Regulators need to rethink their approach to op risk

Feel pity for your regulator. Although financial firms have been caught out badly by the current credit crunch and spin-off events, it is the regulators who will be burning the midnight oil in the coming months. To help them in their contemplations, I offer some thoughts.


First, they are faced with a true paradox. The internationalisation of financial services means regulators must work more closely together to properly supervise individual firms. In doing so, supervisors are rightly developing an understanding of, and sharing around, best practices for risk management. As a result, firms are gradually adopting similar approaches to risk, to meet regulatory approval. Which means, in turn, that firms are all acting similarly in times of crisis - their whistles and dials all tell them to do the same thing at the same time. This goes beyond procyclicality. A world of lemming banks is a systemic nightmare.

Which raises the next issue of importance - the procyclicality of operational risk. In times of stress firms are raising their overall capital levels to keep the supervisors sweet. But across the industry, this is contributing to announcements of job losses - and historically those losses have hit non-revenue generating parts of organisations hardest. The very parts that look after systems and controls. This can't be good.

This next issue really sticks in my craw. I've read several hundred pages of regulatory output about the current market crisis and have yet to stumble on the phrase 'operational risk'. It hasn't been mentioned in discussion about the over-the-counter derivatives processing issue. It wasn't mentioned in mortgage origination analysis. No sight of it in text about compensation and human resources issues. Or the new product approval processes that broke down. Or around the systems and controls that got trodden underfoot for existing products.

Why no mention of operational risk?

Frankly, if there ever was a time when regulators should be pushing the op risk folks into the limelight, it is now. The discipline was created to understand and either prevent or mitigate these very sorts of problems.

In fact, I'll go further. Why should regulators expect firms to give operational risk executives their proper place at the table, when they themselves don't? Regulators - like deer in the headlights - are trapped in their credit and market risk comfort zones and are sending out the wrong message about operational risk to firms.

This needs to change, and fast.

Have a good month!

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here