Operational Risk Management in Financial Institutions
The goal of this two-day workshop is to build an understanding of the importance of operational risk management within the Banking and Finance industry.
Key Learning Outcomes:
- Identify the sources of operational risk and how these arise within the context of financial institutions main business activities.
- Understand the governance structures, systems, procedures and cultural aspects necessary for an organisation to successfully manage operational risk.
- Build a knowledge of the main techniques for the measurement and quantification of operational risk and their relative merits and drawbacks.
- Appreciate the approaches available to a bank under Basel III for the calculation of regulatory capital for operational risk and the supervisory requirements for each approach.
The aim of this section is to understand the nature of operational risk, identify typical occurrences of operational risk within a bank’s business model, and to consider external perspectives on the importance of operational risk management in rating and banking supervision.
Importance of Operational Risk as part of the firms risk inventory
Understanding the nature of operational risk: “Dimes and disasters”
Current industry drivers of increasing operational risk in financial institutions; complexity, innovation, technology, transaction velocity and litigation
Motivations to manage operational risk: financial loss, legal and regulatory requirements, reputational risks, capital management and planning
Management perspectives/requirements; understanding the risk, information systems, quantification, mitigation and hedging decisions, cultural and behavioural aspects
Identifying categories of operational risk in financial institutions:
- Core operational capacity
- People risks
- Client relationships & Fiduciary risks
- Transactional systems
- Safe custody
- Reconciliation and reporting
- Legal risk
- Change and new activities
- Expense volatility
External perspectives on operational risks:
- Incorporation of operational risk criteria in rating agency methodologies
- Regulatory and industry perspectives on the importance of operational risk control
- Exercise: identifying sources of operational risk across business lines in a major financial institution
The ‘Next’ Operational Risk: Cybercrime
Cybercrime has evolved as the markets evolve and we continue embrace new technologies. Yet do we truly understand this new risk? Is our lack of knowledge a reason why so many risk professionals globally now speak in hushed voices about it being when - not if - cybercrime will bring down a financial institution?
As cybercrime is often classed as an operational risk we will cover the basics of the topic in the context of operational risk. Looking at some of the relevant cases (scams and scandals) that have forced regulators and financial organizations to adapt accordingly.
- What is cybercrime?
- Exploring cybercrime in numbers
- Detailing the sources of cybercrime within financial institutions
- Identifying the consequences of cybercrime
- People: Line of Defence or Weakest Link?
- Exercise: what can we do to protect ourselves and our employers?
Operational Risk Governance
The objective of risk management is to add maximum sustainable value to the activities of an organisation. It therefore needs to be a continuous and developing process that operates in conjunction with the development and implementation of the organisation’s strategy and whose aim is to increase the probability of achieving the overall objectives of the organisation and reduce the probability of failure.
To achieve this, operational risk management must be integrated into the organisation and led by the most senior management. This section of the course will therefore look at the key role of the board in setting an organisation’s operational risk policy and the key characteristics of how it is implemented.
- Risk management process – Operational risk as an integral part of the enterprise risk management framework
- Roles and responsibilities - of the board, senior management and support functions.
- Evaluating corporate governance standards
- 3 lines of defence – an explanation of the traditional three lines of defence and the allocation of risk responsibilities.
- Exercise: Corporate Governance
- Operational risk framework – how the components of operational risk management fit within strategy and risk policy.
- Operational risk cycle – the components of the risk cycle: identification; assessment and measurement; mitigation and management; monitoring and reporting.
- The role of culture in the organization-wide management of operational risk:
- Why culture forms such an important aspect of operational risk management
- Characteristics of poor vs. effective operational risk cultures
- Fostering an effective risk management culture
- Case study: Cultural aspects to operational risk
Management of Operational Risk
The objective of this section is to consider the main techniques used to identify and to manage operational risks, within a financial institution environment.
Objectives of operational risk management; avoidance of catastrophic losses, promote organisational understanding of operational risk, anticipate risks more effectively, objectively measure performance, change culture and behaviours, streamline products and services and ensure that adequate due diligence is performed in any takeovers or merger
Operational risk policy - the key components of an organization’s operational risk policy
Identifying the organization's operational risks through risk control and self-assessment
- Risk Control and Self-Assessment (RCSA) techniques – advantages and disadvantages
- Cultural aspects to the RCSA
- Defining frequency and impact scales
Assessing the full range of potential impacts of operational risk
Understanding controls and how risk is modified
- Relationship Inherent risk, residual risk, expected risk and targeted risk
- Assessing how controls modify risk
- Exercise: Identifying control functions
- Using the RCSA to identify likely scenarios
- Scenario design techniques and avoiding assumptions/bias
- Use of external data in scenario design
- Exercise: Designing scenarios
Key Risk Indicator (KRI) Analysis
- Types of KRI and relationship to risk levels
- Characteristics of and identifying useful KRI’s
- KRI calibration approaches
Operational risk incident recording
- Objectives of risk incident recording
- Internal data collection, parsing and emerging risks identification
- The importance “Lessons Learned” processes
- Impact of new products, processes, business lines and locations
Improving the organization's operational risk process
- Strategies align operational risk to risk appetite: the ATAC matrix
- Measuring progress and improvement
Bank Regulatory Capital Requirements for Operational Risk
The objective of this section is to compare the current environment for calculating operational risk capital requirements with the new standardized approach model that has been proposed by BIS/BCBS.
The challenges of calculating unexpected vs. expected loss for operational risk
The 'old' fundamental Basel approaches for operational risk capital requirements
- The Basic Indicator Approach
- The Standardised and Alternative Standardised Approach
- The Advanced Management Approach (AMA)
The 'new' standardized measurement approach plus pros and cons
Case study: The real world: What are banks doing for Pillar 3?
How meaningful are today's Basel III Pillar 3 disclosures from financial institutions?