Operational risks in financial services firms are a significant capital charge, and a firm that has a solid GRC process and system could have significant advantages in terms of lower capital charges. What do you think of that as an argument for getting business owners to buy into your GRC system?
White: For a lot of financial services firms, the capital charges are a lot higher in the other risk categories, so sometimes that argument works the other way. If there is a significant capital charge, I think a GRC platform is a good way of proving you have actually met those use-test requirements, which goes a long way. The other thing is you can start to integrate some of the outputs of your scenario analysis and your risk assessment into your capital models, particularly the indicators around risk appetite, and monitoring risk and compliance. Whether it is an automated GRC system or another form, you have to embed that type of governance and risk approach to the way you’re looking at things across the business in order to help with your capital calculations.
Brandts: By definition, anything that happens in the credit risk has an operational side to it, though that is sometimes a complex story. If you are a process owner, the capital charge is relevant but it is not your immediate concern, it’s not something you can influence. I think the capital charge argument does help but more at a senior level rather than a lower level in the organisation.
Zirano: We have seen firms approaching operational risk management from a purely financial point of view but, beyond making sure you have put aside the right amount of money, you also need to make sure you continue to improve your processes. For example, there are firms that adopted a purely financial approach to operational risk management under the influence of Sarbanes-Oxley Act and who are now stepping back and looking at having the right risk engine and the right processes to generate as few risks as possible.
White: One of the benefits we have not talked about yet is that having this type of information actually improves your reputation with the marketplace and the rating agencies. If you are able to provide a very clear and confident view of where you are with either compliance, regulation, or your risk profile, that is going to help in terms of the view that they have.
Click here to view the article in PDF format.
More on Operational Risk
Rigorous training the only cure for complacency, says Marc Schaedeli at Risk USA
Companies must prepare for inevitable intrusion, says RBS infosec head
Weaknesses highlighted after payment system failure
Regulators in other sectors more likely to stay in public service
Sign up for Risk.net email alerts
Sponsored webinar: IBM
Watch highlights of this year's London conference
Operational risk and the challenges of defining and dealing with conduct risk
Watch discussions and speakers from our North America conference
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.