Op risk managers must be ‘change agents’, says Fed official

Fed's Gwendolyn Collins calls on op risk managers to be pioneers, not policemen

Federal Reserve
Fed bank supervisor wants op risk managers to play a more strategic role

Operational risk professionals should pivot from acting solely as risk managers to being strategic advisers to senior management and boards of directors, an officer at the Board of Governors of the Federal Reserve System told delegates at the OpRisk North America conference in New York today (March 16).

Gwendolyn Collins, who heads the Fed's risk policy, and systems and operational resiliency policy teams, said the role of op risk managers had become more strategic than in the past and required a broader skill-set than before.

"Today, op risk managers are expected to be change agents, often leading business process reviews and transformations, as well as full business line strategy transformation," she said. "Op risk managers are expected to be builders, engineers and innovators, setting up strong internal control environments, sound governance and processes; putting in place committees and task forces where needed."

Op risk managers must handle "new regulation, new technology, and dynamic financial management processes", and must be more tech-savvy and capable of identifying and assessing cyber risk across firms – especially where growth and acquisitions have made technology infrastructure more tangled, she said.

"We are all finding there are pockets of our firms that are in dire need of this expertise which you bring to the table," Collins said.

She described cyber security as the "leading topic in boardrooms today", and explained how the growing threat of internal and external cyber attacks has increased operational risk within financial institutions, placing new demands on managers' time and attention.

"Op risk managers have moved from managing and monitoring ongoing IT risk to being able to serve as strategic advisers in considering and evaluating options and plans for firms to take in the area of cyber security," said Collins.

She also emphasised the importance of linking operational risk reports to specific strategic initiatives in order to make them relevant to senior management and board-level executives. This would help op risk managers get their voices heard in board meetings, she noted.

Collins made a distinction between members of the strategy team at banks and op risk professionals, saying the former lacked the ability to summarise op risk information in a clear and concise way for consumption by senior management and board members.

"You will have strategy teams that think internal controls can be summarised in certain bullet points," she said. "We all know that unless you really understand the core backbone of the internal controls and understand what their vulnerabilities and weaknesses are, you are not going to be able to communicate effectively to the board."

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Investment banks: the future of risk control

This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

Op risk outlook 2022: the legal perspective

Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…

Emerging trends in op risk

Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…

Moving targets: the new rules of conduct risk

How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…

Building resilience into ESG risk management

Risk and resilience continue to play an important role in the navigation of an increasingly uncertain world. Fusion Risk Management explores why it is equally crucial for technology to support organisations in addressing pertinent environmental, social…

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here