
Bringing order to op risk and the duck-billed platypus
Industry co-operation on operational risk taxonomies might yield a valuable tool
Taxonomies are mostly found in biology, where they are used to classify and distinguish between different types of living organism. Using a taxonomy, species as diverse as the great-crested newt, lesser-spotted woodpecker and duck-billed platypus can be organised and arranged in a way that brings a sense of scientific order to our chaotic natural world.
In the field of operational risk management – which is often equally chaotic – taxonomies have come in very useful. The use of an op risk taxonomy, or risk register, forges a common language for the risks faced by a firm and assists with risk reporting. Perhaps more importantly, it can help firms to put in place an effective and comprehensive set of controls.
While a biological taxonomy might feature great pandas, muntjacs or spiny lumpsuckers, the entries in an op risk taxonomy are more likely to encompass internal fraud, terrorism, employee practices and workplace safety. Ideally, practitioners say that each of these risks or risk categories should be mirrored with a list of relevant controls. Against employee practices and workplace safety, for example, the controls listed might include recruitment, training or background checks.
As with many other aspects of risk management, there isn't necessarily a right or wrong way to do this. The correct taxonomy is likely to change depending on the exposure, activity and strategic objectives of your business.
The Basel Committee on Banking Supervision uses seven broad op risk loss event categories, but risk managers say these are far from definitive. Consequently, financial institutions have adopted different ways of tackling the issue; practitioners say banks' op risk taxonomies can include anything from 50 to 250 lower-level risks. "There's a marked variability between the different types of taxonomies used by financial services firms," remarks one London-based chief risk officer.
Still, there is much that financial firms can learn from each other. And major banks are increasingly looking to their peers for guidance on best practice. The need for co-operation in the area of op risk is perhaps all the more urgent, since banks face pressure to cut costs, boost shareholder returns and comply with onerous new regulations. If prowess in op risk management was ever viewed as a source of competitive advantage, well, things have changed.
In February, Risk.net reported that op risk practitioners from eight major banks, including Deutsche Bank, JP Morgan and HSBC, were attempting to draw up an industry standard taxonomy for use as a best-practice guide. When it comes to taxonomies, one size will never fit all, as Richard Cech, operational risk examiner at the Federal Reserve Bank of New York, has pointed out. But this is nonetheless a useful step towards creating a common frame of reference.
Armed with this valuable tool, firms might be able to make the world of op risk a little less chaotic, and perhaps more similar to that of the duck-billed platypus.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Liquidity risk learnings in the banking industry
Sidhartha Dash, chief researcher at Chartis Research (part of Risk.net's digital network), talks to Steve Pemberton, chief executive of Coherent Europe, about the dynamics and challenges surrounding liquidity risk in the banking industry
Investing in operational readiness to optimise FRTB capital
A forum of industry experts discusses the implementation of FRTB, the burden of investment into data and infrastructure for FRTB compliance, the considerations for banks in using the standardised approach (SA) and the internal model approach (IMA)
Top 10 operational risks: The umpire strikes back
Tougher regulatory enforcement, new consumer rules and rise of ESG are ringing alarm bells
Ion wasn’t deemed a ‘critical’ vendor by most clients
Software firm escaped heavy scrutiny ahead of cyber attack, says US Treasury official
Op risk data: Stanford fraud haunts banks for billions
Also: Helaba’s crank capital relief; TSE stock price sanction; 1MDB mauls Mudabala. Data by ORX News
Hacked off: banks demand answers after Ion cyber attack
Clients left in the dark about ransomware attack that disrupted futures trading last month
Digital exposure makes fraud management a vital responsibility for financial institutions
Fraud management and detection continue to be an increasing area of concern for financial institutions worldwide
UBS takeover of Credit Suisse to trigger higher G-Sib surcharge
At 14.2%, UBS’s CET1 capital ratio is more than sufficient to absorb the deal