News, Events and Interesting Reading

Interesting Reading

To download this article please enter your details below.

 Tweeting corporate governance with respect - what’s next for regulators?

 3 July 2019
 RiskBusiness FYI
 Mike Finlay, RiskBusiness
 Tweeting corporate governance with respect.pdf
In the past 12 months controversy has surrounded Elon Musk, Tesla’s chief executive, and his market-moving tweets. It has led to enforcement action by Wall Street regulators in an attempt to tame Musk’s recklessness and protect shareholders. But are they right to interfere and what does this mean for the future?

Good corporate governance can strengthen business performance and underpin the integrity and efficiency of financial markets. Its principles aim to protect the rights of stakeholders and shareholders, all whilst striving for ethicality, fairness and competitiveness in a business environment.

Regulation of corporate governance aims to enforce these values to control risk, improve the economy and keep corporations honest and transparent. But, considering the recent fallout from Elon Musk’s social media use, how far can these rules and regulations go?

 Is there anything right about the three lines of defence model?

 13th May 2019
 RiskBusiness FYI
 Mike Finlay, RiskBusiness
 Is there anything right about the three lines of defence model.pdf
If there is one thing to be said about any kind of standard, it must be that they have the ability to unite multitudes in opposition, even if for very different reasons. And so it is with the much vaunted three line of defence model which, it would appear, everyone includes in their risk management frameworks, but very few actually do anything with. So what is this model? Many call it a risk management model, perhaps more call it an operational risk (or maybe non-financial risk or maybe operational risk and compliance) model, one which holds front-line, usually revenue generating entities as the first line of defence against risk – they own the risk and therefore should manage that risk, with a second line of defence comprising of oversight units such as operational risk and compliance (occasionally credit risk and market risk if applied on an enterprise risk basis) and the third line of defence representing independent assurance provided by the internal audit function.

 Operational risk managers need to grow up and think big

 11 April 2019
 Adaption from The Risk Universe, Issue 66
 Mike Finlay
 Wanted_ Enthusiastic Operational Risk self-starter.pdf
Operational risk (OR) might be 20 years old, but it’s showing little sign of maturity. The emergence of new OR risk specialist functions has resulted in confusion, duplication and discordance. Whilst in parallel, increasing automation, digitisation and product innovation mean greater operational risk, but less relevance of the general OR practitioner.

So, what skills and behaviours do today’s OR managers need to add real business value and safeguard their position?

The remit of OR can and does span every element of the business. Across all of these elements OR professionals aim to identify the operational risks, then quantify and manage them. Risk assessments and incident reports are undertaken and complicated OR classification language used, all in an attempt to collect and monitor key risk information.

In an ever-changing business landscape, it’s hard enough for executive management to comprehend what constitutes an operational risk. New disruptions and risk sources are appearing frequently, and often unpredictably. Combine this with OR’s time-consuming tick box exercises, confusing data intelligence and reactive management techniques and it’s no surprise that new specialist risk functions are springing up. All offering faster and better results.

Wanted: Dynamic Operational Risk self-starter who can …
Collaborate and Communicate
Operational risk has become a meeting place for a variety of risk areas; from fraud and processing, through to human resources and reputational damage. As a result, quasi-operational risk functions have emerged, lines of responsibility have blurred, and confusion reigns. As a case in point, I recently came across a global banking giant that has an “operations risk” function that sits alongside its “operational risk” function.

Perplexed? You’re not alone...

Another consequence of having disparate specialist teams is that companies don’t have a comprehensive view of operational risk. But there’s also an opportunity here; one for the OR professional to play a pivotal role. Leading cross-functional collaboration, developing a coordinated workflow and defining clear roles and responsibility for organisational risk across the organisation.

By coordinating risk efforts OR managers can ensure messages to the market and business are clear, accurate and consistent. They can take ownership of the elements that the specialist functions cannot, or do not want to, undertake. And not least, by knowing the business inside and out, they can talk to the business’ management on an equal footing.

Develop a common language
The existence of several risk functions can also result in an organisation’s risk dialect being so diverse that it prevents an effective understanding of risk.

Rapid response to new risk-related events requires the same risk language to be spoken throughout the organisation. This means shared definitions, a company-wide understanding of how risk issues relate to organisational goals, and a culture of risk awareness and accountability.

As well as coordinating functions, today’s OR managers need to ensure a common risk methodology, taxonomy and toolset exist across the organisation. This will simplify reporting and avoid the confusion and misinterpretation that comes from using subtly different definitions. In essence, the OR manager needs to develop a risk language (and foster a risk culture) that everyone in the organisation adopts and understands.

Make information accessible, engaging and useful
It’s often been said that OR intelligence is backwards-looking, not dynamic and inconsistent. The information provided can wade too deeply into the technicalities; with excessive description of risk assessment processes. And the way data is presented can make it hard to have a comparable view of risk across the organisation. Too much information can put the recipients into ‘information overload’.

The effective OR manager will recognise the value in presenting data in a more accessible way. One that holds greater appeal to a wider business audience. They need to develop and support a common approach to the strategic and dynamic analysis of risk.

To be truly useful the OR professional needs to reduce detection and reaction time; where possible use automation to improve efficiency and deliver sound operational analytics to provide meaningful and comparable data.

Embrace and harness technology
As advances in technology continue to emerge, OR practitioners need to keep pace with the transformational changes that are taking place within business. Driving stronger partnerships between OR and IT functions they can better understand how the organisation is implementing and adapting to new technologies and manage the risks posed.

Technology can transform OR risk management. And the power of Big Data can be harnessed for forward-looking analytics and predictive planning. OR can use technology to become as dynamic, targeted and responsive as possible, improve efficiencies with automation and minimise duplication of efforts. It’s also essential that data is not collected and used in a siloed approach but that the OR professional uses technology to tie it all together - to analyse and assess the links between and across different risk areas.

Guide and influence
The very nature of operational risk is closely linked to processes, systems and people. This can provide holistic experience and knowledge of how the firm works, and the reasons behind why it operates as it does now. And this experience and knowledge is an extremely valuable asset for organisations.

Not enough is being done to tackle the risk management challenges that lie ahead. But if OR management can go beyond box-ticking regulatory activities, its function in the future is likely to be far more influential and critical to driving business and product development. In short, action is needed now by OR professionals to reinvent the OR function for when firms need it most.

The OR practitioner’s future depends on having a wider skill set that is beyond being a technical expert. They need to be able to exert influence. They need to embed a thriving risk culture. And they need to provide businesses with an understanding of how to improve efficiencies, take decisions and manage risk. Now is the time for the OR professional to think big, be bold, and proactively carve out an exciting new role; for themselves and the discipline as a whole.

 Operational Risk Function Survey 2018 Results

 1st April 2019
 Social Media
 RiskBusiness, UK Finance, Institute of Operational Risk
 Download file
During late 2018, RiskBusiness, UK Finance and the Institute of Operational Risk collaborated in undertaking research into staffing, skills requirements, workforce remuneration and future demands on the operational risk function within financial services firms. The findings are now published for general reference by the industry.

 As operational risk management comes of age; does it have a future?

 15 March 2019
 Mike Finlay
As operational risk management comes of age, does it have a future? The proliferation of risk-related roles in financial institutions since the crisis, perhaps counterproductively, has created a series of over-lapping, contradictive disciplines, some of which arguably swallow up the functions that were commonly filed under operational risk. The definition of operational risk itself hasn’t helped things, argues Finlay. After credit, market and liquidity, operational risk is often unhelpfully labelled as “everything else.” Can practitioners continue to manage in this way? And isn’t “everything else” on the risk agenda usually something to do with cyber these days? Perhaps, then, it is the end of operational risk – at least as we know it. Or perhaps, the beginning of a better, more ‘grown-up’ approach to risk management.


 Vancouver man charged with New Westminster bank robbery

A 46-year-old Vancouver man has been arrested and charged in connection with a New Westminster bank robbery. The TD Bank in Columbia Square Plaza was robbed by a lone man on Aug. 3 at 9:15 a.m.

Please log in for more details.

 Former Sydney financial adviser appears on fraud charges

On 20 August 2019, Mr Keith James Flowers (previously known as Nigel Keith Flowers), of Bathurst, NSW, appeared in the Downing Centre Local Court, Sydney, charged with six counts of using his position dishonestly contrary to section 184(2) of the Corporations Act 2001; and one count of dishonestly obtaining a financial advantage by deception contrary to section 192E Crimes Act (NSW).

Please log in for more details.

 SEC obtains final judgment against CEO in penny stock fraud scheme

On August 12, 2019, the Securities and Exchange Commission obtained a final judgment against the former CEO of a penny stock company based in the Chicago suburbs, ordering the payment of more than $860,000 in monetary remedies. The SEC charged Andrew J. Kandalepas, the former CEO, President, and Chairman of the Board of Wellness Center USA, Inc. (Wellness), with making false and misleading statements in Wellness's SEC filings and press releases and with manipulating the company's stock.

Please log in for more details.


There are no upcoming events. Please check back later.

RiskBusiness News

There is no recent news. Please check back later.