Brian, can you please tell the Risk Insights’ readers about yourself and your professional experiences?
I began my career as a Chartered Accountant working at EY for 11 years, primarily in the audit department, possibly not the traditional role of someone working in the Non-Financial Risk space. However, since then my career has taken me to the IT industry and senior EMEA roles at Oracle and IBM where I became involved in helping customers address their Governance, Risk and Compliance needs in a sustainable, repeatable manner. Today I am responsible for the go-to-market strategy and direction of OneSumX GRC at Wolters Kluwer.
We look forward to your session at the New Generation Operational Risk: Europe Summit where you will deliver a presentation on the alignment of op risk and compliance teams. Why do you believe this is a key talking point?
It is apparent that the regulators are increasingly requiring the Board and senior management to be able to provide evidence that there is strong governance. The Senior Managers Regime is a prime example. Consider the fines and penalties that have been levied on UK banks in respect of PPI, LIBOR and foreign exchange. The Guardian in April 2016 estimated that UK banks would have suffered a total of £62.bn. Was this a result of compliance risk, accounting failures, operational risk or “all of these”? I could argue for any or for “all of these”. But whichever side you argue, it does show the need for joined up risk management.
How can better alignment of these two departments aide in more efficient management and oversight of op risk?
Compliance means both understanding the “what is required” and the “how are we achieving this”. If I look at the Basel Committee definition – “The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” – then it is clear that there is a need for efficient management of risk across the two departments (and probably other departments) to be fully aligned.
What problems can this create when determining ownership of risk and control frameworks?
Clearly aligning what might appear to be different goals requires leadership from the top. What is important is for all to undertsand how such a sharing of objectives can be of mutal benefit. We have seen customers adopting a “themes” based approach that facilitates this.
How do you see the role of the operational risk professional changing over the next 6-12 months?
I think you only need to look at the topics for the conference to see that operational risk management, and hence operational risk professionals, will be part of an organisation’s move to a more integrated risk management solution.