'Seen it, done it but want a more simple, efficient approach with a more visible demonstration of value-add from Oprisk managers'. Heard this before. I keep hearing this again and again through my discussions with Heads of Operational Risk, Control Functions and most importantly senior management. The fetish with models is now being replaced by a more pragmatic and balanced perspective on ensuring risks are being identified correctly, assessed and then managed with optimal resources. A view also being quietly echoed in the higher regulatory circles where a fresh look is being taken at Operational risk practices, methodologies and capital.
Clarity on 'The Three Lines of Defense' for Operational risk is one key area of focus...not just for Banks coming up the maturity curve but for internationally active Banks as well. Is there a way to make this model more effective but also cost efficient is what is often a key driver for discussion & subsequent change. Of course all with the understanding of the regulatory expectation which cannot be ignored.
Tools, data collection and their usage in the end-to-end process is another key area of focus. 'Risk & Control Self Assessments (RCSAs), Key Indicators don't work'.... is a very common and 'real' crib from the Business. And rightly so. The reality however is more basic.....and goes to the core of the Business itself...the process. Lack of confidence in process design and understanding of the same across first and second lines makes senior management nervous resulting in questions like ....'how do we know that these are the right risks?' Not the easiest of conversations to have when you tell the Business that we need to get the processes reviewed first, if we really want to get it right...that then hurts the bottom line.
In the midst of all this, the focus on controls continues unabated with debates on positioning of Internal Control functions where required or deemed necessary.
The back to fundamentals or the basic building blocks focus is now high on the agenda of most Banks. Scandals, frauds, focus on conduct now demand increased integration of values into the way risk is taken and managed. The challenge for Banks and regulators is trying to get this applied across all constituents in the process.....which is exactly what did not happen and therefore led to the reference rate manipulations across the board. Yes, accountability should not just stop with the banks. Every constituent in the end-to-end process must be held accountable.
Change is messy, uncomfortable and necessary. There is however a big difference between politically declaring change to be a success just before the performance assessment period versus declaring change to be a success demonstrably through the results and delivery of desired outcomes.
Addressing simplicity, efficiency with a more value-added contribution from first and second line in the area of Operational risk management will be a welcome result for all. This is how Operational risk managers need to be wired up now to taste and deliver 'success'.
Write to us at 'ask-orp@theopriskpractice.com' if you have some questions or need help.
Clarity on 'The Three Lines of Defense' for Operational risk is one key area of focus...not just for Banks coming up the maturity curve but for internationally active Banks as well. Is there a way to make this model more effective but also cost efficient is what is often a key driver for discussion & subsequent change. Of course all with the understanding of the regulatory expectation which cannot be ignored.
Tools, data collection and their usage in the end-to-end process is another key area of focus. 'Risk & Control Self Assessments (RCSAs), Key Indicators don't work'.... is a very common and 'real' crib from the Business. And rightly so. The reality however is more basic.....and goes to the core of the Business itself...the process. Lack of confidence in process design and understanding of the same across first and second lines makes senior management nervous resulting in questions like ....'how do we know that these are the right risks?' Not the easiest of conversations to have when you tell the Business that we need to get the processes reviewed first, if we really want to get it right...that then hurts the bottom line.
In the midst of all this, the focus on controls continues unabated with debates on positioning of Internal Control functions where required or deemed necessary.
The back to fundamentals or the basic building blocks focus is now high on the agenda of most Banks. Scandals, frauds, focus on conduct now demand increased integration of values into the way risk is taken and managed. The challenge for Banks and regulators is trying to get this applied across all constituents in the process.....which is exactly what did not happen and therefore led to the reference rate manipulations across the board. Yes, accountability should not just stop with the banks. Every constituent in the end-to-end process must be held accountable.
Change is messy, uncomfortable and necessary. There is however a big difference between politically declaring change to be a success just before the performance assessment period versus declaring change to be a success demonstrably through the results and delivery of desired outcomes.
Addressing simplicity, efficiency with a more value-added contribution from first and second line in the area of Operational risk management will be a welcome result for all. This is how Operational risk managers need to be wired up now to taste and deliver 'success'.
Write to us at 'ask-orp@theopriskpractice.com' if you have some questions or need help.
