The advancing tide of rationalisation


I spent a week in New York at the beginning of December, and I heard the dreaded 'R' word fall from the lips of op risk executives, technology vendors and consultants alike. Essentially, firms have woken up to the fact that they have put in place processes that overlap and are producing colossal levels of frustration at the business unit level. One op risk executive confessed to me that an analysis of the various regulatory 'information gathering' activities that take place at his bank every year has produced a shocking nine rounds of self-assessments that some business lines had to complete.

Now that's a lot of red tape. The overlap stems from self-assessment-type procedures that audit, operational risk, the SOX team, the compliance department and others are following within firms. Some firms are trying to better co-ordinate these various self-assessment programmes units, while others are creating distinct self-assessment units that are taking charge of the self-assessment programmes. Still other firms are putting one existing unit – such as operational risk – in charge of co-ordinating self-assessments across firms.

Indeed, one common theme was that there didn't seem to be a common theme as to how firms were implementing this rationalisation. The plan seemed to be dictated by internal politics, human resources and regulatory drivers at individual firms. There were as many combinations of rationalisation ingredients as there are personal ways to assemble fajitas.

But one trend seemed to stand out – that the role of the operational risk department as a result of this rationalisation process is growing. Firms are keen to make their compliance departments more 'risk-based' in response to regulatory demands, and to change their approach from one that is focused on ticking boxes to one that understands the challenges their business units face.

This is very exciting, and it is a theme that we will be touching on in our upcoming OpRisk Europe and OpRisk USA conferences. Operational risk executives should seek to outline the tone of the debate within their firms when it comes to these changes, and demonstrate that all of the hard work done over the past several years has created a 'ready-made' risk-based framework to deal with issues as varied as money-laundering prevention, internal fraud, processing errors and terrorist attacks.

I expect that 2007 will be a year of dynamic change for both operational risk and compliance executives, and I also believe that at the end of this year, many firms will be in a far stronger, risk-based place.

Have a good month!


Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

Investment banks: the future of risk control

This survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

Op risk outlook 2022: the legal perspective

Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…

Emerging trends in op risk

Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…

Moving targets: the new rules of conduct risk

How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…

Building resilience into ESG risk management

Risk and resilience continue to play an important role in the navigation of an increasingly uncertain world. Fusion Risk Management explores why it is equally crucial for technology to support organisations in addressing pertinent environmental, social…

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here