By Alice Kelly, Head of Research and Production, CeFPro.
Financial services continue to see rapid acceleration of technological advances and pressures for efficiency, risk managers face unprecedented pressure to stay ahead of the curve and balance risk and innovation. One of the departments leading the efforts to manage risk are the operational risk teams, charged with managing the unquantifiable aspects of modern day banking and extended financial services. While operational risk plays a vitally important role in the system, many are seeing increased resource pressures and the need to demonstrate their value. In a discipline that traditionally cannot be quantified into a single number it is increasingly difficult to demonstrate successes and prove mitigation of operational risks. In an industry that is advancing at a rapid pace, the operational risks are untold as institutions develop machine learning techniques and create vulnerabilities to larger system failures.
The Center for Financial Professionals conducted extensive research with leading industry experts to identify some of the areas behind the efficiency drive, and how institutions are overcoming this. The research produced an overwhelming consensus that the industry is suffering resource constraints included decreased head counts, with regulators not letting up, departments are expected to do a lot more with often a lot less. The results of this research will be highlighted and discussed in depth at the upcoming Annual Operational Risk Management USA Congress, taking place in New York City. Over 200 industry experts will join to discuss challenges, the road ahead and overcoming the hurdles to increase efficiency and leverage technological advances.
One of the first themes identified throughout the research became the thread that ran through most of the topics highlighted to us, this was the increased efficiency drive within operational risk departments, and presumably across the institution. Some of the larger institutions were adopting a new structure to combine or converge operational risk and compliance teams and aligning expertise for one unified and integrated department. As a result of the convergence, ultimately this could result in a reduction in head count which appears to be high on the agenda for many of the industry players. Many concluded that losses came most heavily from legal and compliance and strongly outweighed those incurred from operational risk, combining the two and aligning oversight could help remediate some of the compliance losses and aggregate them under one heading. Aside from direct losses, comes the resources that can be pooled by developing a more empowered and efficient function with operational risk, legal and compliance working in close proximity under one governance structure to ensure alignment. Many reported that they are increasingly seeing compliance concerns dovetailing into Board level operational risk committees, given the grey areas between the two regarding oversight, responsibilities and coverage, actively bringing the two together for one broader committee further provokes the efficiency outputs as intended by institutions. Many of the industry’s leading institutions are adopting this approach and trialling the benefits, the Center for Financial Professionals bring together experts from UBS, Goldman Sachs, Santander and Bank of America to discuss their experiences with both approaches and review all of the above and their impacts.
A second key area again pertaining to the efficiency drive was the alignment of operational risk and all subtypes to increase oversight of the discipline as a whole for a holistic view. Many operational risk subtypes have expanded to a level of importance that they almost warrant their own risk silo, however as they stand under operational risk, it is important to view the discipline as a whole. This provokes a question as to the expertise required under the operational risk heading with areas like technology, cyber, fraud and vendor risk frequently highlighted. Many institutions are a little grey in their allocation of subtypes and where they sit, for those defining under operational risk are creating working groups to consolidate at an operational risk committee level, further demonstrating the importance of both recognising the individual risk but aggregating up and consolidating at a Board level. Producing reports detailing granular exposure to subtypes and ensuring effective reporting and escalation lines are vital to increase visibility of all subtypes. The management and remediation of subtypes further pertains to the above discussion when bringing compliance and legal under the same heading, understanding how this impacts oversight and responsibility and where compliance teams add value under an operational risk umbrella. With increases in advances across the industry in terms of technology and innovation, both from institutions, vendors and outside fraudsters or cyber criminals, it is increasingly paramount to qualify and enhance risk reporting profiles for point in time risk assessments on all subtypes. Operational risk professionals face increased pressure with the above-mentioned headcount reductions and potentially expanded remit with compliance and legal, efficiency is integral to success and demonstration of value added. Join the 4thAnnual Operational Risk Management USA event and hear from TD, BNP Paribas, Capital One, Wells Fargo and Bank of America as to what they are seeing and practical advice to try to overcome some of the industry challenges.
Finally, as has been eluded to throughout this piece, technology plays an important part in today’s risk management practices as a whole, but particularly from an operational risk standpoint. Many are experimenting with the usage of AI and machine learning to support and capture risks for increased oversight and efficiency. Many are looking to adopt technology advances for human capital intensives exercises to limit time and resources spent, many are looking for human validation as opposed to human labour throughout the process. With the use of technology comes many questions around continuous monitoring, validation, oversight and ultimately responsibility. Although more efficient and potentially accurate than humans, machine learning and AI tools require monitoring and validation from humans, so where does the responsibility lie? AI and machine learning have the potential to provide preventative controls, and collect, analyse and use data to improve the operational risk program, its efficiency and accuracy. Many are exploring how to incorporate within their systems, but what does this mean for the department, how far can institutions depend on technology?
Hear from MUFG, JP Morgan, American Express, Capital One and UBS on the uses of technology in operational risk, alignment and collaboration with FinTechs and the risks posed by technology.
In conclusion, Operational Risk departments are battling with effective oversight, risk management and mitigation whilst facing continual pressures to lower headcount and increase efficiency. As a department or risk disciple, operational risk is traditional impossible to quantify, with losses having the potential to spread far beyond the direct fallout and fines.
You may also be interested in…