A letter to the editor


Dear Ms. Davis:
This letter is written in my personal capacity, in response to your article Operational risk at a crossroads (OR&C, December 2006). In my professional capacity, I am the head of operational risk of the Emirates Bank Group in Dubai, the co-regional director of the UAE chapter of GARP, and a professional member of the Institute of Operational Risk.

It is interesting that this debate is now being opened to the industry. You are spot on about a discipline 'in limbo'. Everybody is trying to make a quick buck, nobody is really pulling together to sort out the fundamental mistakes made in the beginning.

These mistakes include issues like calling people 'operational risk managers' and as you mentioned, things that evolved from the audit profession, re-directed by Basel to be an independent function, really need some urgent direction and correction.

The fathers of op risk managers were wrong to create the title of 'operational risk manager'. Managing op risk is not even a line-management function, it is everybody's job. The discipline has two distinct streams of work, and thanks to Basel II, a third one.

First we have the level at which op risk actually gets managed. At this level it is a skill that needs to be taught and applied, let us thus get away from thinking there is a breed of managers – 'operational risk managers – who go around organisations, 'picking up banana peels'.

Second, there is the advisory level. The professionals in this discipline should be called 'operational risk advisers'. These are the strategists and policymakers who implement sound risk-management principles, and develop the op risk function into the value-adding function it should be. These are the guys who are looking through the windscreen to drive the car; no longer just in the rearview mirror.

No amount of quantification, scenario analysis or modelling can mitigate operational risk. People risk is the most important part of operational risk, and these professionals need to provide the tools to the business to manage all operational risks. At the professional level, all tools and data streams are pulled together into a comparative reporting dashboard, to support the entire workforce in their management of op risk.

Do not try to compare this level to consultants. Just as the ex-auditors are not op risk managers and never will be, you can never have op risk consultants. Op risk professionals must understand the business and the support functions fully to be able to put together the strategy, framework, policies and performance-management criteria.

The third level is specialisation. These are the quants and modelling specialists that Basel II brought into the picture. They should work cross-functionally on risk modelling. They are not managing op risk other than any that is relevant to their jobs, and they are by no means op risk professionals. They are quantification experts, and should focus on that.

Until these three distinct levels and functions within the discipline of op risk are clearly understood and functional boundaries are defined, we will have the current confusion. Amid this confusion, nobody will be able to get over the wall you say we have hit.

Horst Simon, Dubai

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Investment banks: the future of risk control

This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

Op risk outlook 2022: the legal perspective

Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…

Emerging trends in op risk

Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…

Moving targets: the new rules of conduct risk

How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…

Building resilience into ESG risk management

Risk and resilience continue to play an important role in the navigation of an increasingly uncertain world. Fusion Risk Management explores why it is equally crucial for technology to support organisations in addressing pertinent environmental, social…

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here