By Thomas Tobin, Director, Operational Risk, Mizuho
Thomas, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?
I’ve been in the Financial Industry my entire working career. I spent my early years in controllers groups and in middle office roles. One of desk’s I covered created and traded instruments related to Longevity Products. These were highly complex, structured products. Since participants in these products were limited, the availability of pricing models, benchmarks and flow diagrams were not available.
I found a good amount of my time was spent describing the processes and components of these Longevity products with the various risk departments and a natural progression from documenting process flows and identifying risks into Operational Risk as a whole materialized. I’ve worked at several firms helping to build the framework for Operational Risk. At Mizuho, my main concentration is on the core components: Risk Reporting, Risk Events, Issues Management and leading the RCSA process for the US Operations.
What, for you, are the benefits of attending a conference like the ‘Operational Risk Management USA Congress’? What can attendees expect to learn from your session?
I see the benefits as twofold: 1. Updates on some of the latest information on a variety of Risk subjects. 2. Connections. Operational Risk Management is a relatively small subset of people across industries. The Operational Risk Management USA Congress’ allow me to get together with peers across the industries. Some of the brightest minds in the field are at these conferences and this is a terrific opportunity to discuss and ask questions what others are doing with their frameworks; Issues they might be having; The make-up of their taxonomies and libraries; What systems and tools they leverage; etc. Bring plenty of business cards to exchange with others.
My hope is that the attendees of my session will be able to gain some insight as to where I see more focus from regulators, what’s worked for me and also what I might have done differently. Hopefully, this will help them shape the direction they may want to go in doing RCSAs at their firms.
Can you provide an overview of what’s new in RCSA?
The biggest difference over the last few years has been the role that systems are playing in compiling and leveraging a robust collection of data from a wide variety of sources to create the most accurate way to identify risks and subsequently using a risk based approach to target resources to those risks which are the most ‘risky’. Having all of these data sources at your disposal allows for elimination of duplicative assessments, provides more insight as to effective review and challenge, and provides a repository for libraries, controls, risks, related assessments and a myriad of ways to sort the results.
How do you see the risk landscape evolving over the next 6-12 months?
The current administration has indicated there will be a reduction of regulations. The challenge for Risk managers will be in understanding how these changes might impact their regulatory requirements. At the same time, there is an ever increasing and evolving cyber threats.