A kick up the backside


One can't help but feel that the regulatory momentum has stalled a bit. In Asia – I visited both Hong Kong and Singapore in January – nearly everyone confessed that op risk simply wasn't on the agendas of most firms because they felt the local regulators weren't pushing it. And this isn't true of just those two places – most Asian countries are choosing to focus on credit risk implementation if they are 'doing' Basel II, at the expense of operational risk.

And here in Europe, while the consultants and IT vendors bang on about enterprise-wide risk management and six sigma, most firms are focusing on complying with Basel II as the regulators crawl all over their credit risk models and seek to verify the 'use test'. Meanwhile, my trip to the US in December showed that operational risk has stalled there as well. Basel II is making little progress through the supervisory agencies, and op risk managers are being asked to justify their programmes and positions.

The discipline of operational risk began life as a regulatory initiative. And of course, these regulators famously let 'a thousand flowers bloom', in terms of how firms were actually meant to create that number. While that also was the right thing to do – it sparked much creative thinking around operational risk – it has now led to a kind of paralysis.

When I speak with industry executives, many are not moving forward with their op risk programmes because of the lack of clarity from regulators. They've moved beyond the thousand flowers, and now they want some guidance. They are having a tough time getting signoff for resources and spending without a firm idea of where op risk is headed as a discipline. Bosses are wary of ploughing more money into the area without guarantees that regulators will be satisfied, and that some return on investment is possible.

Much of what regulators have produced is inconclusive. Both the Basel Committee and the UK FSA have published documents that say little more than that there is hardly any consensus on how to approach op risk among firms.

What we need now, as an industry, is a dialogue that regulators help instigate. The regulators may not have all of the answers, but they need to start providing the industry with more substantial guidance, feedback and a sense of urgency. While they may not want this role of discipline mediator, it has already been thrust upon them by operational risk managers who remain enthusiastic about their discipline, but confused as to how it should evolve. Regulators, in partnership with the industry, need to give the discipline of operational risk a kick up the backside.

Have a good month!

Ellen Davis, Editor


New York – 22–23 February 2007

London – 26–27 February 2007

Singapore – 5–6 March 2007

OpRisk Focus Days

The first day of this training course will examine best practice, provide insight into the model auditing process and you will learn from case studies from AMA banks. Day two will focus on assessing internal capital adequacy, capturing and calculating loss data, and KRI and scenario analysis integrated with other methodologies. For more information: www.incisive-events.com/opriskbba

21–22 March 2007




23–24 May 2007



The premier annual events for the operational risk communities on both sides of the Atlantic. Full details coming soon.

Sponsoring or exhibiting at OpRisk will enhance your organisation's presence and enable you to maximise your profile with the correct audience.

To discuss specific packages that could suit your individual requirements, please contact Adam Jordan on + 44 (0) 207 484 9908 or email


Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Investment banks: the future of risk control

This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here