Carrie Cook from The Risk Universe magazine reports on the Center for Financial Professional’s annual dedicated event for operational risk practitioners…
The Center for Financial Professionals’ New Generation Operational Risk conference came at a pivotal time for the operational risk community. Just days before, the Basel Committee on Banking Supervision had released its latest consultation on operational risk capital calculation and the air was abuzz with differing views on what the proposed changes could mean for the discipline.
Model behaviour
Naturally, the Basel consultation was the star of the show, with two speaker slots dedicated to discussing the proposals. Peter Mitic, head of operational risk methodology for the UK at Santander and Richard Pike, CEO of Governor Software and independent non-executive director at Permanent TSB, sat on the panel. Mitic’s observations were largely related to the mathematical elements of the proposed standardised model; mostly that there is little explanation around how Basel arrived at the figures used, which is especially significant as banks are currently required to justify their own calculations when using AMA. One delegate asked a valid question: why should we bother trying to model operational risk at all if the numbers can’t be trusted?
Mitic and Pike both felt there is still a place for modelling, but Pike suggested there is too heavy a focus on the capital element at present. “I think we need to have better thinking around operational risk than just pure capital” he said, “but unfortunately I don’t think it’s going to change in the short term.” Mitic felt a major issue with modelling operational risk is that firms are still unable to calculate a maximum capital requirement – a problem for which he is working to find a solution.
Board games
A common challenge for many operational risk professionals is getting the board to prioritise their concerns. As a non-executive board member himself, Pike provided a viewpoint from the other side of the fence and highlighted the problems caused by not presenting information to the board in concise and digestible format. Citing the 700-page reports he is often handed before meetings, he explained how overloading board members with information – of which many executives are guilty – does little to help relations with the C suite. So, what should operational risk practitioners be reporting to the board and how do they find a balance between presenting aggregate, versus more complex, data? Pike says the key is to be prepared to provide more detailed information when necessary on any assumptions you’ve made within your reports, rather than providing it all up front. “I suspect that almost no board member will want to go through the mathematical details,” he said. “But they’ll want to understand the assumptions and they’ll want to understand the output.” He added that board members will also need to know about any sensitivities within the model so they can understand where risk management priorities should lie.
Operational intelligence
With an emphasis on data in the new Basel proposals, Kirsty Rutter’s session on using big data to enhance operational risk management proved interesting and timely. Rutter, formerly of Credit Suisse and now an independent risk consultant, shared her experience in gathering and interpreting data with the application of emergent semantic technologies to cultivate what she calls “operational intelligence”. With a background in physics and accountancy, Rutter describes herself as “the one often found raging against the machine” – evident in her ambition to challenge management’s tendency to pigeonhole operational risk under “fluffy stuff”.
To do this, Rutter needed to filter through the white noise to find information which would capture management’s attention. Her primary hurdle, perhaps unsurprisingly, was gaining access to the data in the first place. “Data is usually dispersed across the organisation and is not linked,” she explained. “It’s owned by different teams and those teams are typically suspicious of you wanting to get access to it…The number of imposed approvals to get access can cause delay.” Next came assembling this information in “a sensible, intelligent, speedy way, which was then repeatable”. Rutter advises anyone embarking on a similar project not to be disheartened if it doesn’t work first time and to be prepared for uncovering “unknown unknowns”. It could be that the firm is spending a lot of time and effort gathering data which turns out to be useless and provides no insight into the business. But even this discovery should be seen as a victory, because it means the problem can be addressed, perhaps by better educating those collecting the data, says Rutter. She also warned of “cultural antibodies” – people within the organisation who will be resistant to change and will try to kill off your project. “You are going to ask difficult questions,” she said.
Regulation trepidation
Meredith Gibson, head of legal risk at Santander UK, highlighted what she feels is “the single largest risk” to financial institutions: regulatory change. “The reason it is the greatest risk is because so many of the rules are very uncertain,” she explained. “For MiFID, for example, we do not yet have the level two text and we are supposed to be implementing it by January 2018.” With the backdrop of the Senior Managers Regime (SMR) adding more complexity, the pressures around regulatory change are now even higher, requiring ever-increasing governance measures. “For every one guy on the trading floor in an investment bank making any kind of money, there are probably four or five people looking at him and telling him what he shouldn’t be doing. It’s a very tough environment,” says Gibson. She added that MiFID will be a real “game changer” and is a regulatory risk which is proving very difficult to prepare for, especially in context of the SMR. “Now senior management are going to have to think very carefully about their role in all of this…If the rules change, how are they going to make certain that they know what the rules are in order to prevent them being breached? You could spend the entire balance sheet of the bank just on regulatory change.” In Gibson’s experience, operational risk and legal departments have never really interacted in an official way when it comes to managing regulation – something she thinks should change. “Let’s face it, regulatory change has everything that operational risk seems to be: people processes and systems – because that’s what regulatory change does; it changes the way that people do things; it changes the processes they use to do them and the systems they do them on.”
The Risk Universe is offering a special 20% discount on an annual subscription for members of the Center for Financial Professionals. Please contact jesse.hopkins@cefpro.com for further information.