Building operational risk awareness

8/13/2019 Building operational risk awareness

1/6

Building operational risk awarenessAuthor: Abdulaziz H AlKhaldi

Building and embedding operational risk awareness is one of the

most difficult areas of risk management to master. Abdulaziz AlKhaldi

shares his experiences of improving staff awareness of operational

risk management in the Middle East

One of the major challenges in attempting to implement an operational risk

management framework in banks in the Gulf Cooperation Council !GCC" and the

#iddle $ast is raising awareness and instilling an operational risk culture% &enior

management realise the main factors in the success and prosperit' of their business(

and what helps them achie)e their objecti)es( is ha)ing robust knowledge and

awareness of operational risk% But the best wa' to achie)e this is less clear%

#an' banks in the region ha)e entered into contracts with international op risk

specialists such as &A&( Grant *hornton( Algorithmics and &unGard to assist and

support them in creating an operational risk management framework% But these

companies can onl' assist and support banks in the creation and implementation of the

operational risk department( its framework and functions + the' cannot coach and train

emplo'ees to build awareness of operational risk% $)en if the' offer such a ser)ice( it is

onl' done as part of( and for the duration of( the contract period% As a result( banks

should establish a continuous training programme to ensure their entire workforce is

educated about the importance of operational risk%

A report b' published b' #ood',s -n)estors &er)ice in &eptember ./0/( GCC -slamic

in)estment banks: #idcrisis collapse to force impro)ed risk management( deduced that

the primar' cause of the outbreak of the global financial crisis was weak risk

management and man' -slamic firms did not take the ad)ice of the risk management

department% Basel -- defines the beha)iour and actions of people in an organisation as

one of the main sources of operational risk% *herefore( educating and moti)ating the

workforce is crucial for implementing a risk strateg'( while moti)ating emplo'ees andensuring job satisfaction can help staff identif' with the corporate objecti)es% Although

sanctions are an important instrument for correcti)e inter)entions( the' should onl' be

one of se)eral tools used to achie)e desired beha)iour in a wellbalanced( pre)enti)e

s'stem of incenti)es% 1e)eloping appropriate risk management awareness is central to

this process%


2/6

The implementation of Basel represents a big cultural change for a

bank. !taffs are re"uired to identif# potential operational risk events

in their business units

Building op risk awareness*he board of directors should be aware of the major aspects of the bank,s operational

risk profile and )iew it as a distinct risk categor' that needs to be managed% -t should

also ensure the bank,s op risk management framework is subject to effecti)e and

comprehensi)e internal audit b' operationall' independent( appropriatel' trained and

competent staff% As the Basel Committee,s Sound practices for the management and

supervision of operational risk.//2 paper suggests( senior management should then

be responsible for implementing the operational risk management framework appro)ed

b' the board of directors% !*his paper has recentl' been updated( see %"

Building effecti)e awareness is an integral part of the operational risk management

framework and is a highle)el priorit' for operational risk managers% -t is a continuous

process% Operational risk affects e)er' member of staff of the bank and as such the'

are obliged to manage the operational risks in their area% -t is essential for banks to

ensure op risk management is embedded and to demonstrate the bank has fulfilled its

obligations under Basel --% Operational risk management offers business benefits for the

whole bank( but the' cannot be achie)ed unless all staff are aware of the benefits as

well as their responsibilities to tr' to realise them%

*he implementation of Basel -- represents a big cultural change for a bank% &taff are

re3uired to identif' potential operational risk e)ents in their business units% *his e4ercise

re3uires the support of an e4tensi)e awareness programme( which includes la'ers of

guidance to help e4plain the implications of implementing an operational risk framework%

*he objecti)es of an awareness strateg' are:

*o support the cultural change necessar' for the successful implementation of

the operational risk management !O5#" framework%

*o ensure staff know what to do to manage their operational risk efficientl' and

effecti)el'%

*o le)erage the e4pert resources pro)ided b' the O5#%

*o ensure the appropriate le)el of operational risk management knowledge is

a)ailable to business units so 3ueries can be dealt with as soon as possible%

*o pro)ide the practical skills and competencies needed to support the

operational risk framework%


3/6

*o transfer comple4 technical knowledge between departments and foster

interaction between the different areas of the bank to build better risk awareness%

*o ensure staff are aware of the bank,s obligations under Basel -- and take

appropriate measures to meet those obligations%

*he first step in the process towards embedding operational risk management within the

organisation is to raise awareness% Often a major internal loss suffered b' a bank

pro)ides a good impetus for this but e)er' bank should seek to better understand its

own risk profile before this occurs( and be able to acti)el' manage operational risks on

the basis of structured information and take pre)enti)e measures%

The top$down approach

&enior management are ultimatel' responsible for all the risks of the bank( and

designing and implementing risk strateg'% *his is one of the most important

prere3uisites for establishing an effecti)e operational risk management s'stem%

*he support of the top management should be gi)en right from the start% $ither senior

management should take the initiati)e to launch an operational risk management project

or( if it is initiated b' somebod' else( such as the risk control unit( the' should show

support that goes be'ond mere acceptance of the project and also back the ongoing

operation% &enior management should allocate appropriate budget funds and human

resources to operational risk management% *he e4ample set b' the management( or the

tone at the top( has a considerable influence on the risk management and control

en)ironment% A positi)e attitude from the top e4ecuti)es towards risk management( as

well as specificall' operational risk management( is a prere3uisite for establishing an

open risk culture characterised b' mutual trust%

6or e4ample( when the bank implements a risk and control selfassessment !5C&A"

process within the bank,s departments( management needs to be aware that this is not

onl' about risk and control identification( it is also about )alidation and re)iew% *he

banks should therefore create a )alidation re)iew unit within the operational risk

department( which can facilitate the 5C&A process and support the department in

raising op risk awareness% *he unit will be responsible for making sure all theemplo'ees understand and are aware of their 5C&A obligations( ensuring this is done

in a proper wa' and that the testing of e4isting controls is correct and understandable%

*he unit must also make sure all emplo'ees and management understand their risks

and keep a twowa' communication between the operational risk management

department and the other business units in the bank%


4/6

*he chief risk officer !C5O" is responsible for implementing the risk polic' adopted b'

the board of directors and( as 7sponsor, of the project( should support its operational risk

management implementation methods% *he C5O is also charged with appro)ing

fundamental decisions%

*he board,s main role is to control the op risk management( but to do so effecti)el' it

needs to be acti)el' informed about the most important aspects of the projects from the

outset% After the implementation phase( riskcontrol units such as risk committees can

be charged with the authorit' to la' down guidelines and methods of risk management%

*he operational risk committee is in charge of discussing highle)el technical issues and

supporting senior management in monitoring and implementing risk polic' and strateg'(

as well as defining wa's to impro)e the 3ualit' of risk management%

8ine management is usuall' responsible for the operati)e implementation of the risk

strateg' and( hence( operati)e risk management% $mplo'ees working in the business

lines who are specificall' in charge of managing operational risks ha)e a ke' role to

pla' due to their knowledge and e4perience( in particular with regard to their function as

coordinators between the business lines and super)ising units( such as risk control%

-nternal auditors might act in an audit( ad)isor' and projectsupport capacit'% Howe)er(

taking responsibilit' for operational risk management( or for the rele)ant guidelines and

procedures( would contradict the function,s independence% -n most cases though( the'

ha)e sound knowledge of operational risk( which should be e4ploited b' op risk

managers%

Op risk managers can also work with the compliance function to help build better

awareness% Compliance,s primar' dut' is to establish a wellfunctioning compliance

organisation to pre)ent insider trading( manage conflicts of interest and complaints( and

monitor the transactions made b' emplo'ees for their own holdings !staff transactions"%

*he works council is also an effecti)e channel for ensuring op risk awareness is

embedded% Although it is often necessar' to obtain its consent to measures relating to

staff( it makes sense to inform and consult the works council at an earl' stage% -n)ol)ing

the emplo'ees through their statutor' representati)e bod' is an important element of a

corporate culture promoting effecti)e risk management and an efficient internal control

s'stem%

Awareness channels


5/6

Banks can use a wide )ariet' of channels within the organisation to build awareness of

the benefits of good op risk management%

Bank intranet %portal&e$learning'

A bank should work to de)elop an informati)e link in all of its business lines% *heinformation contained on the operational risk management pages should ha)e multiple

access points% Op risk managers can use the firm,s intranet e4tensi)el' for electronic

learning( as almost all the staff ha)e access to it( as well as sharing internal magazines(

educational articles and papers among emplo'ees%

nduction and awareness programmes

Apart from introducing new staff to the importance of operational risk management(

e4isting staff also need to attend regular training programmes on op risk to maintain

knowledge and skills% *he op risk management department should offer a range ofpresentations or training courses to meet the needs of different t'pes of staff( which

should include an annual general training course on operational risk management%

Bank magazine

A bank,s internal magazines are essential for raising emplo'ee awareness of

operational risks and their responsibilit' for mitigating the bank,s e4posure% &hort

articles could be prepared on current topics( or to coincide with the latest guidance of

the central bank or the Basel Committee on Banking &uper)ision( as well as including

guidance on efficient management( new techni3ues and selfassessments%

Business op risk co$ordinator&champion

A business operational risk coordinator or champion is the thread between business

unit staff and the operational risk team% *he' are the face of the department within the

business units and are responsible for ensuring regular communication% *hese

indi)iduals can organise biweekl' or monthl' workshops to address operational risk

related issues in their business unit( which will also help increase staff awareness%

Audience

-n addition to regular and ongoing awareness programmes( the operational risk team

should deli)er focused e4ecuti)e briefings and conduct )arious awareness sessions

across all le)els of management( including groups such as the e4ecuti)e management

and operational risk steering committees% At these briefings the op risk team can deli)er

regular updates on O5# plans( ke' decisions and implementation issues% *he' can

gather the support and guidance needed to bring about a successful shift in risk


6/6

management practices to enable them to benchmark against the best standards and

practices%

8astl'( the op risk management team is the essential element of the O5# framework%

5otating team members into all of the important business units of the banks will help the

department to keep abreast with the bank,s practices and allow them to identif'emerging operational risks%

Building operational risk awareness

Documents

Transcript of Building operational risk awareness