COVID-19 & the Evolution of Operational Risk: From Risk to Resilience

The COVID-19 pandemic thrust Operational Risk Management (ORM) in financial services directly into the spotlight in 2020, elevating the strategic profile of the risk discipline as it tested banks’ resilience to operate effectively through unprecedented global business disruption.

The COVID-19 pandemic thrust Operational Risk Management (ORM) in financial services directly into the spotlight in 2020, elevating the strategic profile of the risk discipline as it tested banks’ resilience to operate effectively through unprecedented global business disruption. 

The pandemic ignited a simultaneous barrage of non-financial risks including employee health and safety, technology and bandwidth reliability concerns, cyber and information security issues, and increasing instances of fraud all against the backdrop of an uncertain economic environment. On top of this, the roll-out of new and extraordinary government programs, such as the Paycheck Protection Program (PPP), foreclosure moratoria, and forbearance programs created their own operational risks due to their relatively short implementation time-frames and resulting execution risk. 

As a result, organizations leaned heavily on their operational risk practitioners across all lines of defense to help shape and strategize for the transition to a new virtual business model and the acceleration of digital offerings for consumers.  

One of the biggest adjustments firms had to make was the complex transition to a virtual work environment. Strict social distancing guidelines meant banks had to close branch offices, call centers and trading floors, and secure more cables, laptops, and screens for employees to work from home. With this switch to a virtual workforce, companies now had to create an inclusive and collaborative culture all through the lens of a computer camera. A daunting challenge, but one that most organizations were able to successfully navigate around and through.

In essence, the role of operational risk evolved into operational resilience this past year, requiring greater partnership with executive management, boards, technology and control functions to all take a more unified and holistic approach in considering how to best anticipate and plan for future disruptive events like COVID. 

According to’s annual ranking of the top operational risks for 2021, resilience risk ranked third.

Financial regulators have also taken notice. In October, the Federal Reserve (Fed), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) jointly published a paper outlining sound practices to strengthen operational resilience.

With a greater spotlight on operational risk/operational resilience, it was not surprising to see the market for Chief Operational Risk Officers heat up last year. Five of the top 10 US Bank organizations had either parted ways with or added a new Operational Risk leader.

As of mid-March, two of the top 10 US Banks are currently in the market for a new Operational Risk leader.

Now as plans begin to take shape for a return to the office later this year, many organizations are at an inflection point with their decision to either move staff back to the office, institute a hybrid work model, or remain fully virtual going forward.

With whatever decision is made, a new risk is emerging: The longer-term impact on an organization’s corporate culture.

Organizations must come to terms with what kind of workforce they want to have post-COVID. They need to understand the people risks, the strategic risks, and the reputational risks that will come from whatever strategy they take. The big question will be: Do they have the appetite?

A recent PwC Survey brought into focus employee satisfaction with the work-from-home experience. An overwhelming majority of employees in financial services (86%) said they support the idea of working from home at least one day a week, with a whopping 35% wanting remote work as a full-time option.

So what are organizations doing to tackle this challenge?

State Street has launched an initiative called “The Workplace of the Future” to address the concerns around a return to the office. The firm is in mid-construction of a new, state-of-the-art global headquarters in Boston and is using COVID as an opportunity to rethink and redesign the floorplan with an understanding that most employees are not going to be in the office five days a week. 

Deutsche Bank is weighing a new policy that will allow most employees to work from home two days a week, and Synchrony Financial is planning to allow all of its U.S. employees to work from home permanently. 

“Our site footprint changes will drive significant cost savings which, combined with all of our efforts to manage cost, are aimed at preserving as many Synchrony jobs as we can and reducing the size of any layoffs,” Synchrony CEO Margaret Keane and President Brian Doubles said in a Sept. 8 2020 memo.

This employee-focused messaging from the top of the organization will have a direct impact on future hiring initiatives. Companies whose operational systems are not fully capable of supporting their chosen strategy will struggle to attract and retain top talent. Whichever location strategy companies decide on, there will surely be new risks to address.

Companies who are planning to go back to the office “full-time” will need to have lots of space, enhanced cleaning, PPE available, and a willingness to live with the talent that lives (or is willing to move) to the city or cities it operates in. But an on-site workforce may give way to hierarchy concerns and create an imbalance between those who have access to resources, training/development and face-time with management versus remote employees. Manager bias or outright discrimination against remote workers is a very real concern, and can significantly impact the employee experience (engagement, career advancement, development opportunities, etc.).

On the other hand, the decision to go fully remote must have great tools to support culture building in such an environment and have HR policies that enable them to compete for talent in a truly global market for talent. Companies must provide the appropriate framework and resources to equip managers and employees to perform effectively regardless of their work location. While concerns about productivity have generally been defused, companies must consider the social impact of their virtual workforce and the mental health risks associated with employees, especially single workers. Another new concern firms need to pay attention to is the sustainability of video conferencing. Zoom fatigue is a real issue for some, and should also be addressed.  

“We are going to have to think about talent differently. We are going to have recruit differently and decide how you pay people … It is really forcing us to think differently,” said a Chief Operational Risk Officer at a >$250B bank organization.


“There is a dawning recognition that when this ends, we are not going to go back. There’s going to be change.”  

*Thank you to Irfan Khan & Mark Weintraub of Dextrus Advisory for their collaboration and contribution to this Perspective//.


Share This Post

Christopher Kelly

Christopher Kelly

Chris is a Director at Second Line Advisors. Previously, he served as a Senior Associate with Sheffield Haworth, assisting in the identification and placement of executives within the risk, compliance, legal, technology and finance functions. Prior to his executive search career, Chris was a journalist with Thomson Reuters for 12 years, where he covered the daily commodity futures trading, with a particular focus on the precious and industrial metals markets. His career in finance began in 1998, working in the middle office clearing function of Liberty Brokerage.

Subscribe To Our Newsletter

Receive Our latest Risk and Compliance Updates

More To Explore


Update: Today’s Chief Risk Officers in Banking and FinTech

Second Line Advisors conducted a 2021 update of research and analysis on today’s Chief Risk Officers from the top US bank holding companies (>$50B in total assets) and the top publicly-traded FinTechs to identify trends on talent and profile.

Compliance and Risk Specialists

Update: Today’s Chief Compliance Officers in Banking and FinTech

At year-end 2021, Second Line Advisors conducted research and analysis on today’s Chief Compliance Officer (CCO) from the top US bank holding companies (>$50B in assets) as well as the top public and private FinTechs to identify and assess trends on talent and profile.

Skip to content