23 November 2015
Operational Risk is an area facing increasingly high scrutiny from regulators after the poor management of operational risk functions were attributed as a main factor towards the 2007/8 crash of global markets. With this in mind, the Center for Financial Professionals undertook an extensive research report to understand first hand the areas of focus from practitioners and regulators on the horizon as we move towards 2016 and the areas of change that will bring.
The findings of the research will be reflected throughout two days on March 15-16, 2016 at New Generation Operational Risk (http://www.cfp-events.com/oprisk).
As with most aspects of risk management the regulatory landscape and in particular the increasing regulatory changes was top of the agenda for discussion, with pressure mounting from regulators for better measurement, management and identification of operational risks, the changes coming into effect are crucial to moving businesses forward. One area coming into effect in early 2016 is the senior managers regime, and although many understand what this means in theory, what will the effect be on practice once the rules are fully implemented? The regulation looks to address accountability of operational risks by ensuring senior managers attestation as to the reliability, granularity and relevance of data reported, and accountability on their part should this be proved otherwise by regulators. The rules look to improve management of operational risk by attributing accountability to individuals in power to ensure necessary steps are taken throughout the reporting process, and that final documents are accurate and relevant. With the rate of regulatory changes and diminishing timelines for implementation, are operational risk professionals becoming a compliance team, rather than risk managers? How can they best balance better measurement and management of risks whilst ensuring regulatory compliance and driving the business forward?
Another area high on the agenda for operational risk professionals is the more traditional area of key risk indicators (KRIs). KRIs are continually becoming a priority for risk managers to ensure sufficient frameworks are in place for both leading and lagging indicators. Organizations need the structure to calculate both leading KRIs that are predictive in nature to forecast future occurrences, but also lagging to call upon historical occurrences to identify trends. With the purpose of KRIs being to give an early indication of adverse conditions, institutions are finding regulatory scrutiny around how accurate and forward looking their KRIs really are, and whether they are; measurable, predictable, comparable and informational. Having an effective KRI process proved particularly crucial for AMA banks, who only qualify as AMA to calculate operational risk capital if they can justify factors as a meaningful driver of risk that, where possible, can be used as quantitative measures for verification. The challenges surrounding KRIs are seen throughout the financial industry in ensuring that they are predictive in nature using both leading and lagging indicators, gaining buy in from business units and justifying potentially higher capital requirements from results.
An area that fits well within the ‘New Generation’ category of Operational Risks is the challenges surrounding IT and Cyber crime/ fraud, and understanding the potential threat to the organization and how best to prepare to mitigate these threats. In a world where institutions are continually competing to deliver the most up to date and cutting edge technology and payment processes, are businesses up keeping their security processes as quickly as their technology offerings? Risk managers are having to develop frameworks to identify cyber and IT risks when they have no historical data to use, these are new risks that are having to be captured. The cyber world and technological space are ever evolving in terms of technology advances but also the sophistication of cyber attacks, how can businesses stay in front of cyber criminals? Many institutions are discussing utilizing the skills of hackers to test their internal safeguards and firewalls by brining them in to try and hack systems to identify gaps in their protection, however is this just asking to be hacked? Giving hackers the resources and permission to hack into systems is a dangerous game, one of which will most likely not be played.
Of course within the cyber/IT heading, the risks associated with the potential of data breaches is increasingly apparent. With recent cases making global headlines including Sony and Ashley Madison, the reputational fallback of a breach in systems resulting in customer data being shared is unquantifiable, preparing and safeguarding against a data breach is proving continually difficult as hackers ability escalate beyond comprehension. Again the question remains, how can organizations stay ahead of the hackers to safeguard not only their internal systems, but also customer information and more broadly their reputation across the industry? Measuring the impact of a customer data breach again is a near impossible task, taking various factors in to account and passing accountability to scenarios to relate back to the breach means that the true number of losses may never be fully understood and repercussions can be felt long after the incident.
Regulators are now pushing forward with changes across the operational risk function with the intention of mitigating the increasing operational risks to ensure the same mistakes that escalated towards the 2007/8 crisis are not repeated. Questions still remain as to the end goal of regulatory changes, when will organisations start to see a clear direction as to where they are heading and are these changes pushing risk managers towards a compliance role rather than managing the escalating risks?
To hear industry discussion about the operational risk regulatory landscape and developing the appropriate frameworks and processes to safeguard against the increasing technological landscape, join us at The Center for Financial Professionals’ 2nd Annual New Generation Operational Risk, taking place in London March 15-16th. For full information visit http://www.cfp-events.com/oprisk
For further information please get in touch with a member of the team on +44 (0) 207 164 6582
