By Cathy Hampson, IOR Fellow, Institute of Operational Risk.
Cathy, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?
My background is varied, from the oil industry as my first role, through manufacturing, the investment banking and commercial banking industries to insurance. Within those industries my roles have also been diverse; risk, accounting, trading, compliance, IT, project management and operations. Post-university, I qualified as an accountant then did my MBA at the London Business School. My current focus is the application of intelligent automation to business problems and I am also working on culture change projects. I think from the above you will deduce that I appreciate variety and embrace change management.
At the New Generation Operational Risk Europe Summit, you will be speaking at the Pre-Event Masterclass. What can attendees expect to learn at this Masterclass and why is it important that they do?
The Masterclass is an ideal opportunity for participants to share any current issues that they are facing and to hear from professionals who have solved such problems. In the case of the three lines of defence model, the participants will be given psychological insights into scenarios in which it can operate well and when it does not, and what causes it to break down. In terms of the SMCR, we will examine accountability and responsibility from a viewpoint of how that is instilled and maintained, how we select the right people and maintain a culture that embeds the principles of the regime.
What are the key things to consider when attempting to build accountability in the firm?
Accountability must be well described, documented and monitored. Some individuals are naturally accountable, and some must be taught, mentored and monitored. Handover points between roles are critical, and those touchpoints are at risk of confusion and ambiguity. A good regime will anticipate and mitigate those risks. There must be clear prescribed responsibilities, statements of those responsibilities, responsibility maps and adequate training to ensure they are fully understood and absorbed in the day to day operations.
Can you explain to our readers how financial institutions can best manage organizing the operational risk function?
In my view, Operational Risk functions must first set out their specific organizational objectives to map against when designing their organizational structure. The function must find the balance of retaining second line independence whilst, simultaneously, working closely with first lines in each area of the company. This balancing requirement means that the Operational Risk function must demonstrate the required level of subject expertise and the personal attributes to provide the level of challenge required. Therefore, the design of the function is important but also the calibre of the function members is paramount.
What, in your opinion does the future hold for operational risk professionals, and how can they keep up with the increasing change?
As an advocate of intelligent automation, I believe that there is more development ahead to marry the Operation Risk function with carefully-designed automation. I will describe more at the Masterclass but the use of intelligent reports that require the current first, second and third-line input will solve some of the human issues currently undermining the three lines of defence. Keeping up with such change means reading around such developments in the industry and, importantly, attending events such as the Masterclass because, at such events, there is much informative conversation that is not yet in print, and therefore as contemporary as it is possible to find.