News, Events and Interesting Reading

Interesting Reading

To download this article please enter your details below.

 Operational risk managers need to grow up and think big

 11 April 2019
 Adaption from The Risk Universe, Issue 66
 Mike Finlay
 Wanted_ Enthusiastic Operational Risk self-starter.pdf
Operational risk (OR) might be 20 years old, but it’s showing little sign of maturity. The emergence of new OR risk specialist functions has resulted in confusion, duplication and discordance. Whilst in parallel, increasing automation, digitisation and product innovation mean greater operational risk, but less relevance of the general OR practitioner.

So, what skills and behaviours do today’s OR managers need to add real business value and safeguard their position?

The remit of OR can and does span every element of the business. Across all of these elements OR professionals aim to identify the operational risks, then quantify and manage them. Risk assessments and incident reports are undertaken and complicated OR classification language used, all in an attempt to collect and monitor key risk information.

In an ever-changing business landscape, it’s hard enough for executive management to comprehend what constitutes an operational risk. New disruptions and risk sources are appearing frequently, and often unpredictably. Combine this with OR’s time-consuming tick box exercises, confusing data intelligence and reactive management techniques and it’s no surprise that new specialist risk functions are springing up. All offering faster and better results.

Wanted: Dynamic Operational Risk self-starter who can …
Collaborate and Communicate
Operational risk has become a meeting place for a variety of risk areas; from fraud and processing, through to human resources and reputational damage. As a result, quasi-operational risk functions have emerged, lines of responsibility have blurred, and confusion reigns. As a case in point, I recently came across a global banking giant that has an “operations risk” function that sits alongside its “operational risk” function.

Perplexed? You’re not alone...

Another consequence of having disparate specialist teams is that companies don’t have a comprehensive view of operational risk. But there’s also an opportunity here; one for the OR professional to play a pivotal role. Leading cross-functional collaboration, developing a coordinated workflow and defining clear roles and responsibility for organisational risk across the organisation.

By coordinating risk efforts OR managers can ensure messages to the market and business are clear, accurate and consistent. They can take ownership of the elements that the specialist functions cannot, or do not want to, undertake. And not least, by knowing the business inside and out, they can talk to the business’ management on an equal footing.

Develop a common language
The existence of several risk functions can also result in an organisation’s risk dialect being so diverse that it prevents an effective understanding of risk.

Rapid response to new risk-related events requires the same risk language to be spoken throughout the organisation. This means shared definitions, a company-wide understanding of how risk issues relate to organisational goals, and a culture of risk awareness and accountability.

As well as coordinating functions, today’s OR managers need to ensure a common risk methodology, taxonomy and toolset exist across the organisation. This will simplify reporting and avoid the confusion and misinterpretation that comes from using subtly different definitions. In essence, the OR manager needs to develop a risk language (and foster a risk culture) that everyone in the organisation adopts and understands.

Make information accessible, engaging and useful
It’s often been said that OR intelligence is backwards-looking, not dynamic and inconsistent. The information provided can wade too deeply into the technicalities; with excessive description of risk assessment processes. And the way data is presented can make it hard to have a comparable view of risk across the organisation. Too much information can put the recipients into ‘information overload’.

The effective OR manager will recognise the value in presenting data in a more accessible way. One that holds greater appeal to a wider business audience. They need to develop and support a common approach to the strategic and dynamic analysis of risk.

To be truly useful the OR professional needs to reduce detection and reaction time; where possible use automation to improve efficiency and deliver sound operational analytics to provide meaningful and comparable data.

Embrace and harness technology
As advances in technology continue to emerge, OR practitioners need to keep pace with the transformational changes that are taking place within business. Driving stronger partnerships between OR and IT functions they can better understand how the organisation is implementing and adapting to new technologies and manage the risks posed.

Technology can transform OR risk management. And the power of Big Data can be harnessed for forward-looking analytics and predictive planning. OR can use technology to become as dynamic, targeted and responsive as possible, improve efficiencies with automation and minimise duplication of efforts. It’s also essential that data is not collected and used in a siloed approach but that the OR professional uses technology to tie it all together - to analyse and assess the links between and across different risk areas.

Guide and influence
The very nature of operational risk is closely linked to processes, systems and people. This can provide holistic experience and knowledge of how the firm works, and the reasons behind why it operates as it does now. And this experience and knowledge is an extremely valuable asset for organisations.

Not enough is being done to tackle the risk management challenges that lie ahead. But if OR management can go beyond box-ticking regulatory activities, its function in the future is likely to be far more influential and critical to driving business and product development. In short, action is needed now by OR professionals to reinvent the OR function for when firms need it most.

The OR practitioner’s future depends on having a wider skill set that is beyond being a technical expert. They need to be able to exert influence. They need to embed a thriving risk culture. And they need to provide businesses with an understanding of how to improve efficiencies, take decisions and manage risk. Now is the time for the OR professional to think big, be bold, and proactively carve out an exciting new role; for themselves and the discipline as a whole.

 Operational Risk Function Survey 2018 Results

 1st April 2019
 Social Media
 RiskBusiness, UK Finance, Institute of Operational Risk
 Download file
During late 2018, RiskBusiness, UK Finance and the Institute of Operational Risk collaborated in undertaking research into staffing, skills requirements, workforce remuneration and future demands on the operational risk function within financial services firms. The findings are now published for general reference by the industry.

 As operational risk management comes of age; does it have a future?

 15 March 2019
 Mike Finlay
As operational risk management comes of age, does it have a future? The proliferation of risk-related roles in financial institutions since the crisis, perhaps counterproductively, has created a series of over-lapping, contradictive disciplines, some of which arguably swallow up the functions that were commonly filed under operational risk. The definition of operational risk itself hasn’t helped things, argues Finlay. After credit, market and liquidity, operational risk is often unhelpfully labelled as “everything else.” Can practitioners continue to manage in this way? And isn’t “everything else” on the risk agenda usually something to do with cyber these days? Perhaps, then, it is the end of operational risk – at least as we know it. Or perhaps, the beginning of a better, more ‘grown-up’ approach to risk management.

 RiskBusiness publishes guidance on three lines of defence

 1 January 2019
 RiskBusiness Position Paper
 RiskBusiness International
While there has been a lot of discussion as to what constitutes a three lines of defence model, there remains across all industries and especially within financial services, little understanding of the ramifications of actually implementing a risk agnostic, organisation-wide three lines of defence model.

Drawing upon its experiences in working with a wide range of firms across the globe, of different size, complexity and management structure, RiskBusiness has established a step-by-step guide to help firms establish a robust, proactive three lines of defence model which can stand the test of time. The resultant approach allows for custom models – there is no one size fits all – which have been tried and tested in corporate entities, banks, insurers, asset managers and other firms.

“Three lines of defence is not about risk management,” states Mike Finlay, chief executive of RiskBusiness International. “You cannot try and apply a model that affects corporate structure, individual accountability and, as a consequence, corporate culture by thinking it is a risk management initiative – even worse if you think it only applies to operational risk and perhaps to the compliance function. Three lines of defence is integral to the DNA of the firm, it starts with the vision, mission and values, flows through corporate governance, corporate strategy and overall business objectives into the everyday functioning and decision making of the entire enterprise. It is all about the core principles we base our business on – and how we measure ourselves against the achievement of those principles and our business objectives.”

Global regulation, particularly in the financial services industry, is increasingly focussing on good governance and how the Board and executive management behave and run the enterprise. To comply with the ever increasing volume of regulation and to achieve the firm’s potential, every enterprise should implement a robust governance structure which embraces the three lines of defence concept, making this guidance an invaluable resource for every firm, irrespective of geography, size or nature.

Note that this is a re-release of a white paper previously published in 2014.


 ANZ loses final court battle with regulator over Ross Asset Management files

ANZ has failed in its bid to stop the Financial Markets Authority (FMA) sharing its Ross Asset Management files with third parties.

Please log in for more details.

 MAS bans 2 former bank employees for fraudulent and dishonest conduct

The Monetary Authority of Singapore (MAS) announced on Wednesday (Apr 10) that it has issued prohibition orders against two former bank employees for fraudulent and dishonest conduct.

Please log in for more details.

 Former Jumio CEO to pay $17m to settle SEC fraud claims

The founder and former CEO of Jumio has agreed to pay more than $17 million to settle SEC charges that he defrauded investors in the mobile payments firm.

Please log in for more details.


 The Airmic Annual Conference 2019

 3 to 5 June 2019
 HCC Harrogate, Yorkshire, UK
RiskBusiness will be participating in the Fujitsu Tech Hub at the Airmic Annual Conference, showcasing our evolving use of artificial intelligence (AI), machine learning and intelligent knowledge bases to assist governance, risk, audit and compliance professionals proactively manage their daily activities. Come and meet GRACie, the first intelligent chatbot (she thinks of herself as a riskbot!) deployed in any GRAC platform.

The Airmic Conference is the only risk management conference where the whole industry comes together to share experiences and influence forward thinking. It has become the most important event in the calendar for the insurance and risk management industry.


 10th and 11th April, 2019
 Hyatt Regency, Cambridge, Massachusetts, USA
 Risk Management Association (RMA)
Come hear RiskBusiness present how AI, machine learning and intelligent knowledge bases can assist governance, risk, audit and compliance professionals transcend reactivity to become proactive in their ongoing activities. Come see the RiskIntelliSet in action and meet GRACie, our intelligent chatbot, who thinks she is actually a riskbot!

The Risk Management Association's 2019 Governance, Compliance, and Operational Risk Conference, GCOR XIII, now in its 13th year, represents the most comprehensive conference for governance, risk, audit and compliance professionals in North America. Having been closely associated with GCOR in its early years, RiskBusiness is proud to return, as a sponsor, an exhibitor and presenting on the use of AI in an integrated manner across governance, risk, audit and compliance.

RiskBusiness News

There is no recent news. Please check back later.