Half of financial institutions with less than $250bn (£196bn) in assets are failing to use operational risk management (ORM) to inform their business strategies, a survey by KPMG has found.
This means there has been no progress in aligning business models with ORM since 2014, with many firms potentially missing out on improved performance and strategic change.
However, the worldwide survey of 85 leading financial institutions found that 90% of larger organisations with at least $250bn in assets are more advanced and taking full advantage of ORM.
"Aligning ORM with business strategy enables financial institutions to identify, assess and mitigate risks, while adding business value," said KPMG principal, Phillip Bray.
"We've observed that, for many institutions, the first priority is to resolve regulatory issues and then take a broader look at how ORM is integrated into strategy."
The research also found that only around a quarter of financial institutions are dedicating a portion of their annual budgets to digital transformation such as automation.
A whopping 92% of the respondents agreed that operational risk aggregation is the most important area of concern for regulators, followed by operational risk appetite, cited by 88%.
Information and cyber security, risk control self assessment, operational risk monitoring, and vendor risk management complete the top six concerns for regulators.
The findings also show that 27% and 21% of larger and smaller firms respectively have dashboards to report risk exposures and their impacts on business performance.
Edward J. DeMarco, Jr, chief administrative officer at The Risk Management Association, which co-produced the research, said it was now time for firms to prioritise ORM.
"Institutions that cannot evolve their ORM from a check-the-box approach to one that informs the organisation as a whole are not realising the full value of their operational risk spend," he said.
"They are also missing opportunities that could be transformational to their businesses."