A new generation of operational risk

A new generation of operational risk

Operational risk, although often pegged as in its infancy, is firmly establishing itself as a critical risk discipline and escalating its remit to match those of more ‘traditional’ credit and market risks. The role of the operational risk manager is an evolving discipline in a constant state of change due to increased understanding and regulatory scrutiny. Operational risk managers are now looking towards establishing themselves further as an integral department with mature and robust practices. This is not a surprising shift given operational risk failures often being pegged as one of the root causes behind the global financial markets crash, as a result of a chain of operational failures that slipped through the cracks without solid management and accountability. The road ahead remains uncertain with regulators continually tightening practices and demanding more resiliency and risk mitigation, operational risk continues to jump these hoops and emerge as the success story of the crisis.

The regulatory landscape across the industry and around the globe looks uncertain, with economic and political influences making predictability more and more uncertain. 2016 saw a turbulent political agenda with the UK vote for a ‘Brexit’, President Trump’s election in the United States, and yet more elections set to take place across Europe, 2017 remains a very unpredictable year. Many financial institutions and regulators are bracing themselves for the next few years as negotiations towards Brexit begin, many are considering the impact this may have on local and global markets. With this in mind, the show must go on; risk managers and regulators continue to push forward with their agendas with regulators coming down strongly on operational risk to further push its development. The main focus moving forward is an understanding of what the regulators expect from an operational risk department or manager, taking a step back from the individual expectations and reviewing how the pieces fit together for a broader overview. Many of the regulatory changes coming into effect are adopted in a siloed effect with specific teams, many are now looking to try and incorporate a more strategic overview to avoid duplications of efforts and ensure regulatory compliance.

Along the same vein comes a new trend to the industry of moving towards a more enterprise risk management structure as is demonstrated in the US with heavy regulatory drives. The ERM framework looks to deliver a big picture view and remove the tunnel vision that is often seen in departments across the industry. This allows for far greater efficiency from a resource and management perspective, seeing the institution as an enterprise rather than managing individual risk disciplines with no interaction and communication. This approach provides an ‘umbrella’ to bring all the siloes together, this allows for a centralised reporting structure and risk taxonomy. Bringing together departments that would otherwise not interact with one another and work independently, to provide an overview. This trend is a huge undertaking for institutions, within this falls the question of incorporating operational risk, bringing together departments to align reporting of the ‘enterprise’ including financial crime teams, regulatory risk and compliance within one umbrella.

The final topic highlighted in this piece is the industry ‘buzz word’ of cyber security, including resiliency and technology. In an environment when the only certainty is technological developments, institutions are in a constant battle for competitive advantage with the latest in technology available to customers and demonstrating the newest security measures. As a result, this opens many more avenues for potential hackers to penetrate firewalls, this is seeing technology advances halted in favour of security. The constant battle to fend off hackers puts the odds much higher in hackers favours with only one successful attempt needed, compared to millions of attempts that FIs must block. Financial institutions must work towards understanding cyber security across the board including where their weaknesses lie, whether it be internally, with vendors or third parties, or simply staff education on malware and phishing campaigns.

Operational risk professionals are moving towards a new generation of operational risk management, with more mature processes and frameworks introduced across the industry, many are focusing now on emerging risks that continually threaten the soundness of the institution. Financial institutions are continually battling to ensure customer satisfaction and prioritising security and soundness over competitive advantage. The reputational fallout of many operational risks, including heavily publicised and criticised cyber-attacks and data breaches, the pressure is mounting to withstand attacks and mitigate the risk of reputational repercussions. In a world of constant development and innovation, this task has never been more trying, with emerging Fintech’s causing competitive disruptions and offering security that many institutions cannot offer.

All of the topics above and much more will be addressed at this year’s operational risk management conference, New Generation Operational Risk: Europe 2017. Across two days the event looks to bring together operational risk professionals to review the discipline as a whole. Key topics include Cyber risk, KRIs, policy and framework, ERM, vendor risk, business continuity and much more.
Visit www.cefpro.com/oprisk for all information.