Risk.Net releases Top 10 Operational Losses of 2018
Risk.Net’s analysis of the largest publicly reported operational losses suffered by financial institutions in 2018 reveal some interesting patterns, including:
- The three largest losses were the result of internal theft and fraud
- Anti-money laundering and sanctions violations fines almost doubled year on year, leaping from USD1.9bn in 2017 to USD3.7bn in 2018
- There was a 40% increase in reported technology and infrastructure failure events
- Five of the largest 10 losses took place in the USA – though the top three took place in China, Ukraine and India respectively
- The Asia-Pacific region accounted for the largest amount of losses (circa GBP16bn), followed by North America (circa USD9bn), Eastern Europe (circa USD7bn) and Western Europe (circa USD2.5bn).
The Pensions Regulator makes its first successful prosecution
Last month saw the first successful prosecution in the United Kingdom by The Pensions Regulator (‘TPR’). An accountant and pension trustee admitted to stealing over GBP280,000 from a pension scheme and plead guilty to five counts of fraud and two counts of making employer-related investments at Preston Crown Court. This appears to be a significant development for pension trustees and schemes, as TPR starts to exercise new powers available to it. Insurance can play a significant role in protecting schemes in such circumstances; Pensions Trustee Liability (‘PTL’) insurance includes cover for the theft of plan assets (where a Theft Extension is added to the policy) and Crime insurance purchased by the employer company usually includes coverage in this respect. In addition, PTL insurance can provide an important line of defence for trustees, where they are prosecuted by TPR and ultimately acquitted.
Cyber attacks on financial services sector in the UK rise fivefold in 2018
The Financial Conduct Authority has recently revealed that UK financial services companies reported 145 breaches last year, up from 25 in 2017. Investment banks reported the highest number of incidents, with 34 reported, up from just three the previous year, and retail banks saw the sharpest rise in percentage terms, from 1% to 25%. We understand that the increase can partly be explained by the introduction of the GDPR last May, which requires companies to identify and report cyber attacks within 72 hours or face penalties. Nevertheless a fivefold rise in reported breaches appears to be significant. Of course insurance can assist in the event of attacks, with Cyber insurance providing multiple areas of coverage and Professional Indemnity and Crime insurance also able to respond to certain aspects of attacks.