Operational Risk Management in Financial Institutions

Day One:

Analytic Overview

The aim of this section is to understand the nature of operational risk, identify typical occurrences of operational risk within a bank’s business model, and to consider external perspectives on the importance of operational risk management in rating and banking supervision.

Importance of operational risk as part of the firm’s risk inventory

Current industry drivers of increasing operational risk in financial institutions; complexity, innovation, technology, transaction velocity and litigation

Motivations to manage operational risk: Financial loss, legal and regulatory requirements, reputational risks, capital management and planning

Management perspectives/requirements; understanding the risk, information systems, quantification, mitigation and hedging decisions, cultural and behavioral aspects

Identifying categories of operational risk in financial institutions

External perspectives on operational risks:

Incorporation of operational risk criteria in rating agency methodologies

Regulatory and industry perspectives on the importance of operational risk control

Operational Risk: Dimes and Disasters!

The big operational risk loses are the ones that make the news, but is that the whole picture? This section explores the wider impact of operational risk within financial institutions:

High Frequency – Low Impact

Low Frequency – High Impact

Who’s at risk and at risk of what?

Operational risk by institutional type

Operational Risk Governance

The objective of risk management is to add maximum sustainable value to the activities of an organization. Therefore, it needs to be a continuous and developing process that operates in conjunction with the development and implementation of the organization’s strategy, and whose aim is to increase the probability of achieving the overall objectives of the organization and reduce the probability of failure.

To achieve this, operational risk management must be integrated into the organization and led by the most senior management. This section of the course will therefore look at the key role of the board in setting an organization’s operational risk policy and the key characteristics of how it is implemented.

Risk management process – operational risk as an integral part of the enterprise risk management framework

Roles and responsibilities of the board, senior management and support functions

Defining risk appetite for operational risk. What is it and how can it be expressed?

Evaluating corporate governance standards

Three lines of defence – an explanation of the traditional three lines of defence and the allocation of risk responsibilities

Operational risk framework – how the components of operational risk management fit within strategy and risk policy

Operational risk cycle – the components of the risk cycle: Identification; assessment and measurement; mitigation and management; monitoring and reporting

The role of culture in the organization-wide management of operational risk:

Why culture forms such an important aspect of operational risk management

Characteristics of poor vs. effective operational risk cultures

Fostering an effective risk management culture

Day Two:

Management of Operational Risk

The objective of this section is to consider the Operational Risk Management framework. The core elements of the framework are covered as well as who is responsible for what within the framework.

Operational risk policy – the key components of an organization’s operational risk policy

Risk Control and Self-Assessment (RCSA) techniques – advantages and disadvantages

Cultural aspects to the RCSA

Defining frequency and impact scales

Assessment: The methods and problems of assessing operational risks

Mitigation of risk impact and likelihood of occurrence: The methods of mitigating operational risks

Understanding controls and how risk is modified

Preventive

Internal Detective

External Detective

Mitigation of risk impact and likelihood of occurrence: The methods of mitigating operational risks

Understanding controls and how risk is modified

Preventive

Internal Detective

External Detective

Monitoring

The methods of monitoring operational risks

Operational risk incident recording:

Objectives of risk incident recording

Internal data collection, parsing and emerging risks identification

The importance of ‘Lessons Learned’ processes

Impact of new products, processes, business lines and locations

Improving the organization’s operational risk process:

Strategies to align operational risk to risk appetite: The classic risk matrix

Measuring progress and improvement

Key Risk Indicator (KRI)

Key Risk Indicators are a key tool of Operational Risk management. This section aims to identify what makes a good KRI and how they can be used more effectively.

Types of KRI and relationship to risk levels

Characteristics of and identifying useful KRI’s

The Cause, Consequence and Impact of Operational Risk

In this section using a simply Root-Cause-Analysis the causes of operational risk are investigated to identify:

The cause (Event)

Physical / Human / Organisation Causes

The consequence (Cause)

The brain mechanisms that can hold us back!

Taleb: Causes of Black Swans

Basel III Operational Risk

With the soon to be introduction of the new Basel III Capital Requirements financial institutions globally are going to be impacted. This impact extends to how institutions will need to view, record and apply operational risk metrics. This section provides a high-level overview of the changes and why they will impact everyone.

Fundamental nature of bank regulatory capital requirements

The historic challenges of calculating unexpected versus expected loss for operational risk

Basel II proposed changes

The standardised Measure Approach