By George Clark, Elena Pykhova and Denis Lyons -Senior OpRisk Professionals from the Institute of Operational Risk.
George, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?
George has over 40 years experience in the financial services sector ultimately leading both business and risk functions at a senior level in a large international bank. Since 2007, George has worked as an independent consultant, leveraging his experience in operational risk and compliance. He has worked with some of the industry’s leading financial services firms, gaining international experience in Africa, Australia, New Zealand and the Netherlands.
George is the current Chair of Council of the Institute of Operational Risk and was one of the founding members in 2004. George has also held the IOR positions of Co Secretary and Chair of the Executive Management Committee.
Aside from leading the Institute the current professional focus would be on developing research in Operational Risk and on what the future holds for the discipline and the
people who work in it.
Elena, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?
I feel passionate about the discipline. Over the years, I had global, regional and Business-specific Operational Risk Head roles at various international firms, and now run my own company. Operational risk is very dynamic and it’s exciting to be part of it. I lead discussion and working groups and oversee papers on ‘good practices’ in my work as chair of Operational Risk Committee at the Association of Foreign Banks. At the Institute of Operational Risk I look after the IOR’s Educational portfolio, exciting times as we have just launched a new professional qualification.
Denis, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?
I am an operational risk specialist, having “converted” to Operational Risk from Credit Risk in 2002. I have worked in many banks and other financial institutions, as well as a number of years at the FSA. I am now a self-employed consultant currently working with a US consultancy in a major European bank. Previous missions have been an interim & project role at a wealth manager, where I redesigned the risk framework and restructured the risk organization, and a project role at a futures and options clearing house to support their RCSA efforts.
What does the future look like for operational risk professionals?
The future is still there to be created for those who wish to make their contribution. Now that Basel III has changed some of the debates on measurement and capital there is the potential for a different perspectives and focus.
In recent years there has been a tendency for the operational risk practioner to become technical experts with degree of being siloed. It will always be a requirement that we understand the toolset and framework; what influences implementation and use, conformance, governance. However rather than a holistic view across operational risks the tendency towards the silos of individual risk categories of information security, fraud, resilience has crept in. That technical expert approach may continue to be a feature as we look at FinTech, Cyber, Cloud but it shouldn’t be our purpose.
I would argue strongly that, more than ever, the future for operational risk practioners, depends on a wider skill set beyond the technical practice. There needs to be an understanding of the supporting theory and drivers for how people/organisations make decisions and take risk. The practioner of the future needs to certainly understand the technicalities but also has to understand how to exert influence. As part of that they should understand how theories related to social psychology, organisational change theory, strategic leadership can be applied to risk.
Surely that’s a more interesting and challenging future than just being an expert on RCSA and Loss Event capture (with apologies to those who are)?
In my opinion, there is still a tremendous need for training and education. As basic as the definition – Operational Risk, NOT Operations risk. Let’s not assume the Business (i.e. Divisions, Departments, etc) by now fully understand what Operational risk is. So the future needs to include a significant investment into continuous engaging and informative educational campaigns.
Increased automation in the business poses different risks, especially data, IT security. The biggest challenge going forward is for the Operational Risk Manager to have a handle on all these specialisations. I am also seeing a widening of scope – some larger institutions are using people with Operational Risk skill sets based in the first line to help the business take ownership of their risks. Then there are proposed changes in the way Operational Risk Capital is to be calculated…. That is a complete subject on its own!