Tony Taylor and David Jones, Yorkshire Building Society
Tony Taylor is group risk manager and David Jones chief auditor for the Yorkshire Building Society, a £10 billion capital mutual society that focuses on residential lending.
In 1998, they began to develop an approach to operational risk management that complemented an increasing focus on risk within the internal auditing process, introducing advanced technology to automate risk/control assessment.
What prompted the Society to implement a new programme for op risk management?
The project was initially prompted by regulatory guidance. However, the first exercise only produced a static view of risks, and the Society realised the importance of using a more dynamic approach.
This new approach involved designated roles and responsibilities for risk management within an agreed structure, and establishing tools and techniques for the identification and assessment of risks.
What are the overriding aims of the initiative?
To improve corporate governance, risk awareness and its focus, and the business’s ability to tackle risks on a cross-functional basis.
How is your operational risk initiative structured in terms of reporting lines?
Tony’s position as group risk manager allows regular contact with senior management, enabling him to discuss emerging risks. He also produces reports for the Board Audit Committee and senior management, which identify the current high-level risks and how they are being managed.
David, as chief auditor, provides an independent assessment of whether the measures taken to manage risks have achieved the net risk position anticipated by line management.
What was wrong with more traditional audit programmes?
The previous audit approach focused on individual areas of the business and did not allow a view to be obtained of the cumulative impact of risks and controls. As a result, over-control was less easy to identify.
The new approach draws on line management’s experience to expand knowledge of risks to a process and ensure appropriate countermeasures are implemented.
What have been the tangible benefits of the new approach?
The enhanced information available at the start of an audit has resulted in a reduction in the average time spent on reviews. And the creation of a risk database allows the operational risk manager to provide management with tailored reports. Among other facilities, the software can produce reports showing risks by category, gross risk score, net risk score, owner etc.
When selecting the software to support this programme, a key consideration was whether it could be used as an audit tool as well as by the risk team. It was also important to ensure that it could supply all anticipated reports.
We are now planning to refine the risk policy to determine more precise parameters for decision making throughout the group.
Could larger financial organisations learn from your experience?
The Yorkshire Building Society is a relatively small, non-diversified financial institution, and this has undoubtedly made the process of implementing this approach easier. However, any organisation will benefit from adopting a structured approach to risk management.
Aside from the possibility of new capital charges for operational risk, we believe that, above all, the focus should be on emerging risks within our rapidly changing businesses.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Transforming stress-testing with AI
Harnessing the power of automated scenario generation, by Mathieu Tancrez
Basel stops short on wrong-way risk
New guidelines a step in right direction, but experts warn they won’t prevent another Archegos
On resilience risk, banks prepare to let the bad times roll
Lenders bolster first-line teams and upskill boards as compliance with new rules bites
Complex EU active account reporting could drive trades out of UK
Draft Emir rules might not force large volumes to move to EU, but will make compliance difficult
Strategies for navigating market volatility in the post-US election landscape
This article examines the key themes of a recent webinar, sponsored by S&P Global Market Intelligence, on market volatility following the US election, including inflation risks, commodities, geopolitical uncertainty, ESG considerations and the role of…
Risk.net’s top 10 investment risks for 2025
Fresh concerns this year include a trade war, a stock market crash and growing social discord
For banks, change risk is inevitable; managing it, optional
Regional bank survey shows steady growth of dedicated change risk functions and adoption of leading indicators
Clearing members ponder the purpose of CME’s mystery FCM
Some think licence will be used to boost crypto clearing capacity, but many questions remain