No improvement in op risk training resources

According to this month's OpRisk & Compliance Intelligence survey, there are insufficient resources being allocated to operational risk training, as well as many forms of compliance training, in financial services firms. This is in spite of a recognition among op risk and compliance executives of the value of formal training when implementing various regulatory programmes, such as Basel II, anti-money laundering measures, and others.

The survey, sponsored by audit and risk consulting firm Protiviti, shows that at the majority of firms –more than 55% – just one percent to 20% of employees receive formal operational risk training. Some 14% of firms give no op risk training at all. Just 8% of respondents said their firms provided op risk training to between 81% and 100% of employees.

What training employees are given is meagre, with 31% of respondents reporting their course lasted less than two hours, while some 23% received three to four hours of training. Only 9% of those who participated in the study received more than two days of training.

The budget set aside for operational risk training is minimal. Some 30% of respondents said that no budget has been spent on training, while another 30% said that training had cost their firm just $25,000 to $50,000. Another 12% said their firm spent between $50,000 and $100,000 on training. However, there are a few big spenders out there, with 10% of respondents spending more than $250,000 on programmes.

"I know a couple of firms that are spending a lot more on this than we are," says one London-based op risk manager. "Good on them. It's training that's going to reduce op risk incidence levels at the end of the day. But senior management, at least at my firm, are focused on core compliance issues at the moment, and so that's where the money, time and attention are going."

Another operational risk executive, based in the US, points out that it is difficult to train employees in operational risk measurement and data-related subjects if the firm's overall op risk framework isn't in place yet. "I have no doubt that at some point we are going to have to train our people in these subjects," he says. "But how can I do that when I'm still trying to get the actual framework in place? How do I train teams in data issues when my group are still attempting to sort out our data collection policies?"

Most training comes from external conferences and training courses produced by outside companies. Training courses produced internally in firms also had a strong showing, but usually these are given in a limited range of areas, such as money laundering prevention, general compliance subjects, or business continuity. Few firms were developing their operational risk training internally, the study showed. Op risk executives spoken to for this article pointed out that it takes time to develop in-house training courses, and most of their time at the moment is being spent getting their frameworks in place. Says the London-based executive, "It should be a priority right now, but it's just not".

This result comes in spite of an increasing recognition of the importance of regular operational risk training programmes to reducing overall op risk losses. More than 36% of respondents thought that between 81% and 100% of employees at their firm should receive op risk training, while 31% thought that between 41% and 80% of employees should receive such training.

"I saw a presentation on an op risk training programme at an Italian bank at a conference a few weeks ago," says the London-based executive. "They had a song, which I couldn't quite imagine my colleagues here doing. But it looked like it was working for them, and I thought, 'Well, we wouldn't do a song, but we'd do something else.' The point is, we need to get op risk into people's subconsciousnesses, so they are humming along. It needs to become second nature to them to have any real impact on losses, it has to be the way they conduct themselves naturally. And we can't achieve that without training."

However, it does seem that the gradual trend is to spend more money on training over the longer term. Some 20% of those who replied to the survey say that their training budgets have increased by more than 25% over the past 24 months, while another 23% say they have increased between one percent and 24%. Only 4% of respondents reported a decrease in their training budget over the past 24 months, but 51% said there had been no change in their training budget.

The most popular type of training among firms was for improving corporate governance – including Sarbanes-Oxley initiatives – and the prevention of market abuse or insider trading. Other popular types included training against fraud, to improve communications with clients, and on business continuity procedures.

While actual operational risk training – including on op risk loss data, measurement and management – also put in a strong showing, it came in several points behind the more traditional compliance topics given above. Existing training programmes, within operational risk, are focusing on operational risk management, with 31% of respondents who have operational risk training programmes indicating that this is what they are being trained in. Some 20% of respondents say their op risk programmes are focusing on loss data collection or event catagorisation, and measurement or capital calculation.

Over the next 12 to 24 months, however, operational risk topics will have a higher profile as training topics, probably in large part because of the deadlines for Basel II. Training in operational risk management came out on top as the favourite topic for training over the next two years, followed by Basel II and operational risk loss data, which polled at the same level. The next band of topics was op risk measurement, fraud and IT security.

Market abuse and insider trading dropped to last place in the ranking, reflecting the fact that the focus on this topic among both US and UK regulators seems to be passing for now. Anti-money laundering and corporate governance training also promises to be less prominent over the coming months, again as the existing regulatory initiatives put in place over the past three years are now bedding down. OR&C