Operational risk at a crossroads
Just where is operational risk going? This is the question that, in one form or another, seems to be dropping from the lips of most executives in the field these days. People are clearly worried.
I certainly think it has hit a crossroads. The 'founding fathers' of Basel II tried to "let a thousand flowers bloom" and not be very prescriptive in how they structured their regulatory guidelines. This was for a good reason – it is a new discipline, and they wanted to let innovation carry the day. But now, it seems, there is real concern that op risk has hit a wall. Those who tried to implement Basel II as best they could have, in many cases, wound up with software that is out of date, data they don't understand, and policies and procedures that overlap considerably with both audit and compliance.
Some op risk people are leaving the industry, while others are looking for other risk disciplines to shift into. Others are nailing their colours to programmes such as Six Sigma, Coso and Business Process Improvement.
What is the answer? One consultant I spoke to says the industry has suffered because those who shifted into op risk roles four or five years ago came from either risk management or audit backgrounds, and generally tried to apply their previous job's methodologies to op risk. For example, self-assessments and KRIs have come out of an audit approach. Risk management executives focused on collecting data and modelling it.
I agree with the consultant – who happens to be Ali Samad Khan – that op risk doesn't really fit neatly into either of those two boxes. As a discipline, it has proved to be difficult and unwieldy. The recent report from the Basel Committee on Banking Supervision on how banks are handling the advanced measurement approach – which showed that there was little consensus on anything having to do with op risk – simply underscored what many op risk executives have come to understand is the nub of the problem.
Fresh thinking is needed on op risk measurement and management.
While I'd not really encourage throwing the proverbial baby out with the bath water – a lot of interesting and useful work has been done – I think that it is the duty of operational risk managers to now set aside the issue of Basel II compliance and ask... what next?
Perhaps it is time to stop borrowing from other disciplines and take an approach that can evolve from the ground, up. What is the core difficulty in measuring operational risk? How can we apply people and technology to solve that difficulty without suffocating the business? How can op risk add value?
I will not pretend to have the answers. But I'd like to throw that question out to the industry and see what people have to say.
Have a good month!
Ellen Davis, Editor
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Operational risk
Integrated GRC solutions 2024: market update and vendor landscape
In the face of persistent digitisation challenges and the attendant transformation in business practices, many firms have been struggling to maintain governance and business continuity
Vendor spotlight: Dixtior AML transaction monitoring solutions
The Chartis Research report, AML transaction monitoring solutions, considers how, by working together, financial institutions, vendors and regulators can create more effective anti-money laundering (AML) systems.
Financial crime and compliance50 2024
The detailed analysis for the Financial crime and compliance50 considers firms’ technological advances and strategic direction to provide a complete view of how market leaders are driving transformation in this sector
Automating regulatory compliance and reporting
Flaws in the regulation of the banking sector have been addressed initially by Basel III, implemented last year. Financial institutions can comply with capital and liquidity requirements in a natively integrated yet modular environment by utilising…
Investment banks: the future of risk control
This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control
Op risk outlook 2022: the legal perspective
Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…
Emerging trends in op risk
Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…
Moving targets: the new rules of conduct risk
How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…