By Sean Titley, Former Head of Operational Risk, Europe & Asia Pacific, Toronto Dominion Bank.
Sean, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?
I’ve been in risk management for well over 20 years. I started out in retail banking for NatWest and progressed via time in a corporate lending office to analysing credit risk and approving trading requests, sitting in a small cubby hole on the trading floor of NatWest Markets. My time there took in the Barings crisis and I handled the lessons learned exercise, which in retrospect was my first brush with Operational Risk!
A year later, I moved to TD to help set up a financial institutions credit team and was at the centre of the rapid growth of structured trading and credit derivatives. Thankfully, TD pulled out of structured trading well before the financial crisis and emerged as one of the world’s strongest banks, but during that time, I was involved in setting up systems, policies and procedures as well as dealing with a number of high profile corporate collapses, including Enron, WorldCom and Parmalat – again, Operational Risk!
After two years in Trading Business Management, which included my team putting together reporting on front office controls for the desk heads (Operational Risk!), I finally moved into a full-blown Op Risk role, building a team and setting up a framework. We started in London and rolled it out across Europe and Asia Pacific at the time when the key Operational Risk tools were in their infancy at TD. Thankfully, the PRA was happy with what I achieved, as was the FCA a couple of years later when I pioneered a Conduct Risk framework.
I couldn’t have achieved all of this without a keeping up with the rapid developments of the discipline externally via the Association of Foreign Banks and the Institute of Operational Risk. I’m now the Deputy Chair of the AFB’s Op Risk Committee. We have guest speakers on a monthly basis, with a roundtable discussion involving 30 or more banks as well as writing papers and holding events. I recently left TD and am currently working for the IOR in a voluntary basis as Head of Business Development, helping promote the Certificate in Operational Risk Management, which I believe will become a required qualification across the industry globally. Training and education has always been important to me and this is an important step forward in improving and harmonising the formal education of risk professionals and others interested in the discipline.
At the New Generation Operational Risk Europe Summit, you will be taking part in a panel discussion on finding forward looking indicators. Why is this a key talking point in the industry right now and how can professionals use these indicators to understand and mitigate threats?
I’ll give you an illustration. I recently spent several months working with the senior executive team of TD’s wholesale bank putting together a suite of key risk indicators. We had a series of workshops and one of the key ‘asks’ the execs had was that the new dashboard should ‘tell a story’. They want forward looking indicators that highlight increasing risk at a glance. That way, they can go back to their teams and take action before an event happens and money is lost. However, that is not an easy task. Most indicators are a snapshot of a point in time and there is no ‘off the shelf’ list available externally.
My job in the second line of Operational Risk was to work with the business to find indicators applicable to them, to challenge their efficacy and to encourage them to use them to understand the risk inherent in their operations. I was impressed by the enthusiasm of the high-powered group I worked with, who were keen to spend a considerable amount of their valuable time and energy looking for solutions.
What are the key things to consider when sourcing predictive data?
It’s great to look for the ideal situation and when you hold a workshop, ideas come thick and fast. However, most banks have system limitations and IT resources are stretched which makes putting in place new reporting a slow process. I would ‘park’ suggestions that will take time to achieve and concentrate initially on the vast amount of data that is already there. Often indicators can be combined and those originally designed to monitor performance of people and controls can be used to monitor risk. If volumes increase rapidly and processes remain manual for example, mistakes are likely to happen. If performance or control indicators show that failures are increasing, they can be used as predictive key risk indicators.
How can financial institutions best manage turning backward looking indicators into forward looking indicators and what are the key considerations?
It is an ongoing process of collaboration between the business areas and Operational Risk. As mentioned previously, trending is a very effective way of showing increasing risk and therefore predicting imminent problems. Another tool that can help is quality assurance, including testing controls. If a lot of controls are fail testing, that indicates a problem. That could be even more powerful if it is isolated to a particular area, pinpointing where actions should be concentrated. Combining factors is powerful. If you can find a way to pick out the controls that would be disastrous if they failed at the same time and combine the relevant indicators, you have an effective means of predicting increasing risk.
What, in your opinion does the future hold for operational risk professionals, and how can they keep up with the increasing change?
That is a very broad question! One thing is for certain, Operational Risk is not going away. If you look at global surveys of top risks, many if not most are operational in nature and you cannot rest on your laurels. Keeping up with change is something that concerns everybody. If I look at the pace of change in my life time and compare it to that of my teenage son and daughter, it is clear that it is accelerating ever faster. They have grown up with the internet, social media and globalisation, so change is second nature to them. For people in my field, it is essential to keep up with developments, which is why we need conferences like New Generation Operational Risk Europe Summit to bring speakers from a wide range of backgrounds together as well as organisations such as the AFB and the IOR. It’s important to give people time and space outside of their hectic schedules to think.
The challenge for those of us working in Op Risk is to keep learning, keep current and keep getting the message across that this a key risk for everybody, capable of bringing down institutions and even threatening governments in the case of cyber attacks and the manipulation of social media.
I think Operational Risk will continue to be a growing and developing discipline, bringing together a group of specialisations, such as IT expertise to mitigate cyber risk, using Op Risk tools like risk and control self assessments. I also see us working more closely with other ‘non-financial’ risk like Compliance and harmonising our methodologies and tools going forward, particularly in areas such as Conduct Risk, which is, after all, a sub-set of Operational Risk. Some banks have combined such areas and there are many overlaps and areas of synergy.