Systemic operational risk: A review of case studies, regulation and requirements

Systemic operational risk: A review of case studies, regulation and requirements

Linda, can you please tell the Risk Insights’ audience about yourself and your professional experiences?
I am currently Head of Governance in the Operational Risk Integration and ERM team at Standard Bank. My role includes writing OR policies and related governance documents, oversight on OR Analytics, developing and conducting OR training as well as engaging external stakeholders on OR related matters.
I have previously worked at Standard Chartered Bank over a period of six and a half years in various roles including Card Business, Market risk and OR Assurance.
We thoroughly appreciated you joining us at the New Generation Operational Risk: Americas Congress where you discussed systemic risk. What are the causes of systemic risk and how may they be tackled?
In his book Systemic Operational Risk: Theory, Case Studies and Regulation, (McConnel, 2015) defines Systemic Operational Risk as operational risks that are not related to one firm only, but arise simultaneously across the financial system. Research reveals three frequently used concepts of what Systemic Operational Risk means. One of these concepts refers to a “big” shock or macro-shock that produces nearly simultaneous, large, adverse effects on most or all of the domestic economy or system. In this context, “systemic” refers to an event having effects on the entire banking, financial, or economic system, rather than just one or a few institutions.
There are various causes such as:
  • Interbank Linkages – Chain reaction failures flowing through interconnected institutions.
  • Dependence of international, national and economic systems on the financial sector.
  • Common shock or reassessment failure – i.e. failure or near failure of one or several institutions from losses originating elsewhere and the reassessment by investors, creditors, and shareholders of other institutions.
  • Scarcity of data to capture international dimensions of systematic operational risk.
  • Different organizational structures
  • Central banks and supervisory agencies differences.
Systematic operational risk can be minimized by doing the following:
1. Having back-up redundancies in systems. These may include existence of multiple exchange platforms – manual and electronic – if one fails others will be available.
2. Foster transparency which allows financial institutions to punish each other. Counterparty risks should be disclosed to ensure that other financial institutions know who they are going into business with and if it is viable to do so.
3. Special oversight over the larger financial institutions that are more interconnected.
4. Impose fines or other punitive measures to activities and behavior that poses risk to the system no matter how minor it is.
5. With respect to chain-reaction or direct-causation failures flowing through interconnected institutions, there are two lines of attack.
a. Supervisors can reduce the amount of loss in the initial failure by prompt closure rules.
b. Banks also have many ways, such as careful monitoring and exposure
ceilings, to protect themselves against defaults by their counterparties.
Why is it a high priority to review the regulation and requirements of systemic operational risks?
 Regulation needs to view banks as part of a system. A lot of control is imposed on banks compared to other institutions. However, weaknesses in other institutions and industries have a direct impact on banks from a lender and financier perspective.
For chain reaction failures flowing through interconnected institutions it is important that regulation not undermine banks’ incentives to manage and monitor direct causation.
 You discussed case studies and past experiences in your presentation, how can we learn from these to better overcome further risks?
1. Forex rate manipulation and libor scandal – these 2 cases involved manipulation of forex and interest rates by banks over many years. This subsequently led to huge investigations and fines to the banks involved. Some of the lessons learnt are as follows:
  • Secure and confidential instant messaging platforms per organization should have been used to drive the market based benchmarks.
  • Both big and small (less market dominant) market players must be given an opportunity to contribute by providing data.
  • The need for strong regulation and monitoring to prevent collusion is necessary, no room for complacency.
  • Initial hints showing manipulation should have been investigated sooner.

2. The 2008 Credit Crisis was a result of banks creating too much money through loans which in turn raised demand for homes causing home prices to go up and eventually homeowners could not pay their loans the banks were at risk of going bankrupt. This further caused a drop in house prices meaning those with loans were overpaying compared to current prices. Those who had borrowed for speculation purposes could no longer pay and had to dispose at lower prices if they were not already repossessed – the bubble burst. In response, the banks limited their lending which caused the economy to spiral down hence the recession. A few lessons learnt are:

  • There is no bank that is too big to fail.
  • Sometimes it is necessary to allow banks to fail as a disciplinary measure. Rescuing banks is a cost to the public (just as failure is).
  • Some regulation is necessary, but not to the extent that banks fail to be free to trade.
  • Have a well-defined contingency plan for a crisis as a bank and broader as an economy.
  • New regulation comes at a cost – higher capital requirements, implementation of new regulatory requirements, cost of formulating the regulations for supervisory bodies, movement of business to shadow banking which becomes more attractive when formal channels are more regulated.
  • Transparency must increase – relating to resiliency plans and soundness as well as products and services offered by financial institutions.

Read more on case studies here

How do you see the role of the operational risk manager changing over the next 6-12 months?
The operational risk manager needs to think beyond their bank / organization. Operational risk in one institution can have ripple effects that spread to other institutions as well as nationally and globally. An understanding of the global village as one system where the parts affect the whole is crucial. In addition, the operational risk manager needs to understand the other risk types as their failures quickly become operational risk.