Using operational and enterprise risk management as value added exercises

Using operational and enterprise risk management as value added exercises

Hafsteinn can you please give the Center for Financial Professionals’ audience an overview of your individual background and professional experience?

My first degree was a Bachelor degree in Industrial Engineering and my professional career started as a quality inspector in construction. With banking booming, particularly in Iceland, my interest turned to finance and I completed my Masters in International Economics and Finance at Newcastle University Business School in the UK.

My first role in banking was in September 2008 within a newly formed Operational Risk team at an Icelandic Bank named Glitnir. My experience in quality control as well as my finance education made me a good candidate for a newly formed Operational Risk team. Glitnir was nationalized 29 days later. The Operational risk team for different reasons shrank significantly and gave me the unique opportunity to build out an Operational Risk framework at the newly formed Islandsbanki.

At Islandsbanki, I participated in numerous activities in a bank re-established from the domestic remains of Glitnir with a very strong emphasis on risk management, completed the FRM designation and put my focus on the value add of Operational Risk programs and my developing expertise.

In 2014, I relocated to the US and got a position at CIT in Enterprise Operational Risk where I have managed numerous parts of the Operational Risk framework (e.g. Loss Reporting, RCSA’s, CCAR, Capital Model) and assisted in the build out of risk activities.

At the 2nd Annual New Generation Operational Risk Congress (October 25-26), you discussed using Op Risk and ERM collectively, why do you think this is a key discussion point for these teams to be aligned?

Operational Risk is an integral part of ERM and the various risk functions at financial institutions have a direct and indirect relationship with Operational Risk. The two will look to merge rather than grow apart, especially from the view of the first line of defence. Operational Risk has to open up our framework to be inclusive of other risk functions, and identify opportunities for them to operate using the methodologies of Operational Risk.

How can institutions align the two and view Op Risk from a more holistic ERM approach to further risk management and identification processes?

With the amount of regulations and the separation of the 3 lines of defence, the need for a more holistic approach should be our goal. The tools and the expertise that Operational Risk carries can be instrumental in that process. Standardised risk identification using a single risk taxonomy, reporting, assessment standards, relationships with both front line and operations units are all examples of what Operational Risk can offer.

A key discussion point among many risk managers is ensuring value added and not just a compliance exercise, how can organizations benefit from taking a more holistic approach?

Ensuring that there is added value should be a part of the design of a framework. By making sure that the exercises, results and the methods are understood by the business, the results can carry on into how they conduct their business and providing a value add. Operational Risk is traditionally owned by the business and the framework is focused on the business participation. If a more holistic view of ERM ensures that the business gets a similar understanding of many risk notes then it will enjoy the value added.

Finally, how do you see the role of the operational risk manager evolving over the next 12 months in terms of focus?

Operational Risk Managers need to invite themselves to the ERM table. Ask the numerous risk functions (e.g. vendor risk, cyber risk, information risk, BCP and resolution planning), if there are things that we can/should be doing together to give the 1st line a more holistic service. We will have to share, partner or even give them keys to the standards, libraries and processes traditionally used by Operational Risk.

Disclaimer: The views in this article are those of the speaker, Hafsteinn Gislason, and do not necessarily represent the views or positions of CIT Group Inc. or CIT Bank, N.A.