A kick up the backside

One can't help but feel that the regulatory momentum has stalled a bit. In Asia – I visited both Hong Kong and Singapore in January – nearly everyone confessed that op risk simply wasn't on the agendas of most firms because they felt the local regulators weren't pushing it. And this isn't true of just those two places – most Asian countries are choosing to focus on credit risk implementation if they are 'doing' Basel II, at the expense of operational risk.

And here in Europe, while the consultants and IT vendors bang on about enterprise-wide risk management and six sigma, most firms are focusing on complying with Basel II as the regulators crawl all over their credit risk models and seek to verify the 'use test'. Meanwhile, my trip to the US in December showed that operational risk has stalled there as well. Basel II is making little progress through the supervisory agencies, and op risk managers are being asked to justify their programmes and positions.

The discipline of operational risk began life as a regulatory initiative. And of course, these regulators famously let 'a thousand flowers bloom', in terms of how firms were actually meant to create that number. While that also was the right thing to do – it sparked much creative thinking around operational risk – it has now led to a kind of paralysis.

When I speak with industry executives, many are not moving forward with their op risk programmes because of the lack of clarity from regulators. They've moved beyond the thousand flowers, and now they want some guidance. They are having a tough time getting signoff for resources and spending without a firm idea of where op risk is headed as a discipline. Bosses are wary of ploughing more money into the area without guarantees that regulators will be satisfied, and that some return on investment is possible.

Much of what regulators have produced is inconclusive. Both the Basel Committee and the UK FSA have published documents that say little more than that there is hardly any consensus on how to approach op risk among firms.

What we need now, as an industry, is a dialogue that regulators help instigate. The regulators may not have all of the answers, but they need to start providing the industry with more substantial guidance, feedback and a sense of urgency. While they may not want this role of discipline mediator, it has already been thrust upon them by operational risk managers who remain enthusiastic about their discipline, but confused as to how it should evolve. Regulators, in partnership with the industry, need to give the discipline of operational risk a kick up the backside.

Have a good month!

Ellen Davis, Editor

UPCOMING EVENTS

New York – 22–23 February 2007

London – 26–27 February 2007

Singapore – 5–6 March 2007

OpRisk Focus Days

The first day of this training course will examine best practice, provide insight into the model auditing process and you will learn from case studies from AMA banks. Day two will focus on assessing internal capital adequacy, capturing and calculating loss data, and KRI and scenario analysis integrated with other methodologies. For more information: www.incisive-events.com/opriskbba

21–22 March 2007

OPRISK EUROPE – LONDON

www.opriskeurope.com

23–24 May 2007

OPRISK USA – NEW YORK

www.opriskusa.com

The premier annual events for the operational risk communities on both sides of the Atlantic. Full details coming soon.

Sponsoring or exhibiting at OpRisk will enhance your organisation's presence and enable you to maximise your profile with the correct audience.

To discuss specific packages that could suit your individual requirements, please contact Adam Jordan on + 44 (0) 207 484 9908 or email

adam.jordan@incisivemedia.com