, influencers, colleagues, friends, and family members, citing curiosity and work stress as his reasons for the misconduct.
Weekly Round Up of RiskSpotlight’s Posts
Day 5 of "31 Days of Emerging OpRisks" by RiskSpotlight: AI Displacement
Day 4 of "31 Days of Emerging OpRisks" by RiskSpotlight: Deepfakes
Day 3 of "31 Days of Emerging OpRisks" by RiskSpotlight: AI Shadow Systems
Day 2 of "31 Days of Emerging OpRisks" by RiskSpotlight: Greenhushing
Introducing "31 Days of Emerging OpRisks" by RiskSpotlight: API Security Risk
Thought Provoking
What If Famous Personalities Were Operational Risk Managers?
领英推荐
Webinar - Master Emerging Operational Risks in 2025
Are you prepared for the operational risks that 2025 will bring? Join us for an?exclusive free webinar?designed for operational risk professionals in the financial services industry, where?Michael Rasmussen?(the “Father of GRC”) and?Manoj Kulwal?(Chief Risk & AI Officer at RiskSpotlight) will share actionable strategies to help you navigate the evolving operational risk landscape.
Webinar Details
?? Date: 14th January 2025
? Time: 2:00 PM - 3:40 PM (UK Time)
?? Format: Online (Microsoft Teams)
??? Cost: Free (Registration required)
?? Register Here - https://lnkd.in/ecyYyvXv
Can’t attend live? No problem—register now, and we’ll send you the recording!
Why Attend?
???Discover Frameworks for Success: Learn how to design and implement proactive risk monitoring frameworks tailored to financial services.
???Stay Informed: Gain insights into the?key risks for 2025, including AI ethics, cyber resilience, ESG challenges, misconduct, and more.
???Learn from Industry Experts:
Training Courses
??Introducing the World’s First Microsoft Copilot Course for Second-Line Operational Risk Management Stakeholders??
??Course Duration: 3 hours
???Course Format: Online or Classroom
???Course Fee: £3,800 (up to 20 attendees)
Learn More: https://lnkd.in/gaazfN5W
Email [email protected] to inquire about this course or schedule it for your 2nd line stakeholders.
Connect with us
We hope you find this newsletter informative. If so, please subscribe to receive weekly. Also follow RiskSpotlight’s LinkedIn page for further valuable operational risk content https://www.dhirubhai.net/company/riskspotlight-limited/
For further information regarding RiskSpotlight’s services visit our website RiskSpotlight
RiskSpotlight Portal
Are you and your team finding it challenging to stay on top of emerging risks?
If so, why not take a no-obligation trial of RiskSpotlight’s Portal—the first operational risk intelligence service designed to help you proactively navigate future risks.? This newsletter is produced from our news portal and represents a fraction of the content available.
Key benefits include:
Forward-Looking Risk Intelligence: A future-oriented approach that identifies emerging operational and technology threats before they materialise, unlike other platforms focused just on past risks and loss events.
Continuous Horizon Scanning: Real-time insights on industry best practices, regulatory updates, and major external events impacting risk landscapes.
Monthly Deep Dives: In-depth, subscriber-driven analyses on critical, evolving topics to keep you updated on high-impact risks.
OpRisk Radar Dashboard: A real-time, visual tool for identifying and prioritising emerging risks. Content is updated daily.
Comprehensive Risk Libraries: Organised resources covering 126 core risks, detailed scenarios, and over 60,000 curated articles for broad risk research.
Value-Focused, Competitive Pricing: More content and value per pound than competitors, making it an affordable choice for robust risk management resources for all sized businesses.
To request a demo please contact [email protected] or contact RiskSpotlight via LinkedIn
Disclaimer:
The content provided in this newsletter is intended for informational purposes only and reflects the best efforts of RiskSpotlight to deliver accurate and relevant information. However, as this content may include insights generated or assisted by AI, we cannot guarantee the absence of errors or omissions
?