Innovation in operational risk management shows no signs of slowing - if anything the financial crisis has caused it to accelerate. Speakers and panellists at the 11th annual OpRisk Europe conference shared their views on the future of op risk. By David Benyon The crackling debates between panellists and audience members throughout the 11th annual OpRisk Europe conference, held in London on April 22 and 23, made it clear the operational risk management agenda is moving relentlessly on, with the financial crisis acting as a catalyst for the even faster evolution of the discipline. This pace is evidenced in the rapid move towards regulatory change both in the UK and the European Union, which was covered by a series of presentations and panels during the first morning of the conference. The keynote speaker, Arnoud Vossen, secretary-general of the Committee of European Banking Supervisors (Cebs), opened the event with a thorough rundown of the challenges of developing EU-level supervision of the financial sector. "More responsibilities are moving towards the centre of Europe that will have consequences for individual member states. A delicate balance has to be struck, but changes are felt necessary by everyone in Europe," he said. He also outlined this year's agenda for a European System of Financial Supervisors (ESFS) and how its proposed responsibilities will affect the future of EU micro-economic supervision. "It will be tasked with creating, over time, one single rule book in the EU for prudential supervision," Vossen said. "It would take certain supervisory decisions affecting cross-border banks in Europe. Day-to-day supervision will continue to be done by national supervisors. In cases where they do not agree, the new European authority (the ESFS) would mediate between the supervisors concerned and would take binding decisions on cross-border banking groups." The stakes are high, as all the signs are pointing towards sweeping regulatory change. However, some suggestions are more extreme than others. In his keynote address on day two of the conference, John Redwood, MP, chairman of Evercore Pan-Asset Capital Management and former UK cabinet member, expressed dissatisfaction with international rulemaking. Highlighting the Northern Rock bank run, Redwood suggested Basel II had let the system down unforgivably. "The Basel rules meant it had too much capital so it was exploring ways of returning capital to shareholders and increasing the amount of lending that it did. I think we have to dump Basel and look for something else." Regulatory panellists in the discussion on the evolving regulatory view of operational risk were reluctant to make predictions about the future. "It's still the dark side of the moon," admitted Marco Moscadelli, responsible for op risk supervision at the Bank of Italy and chair of Cebs' Novio op risk working group. Bernd Rummel, banking supervisor at German regulator Bafin, conceded that the process of advanced measurement approach (AMA) accreditation had been a matter of learning on the job for supervisors - even in Germany, which has more AMA banks than any other jurisdiction. Rummel said the quality of risk management was the key to Bafin's AMA accreditation rather than capital or models themselves. "Capital is only the last line of defence," said Rummel. "It is tough to increase capital in this market environment. When viewed as another line of defence, risk management could be the most efficient avenue for improvement." There was caution from Moscadelli that Pillar II could not be a panacea for all the faults of Pillar I. "If we observe a reduction in capital for Pillar I op risk, then Pillar II could be a way to address the problem, but we should not use it to protect or solve intrinsic problems with the capital charge," he said. One area that regulators seemed to agree on was governance. Bafin's Rummel said minimum standards in governance must be set for all risk types. Adrienne Haden, assistant director for banking supervision at the US Federal Reserve, agreed. "You might call it a return to basics," she said, outlining the Fed's focus on risks posed by weaknesses in governance, internal controls and audit, and by increasing fraud. "It is vital that the board and senior management have the experience and background to understand the operational risk issues associated with their firm's strategic and tactical business model," said Haden. "They must also understand the products and services offered, and how new products and services introduce new risks and alter the existing corporate risk profile." Frances Allen from the UK Financial Services Authority's prudential risk division took a tougher stance on governance, adding that the regulator would be making more use of enforcement powers unless improvements in risk management standards were forthcoming. The FSA is due to publish the Walker Review of corporate governance practices and a report on the role of remuneration incentives in October. Allen also warned that the UK regulator would be raising the bar for standardised approach (TSA), basic indicator approach (BIA) and AMA firms under the Basel II process, underlining that those large banks running the basic or standardised approach should have an op risk management programme in place to a similar level to their AMA peers. "This is sometimes lost on some of the firms we talk to, but we think that a very large firm would for all intents and purposes be expected to have arrangements in place that are not very different from an AMA firm," said Allen. "Unfortunately, we have evidence that several firms' operational risk management remains inadequate relative to the spirit of these requirements." She was also keen to emphasise that Pillar II 'use test' requirements apply to TSA firms as well as AMA recipients. Going back to the findings of the 2007 FSA research paper, 'Operational risk management practices: Feedback from a thematic review', Allen said many firms have yet to effectively embed op risk management practices identified in that report. The traditional OpRisk Europe panel discussion on enterprise-wide risk management (ERM) was particularly lively this year, as ERM has enjoyed something of a renaissance and renewed potency in recent months as a result of market events. John Whittaker, group op risk director at Barclays, emphasised the importance of taking a holistic approach to risk management to address weakness in risk culture. The importance of ERM in presenting information in an integrated way across risk categories and the business operating environment was also highlighted by Patricia Brown, joint general manager at Sumitomo Mitsui Banking Corporation, Europe. The role of op risk manager within ERM has too often focused on day-to-day or minor risks of administration and form filling, rather than the big operational risks that have the capacity to scupper a bank, warned Piet Poos, senior programme manager for compliance and op risk management at SNS Reaal, the largest of the non-AMA banks in the Netherlands. Day one was rounded off with a cocktail party, where awards were presented to the European winners of the OpRisk & Compliance Top 50 Faces of Operational Risk, and Ten Years of Excellence awards (see photo). The Top 50 Faces awards were a chance for the magazine to celebrate the achievements of some of the people who have helped operational risk to develop into the discipline it is today. The enhanced role of op risk Sergio Scandizzo, head of operational risk at the European Investment Bank (EIB), opened day two of the conference. In his plenary address, he emphasised that the purpose of op risk management was not to bring about enhanced performance through accountancy, but rather to focus on the survival of the bank. The role of op risk management, he argued, should be greater than that of credit or market risk, which manage individual business or product-specific risks. Operational risk management encompasses what he termed "company distress risks" to the business as a whole, something that requires board level responsibility. The extra level of responsibility, warned Scandizzo, is that the overall distress risk is greater than the sum of its parts at the business line and products level. Op risk's future enhanced role, therefore, would be to manage the consequences of the other risks: covering all aspects from the front office, back office, outsourcing, board, governance and compliance. Industry and regulatory panellists, speakers and delegates disagreed as to how or whether op risk could assume a raised profile in an enterprise-wide role. The Bank of Italy's Moscadelli argued that an op risk framework can become a powerful force for senior management to improve the quality of internal controls and risk management systems. But Poos at SNS Reaal cautioned that "no-one will give that to you", and that op risk managers must, through their own guile and initiative, prove to senior management that the tools of op risk analysis can translate into successful actions. "We need to do it - not wait for senior management to take action," he said. Whether op risk is well placed enough within the firm was open to question, but developments in response to the current crisis towards addressing cultural issues within the firm were not. "Operational risk, without a doubt, has moved up the agenda. It is every part of risk within a banking institution. It's here to stay whatever happens, and we're all going to busier for it," said Paul Search, UK head of operational risk consulting, financial services practice, at Marsh. 'Innovation' in financial services has morphed over the past 18 months from a pseudonym for sexy into an embarrassing taboo. EIB's Scandizzo identified a number of risk management failings behind the crisis. The first of these was a belief that risk is infinitely sustainable in the face of continuous financial innovation. "As op risk managers, and risk managers generally, we have made a mess of things," he said, adding that competitive financial innovation, as a result of the search for yield, had broadened an information gap within organisations that risk management struggled to keep up with. This itself was an operational risk. "There is a potential misalignment of objectives between front office and the rest of the company," said Scandizzo. "This misalignment can only grow larger in the presence of an information asymmetry." Another failing highlighted by Scandizzo was the belief that all that is needed is enough historical data harnessed through mathematical models. "It is what I call the 'pretence of knowledge'," he said. "Whatever you do, it's potentially going to be proven false at some point, no matter how much data you have - no matter how many white swans you see, you can never conclude that all swans are white. No matter how good your mathematical model is, there is always going to be something missing." Backward-looking models were a magnet for criticism during the conference, but participants did not lose sight of their continuing value. Andreas Merbecks, managing director of group operational risk at UBS, argued that, while models should be handled with care as a lesson of the crisis, even those models proven erroneous provided valuable lessons that would be lost if they were simply discarded. The increasing use of forward-looking scenario analysis was picked up by several speakers. Jordi Garcia, global head of operational risk at BBVA, emphasised in his presentation the need for a forward-looking "ex ante" outlook, rather than taking a retrospective "ex post" look at historical loss events. Garcia also underlined the need for targeted scenario analysis - revealing that BBVA targets about 20% of operational risk types responsible for 80% of its losses. Other areas of innovation in op risk, including the use of risk mitigants for a capital reduction under the AMA, were a recurring theme of the conference. Marsh's Search gave a presentation exploring the future of op risk mitigation and highlighting the need for industry co-operation to develop the area. Discussing op risk insurance, he pointed to recent collaboration between two Australian banks (CBA and NAB) and Marsh's work to co-ordinate risk mapping, classifications and contracts between banking and insurance. Regarding the other risk-transfer mechanisms (ORTM), he outlined the ongoing work on fully funded capital market structures such as catastrophe bonds and coupon-at-risk instruments, and the unfunded, pooled risk structures such as liquidity-wrapped insurance, equity put and buy-back, and cross-class Basel II risk transfers. Another pioneering innovation in the field of risk mitigants are efforts in the use of correlation - an attempt to measure whether one risk type increases with another, suggesting that losses in one area lead to losses in another area, causing greater losses overall. According to Basel II, to use correlation a bank must be able to demonstrate that systems for determining correlations are sound, implemented with integrity, and take into account uncertainty surrounding correlation estimates; in addition to validating its correlation assumptions using appropriate quantitative and qualitative techniques. BBVA's Garcia said in his presentation that the Spanish bank is developing the use of correlation - subject to approval - to reduce AMA economic capital at risk by 37% from the total calculated under TSA, compared with a 2% rise under the AMA without correlation. Innovation in operational risk seems to be as alive as ever despite the financial maelstrom still affecting the industry....
Start a FREE trial or subscribe to continue reading:
Start a 4 week free trial
Try Risk.net's premium content for a limited period. Register now for your FREE trial to one of our leading brands.
*not available to previous trialists or subscribers.
Log In or Subscribe Now
Subscribe to Risk.net Business now to access all our premium news & features content for 1 year.
Pay by Credit Card for immediate access.