Over the last five years, ORX has been on a strategically important journey to develop a set of contemporary industry-wide risk management standards and libraries. During this time, we've witnessed a significant increase in the importance of standards. There's substantial work being done across the financial services industry to enhance risk taxonomies, control libraries and, more recently, process and service libraries.
With the publication of the ORX Reference Process and Service Library, we've completed our current set of reference standards. So, I wanted to take the opportunity to share my thoughts on the lessons we have learnt from our journey. This blog is the first in a two-part series. In it, I'll look at why standards and reference libraries are so important for good risk management. Then, in the second blog, I'll share the lessons we've learnt along the way which could help you develop or improve your own standards.
Many organisations are making standards a cornerstone of their risk framework. Standards help to drive a consistent, organisation-wide language for, and understanding of, operational and non-financial risk (ONFR). They are essential for the effective use of data, enabling risk management in the first line of defence, managing risk at speed and providing new analytics and insights.
A new strategic vision for ONFR management
In 2024, ORX published our strategic vision for operational and non-financial risk. This vision, based on interviews with 50+ risk leaders and discussed extensively across the global industry, sets out a pathway forward for ONFR management. This pathway is designed to enable risk to effectively support digital transformation and digital businesses, helping firms face the complex and volatile global operating environment.
This pathway identifies the need for both an enhanced role and new capabilities, meaning ONFR needs to do three key things:
1. Operate at scale
The model for business-as-usual ONFR management needs to change so it aligns with a digital economic and operational model
2. Operate at speed
In an uncertain environment, risk needs to operate, react and change at the speed to support the business
3. Provide new insights
Add value by developing new insights on external, ecosystem and emerging threats, understanding the total impact of and complex interconnection between risks
Standards are the foundation of risk management capability fit for the future
This strategic path forward identifies the need for organisations to create a core set of ONFR standards as a foundational component of their risk framework. These standards should cover the key risk management dimensions, including risk, control and indicator metrics, as well as organisational dimensions such as process, service and business line. They are often embedded in risk management activities. They are essential for effectively organising and reporting data and to support effective governance and ownership.
Unsurprisingly, many of our members have either created these standards or are currently working on developing them. However, we often also hear from our community that there are ongoing challenges – balancing simplicity with coverage, flexibility with consistency and, most importantly, ensuring they are clearly understood across the business.
Leading the way in supporting standardisation across the industry
Over the last five years, ORX has developed a set of core ONFR reference standards and libraries. We started in 2019 by developing an Operational Risk Taxonomy, based on the cause-event-impact ‘bow-tie’ concept. We followed this with a Reference Controls Library and then a Reference Risk Indicator Library, both linked via the risks. Finally, we completed the set in 2024, with the publication of our Reference Process and Services Library.
Our global membership, and the wider industry, have been overwhelmingly positive about this work. Organisations have used them to speed up their own progress and benchmark their approaches. Firms are also adopting them and adapting aspects for their own use. We truly believe they are driving a common, more contemporary risk management language for the industry that will enable the development of better industry data sharing and enhanced risk management insights for the benefit of all.
Read my next blog for tips you can use to help develop and improve foundational standards at your financial firm.
How you can access ORX's standards
Our entire series of standards, references and taxonomies is available to all ORX members, while ORX Lite subscribers can access the taxonomies and guidance. Our Banking Operational Risk Reporting Standards and Insurance Operational Risk Standards are both available to download for free.
If your firm isn't a member, then you can also purchase the three reference libraries and two taxonomies either individually or as a package.
