While Regulators and risk practioners were contemplating measures to avoid the pitfalls in implementation and at the same time deploying scaleable models to correctly estimate risks based on macro- economic factors (CCAR ORM testing, scenario testing, what-if analysis, tail loss etc) certain events/incidents redefined and rewrote the ORM approach, further.
As part of ORM preparedness, Business Continuity and Disaster Recovery plans were seen as components woven from the same cloth, however, the ingenuity of the human mind, both noble as well as nefarious ushered in a new level of technology and ulterior motives – fraud, manipulation and cybercrime coupled with geo political events and natural calamities further muddied the pond’
CCAR and the yet to be announced `Cyber security regulation act are components/exercise being fed into, the now, ubiquitous Operational Risk Management.