Operational Risk Training Managing Operational Risk & AMA Toronto Nov 3, 2011
Building operational risk awareness
Transcript of Building operational risk awareness
-
8/13/2019 Building operational risk awareness
1/6
Building operational risk awarenessAuthor: Abdulaziz H AlKhaldi
Building and embedding operational risk awareness is one of the
most difficult areas of risk management to master. Abdulaziz AlKhaldi
shares his experiences of improving staff awareness of operational
risk management in the Middle East
One of the major challenges in attempting to implement an operational risk
management framework in banks in the Gulf Cooperation Council !GCC" and the
#iddle $ast is raising awareness and instilling an operational risk culture% &enior
management realise the main factors in the success and prosperit' of their business(
and what helps them achie)e their objecti)es( is ha)ing robust knowledge and
awareness of operational risk% But the best wa' to achie)e this is less clear%
#an' banks in the region ha)e entered into contracts with international op risk
specialists such as &A&( Grant *hornton( Algorithmics and &unGard to assist and
support them in creating an operational risk management framework% But these
companies can onl' assist and support banks in the creation and implementation of the
operational risk department( its framework and functions + the' cannot coach and train
emplo'ees to build awareness of operational risk% $)en if the' offer such a ser)ice( it is
onl' done as part of( and for the duration of( the contract period% As a result( banks
should establish a continuous training programme to ensure their entire workforce is
educated about the importance of operational risk%
A report b' published b' #ood',s -n)estors &er)ice in &eptember ./0/( GCC -slamic
in)estment banks: #idcrisis collapse to force impro)ed risk management( deduced that
the primar' cause of the outbreak of the global financial crisis was weak risk
management and man' -slamic firms did not take the ad)ice of the risk management
department% Basel -- defines the beha)iour and actions of people in an organisation as
one of the main sources of operational risk% *herefore( educating and moti)ating the
workforce is crucial for implementing a risk strateg'( while moti)ating emplo'ees andensuring job satisfaction can help staff identif' with the corporate objecti)es% Although
sanctions are an important instrument for correcti)e inter)entions( the' should onl' be
one of se)eral tools used to achie)e desired beha)iour in a wellbalanced( pre)enti)e
s'stem of incenti)es% 1e)eloping appropriate risk management awareness is central to
this process%
-
8/13/2019 Building operational risk awareness
2/6
The implementation of Basel represents a big cultural change for a
bank. !taffs are re"uired to identif# potential operational risk events
in their business units
Building op risk awareness*he board of directors should be aware of the major aspects of the bank,s operational
risk profile and )iew it as a distinct risk categor' that needs to be managed% -t should
also ensure the bank,s op risk management framework is subject to effecti)e and
comprehensi)e internal audit b' operationall' independent( appropriatel' trained and
competent staff% As the Basel Committee,s Sound practices for the management and
supervision of operational risk.//2 paper suggests( senior management should then
be responsible for implementing the operational risk management framework appro)ed
b' the board of directors% !*his paper has recentl' been updated( see %"
Building effecti)e awareness is an integral part of the operational risk management
framework and is a highle)el priorit' for operational risk managers% -t is a continuous
process% Operational risk affects e)er' member of staff of the bank and as such the'
are obliged to manage the operational risks in their area% -t is essential for banks to
ensure op risk management is embedded and to demonstrate the bank has fulfilled its
obligations under Basel --% Operational risk management offers business benefits for the
whole bank( but the' cannot be achie)ed unless all staff are aware of the benefits as
well as their responsibilities to tr' to realise them%
*he implementation of Basel -- represents a big cultural change for a bank% &taff are
re3uired to identif' potential operational risk e)ents in their business units% *his e4ercise
re3uires the support of an e4tensi)e awareness programme( which includes la'ers of
guidance to help e4plain the implications of implementing an operational risk framework%
*he objecti)es of an awareness strateg' are:
*o support the cultural change necessar' for the successful implementation of
the operational risk management !O5#" framework%
*o ensure staff know what to do to manage their operational risk efficientl' and
effecti)el'%
*o le)erage the e4pert resources pro)ided b' the O5#%
*o ensure the appropriate le)el of operational risk management knowledge is
a)ailable to business units so 3ueries can be dealt with as soon as possible%
*o pro)ide the practical skills and competencies needed to support the
operational risk framework%
-
8/13/2019 Building operational risk awareness
3/6
*o transfer comple4 technical knowledge between departments and foster
interaction between the different areas of the bank to build better risk awareness%
*o ensure staff are aware of the bank,s obligations under Basel -- and take
appropriate measures to meet those obligations%
*he first step in the process towards embedding operational risk management within the
organisation is to raise awareness% Often a major internal loss suffered b' a bank
pro)ides a good impetus for this but e)er' bank should seek to better understand its
own risk profile before this occurs( and be able to acti)el' manage operational risks on
the basis of structured information and take pre)enti)e measures%
The top$down approach
&enior management are ultimatel' responsible for all the risks of the bank( and
designing and implementing risk strateg'% *his is one of the most important
prere3uisites for establishing an effecti)e operational risk management s'stem%
*he support of the top management should be gi)en right from the start% $ither senior
management should take the initiati)e to launch an operational risk management project
or( if it is initiated b' somebod' else( such as the risk control unit( the' should show
support that goes be'ond mere acceptance of the project and also back the ongoing
operation% &enior management should allocate appropriate budget funds and human
resources to operational risk management% *he e4ample set b' the management( or the
tone at the top( has a considerable influence on the risk management and control
en)ironment% A positi)e attitude from the top e4ecuti)es towards risk management( as
well as specificall' operational risk management( is a prere3uisite for establishing an
open risk culture characterised b' mutual trust%
6or e4ample( when the bank implements a risk and control selfassessment !5C&A"
process within the bank,s departments( management needs to be aware that this is not
onl' about risk and control identification( it is also about )alidation and re)iew% *he
banks should therefore create a )alidation re)iew unit within the operational risk
department( which can facilitate the 5C&A process and support the department in
raising op risk awareness% *he unit will be responsible for making sure all theemplo'ees understand and are aware of their 5C&A obligations( ensuring this is done
in a proper wa' and that the testing of e4isting controls is correct and understandable%
*he unit must also make sure all emplo'ees and management understand their risks
and keep a twowa' communication between the operational risk management
department and the other business units in the bank%
-
8/13/2019 Building operational risk awareness
4/6
*he chief risk officer !C5O" is responsible for implementing the risk polic' adopted b'
the board of directors and( as 7sponsor, of the project( should support its operational risk
management implementation methods% *he C5O is also charged with appro)ing
fundamental decisions%
*he board,s main role is to control the op risk management( but to do so effecti)el' it
needs to be acti)el' informed about the most important aspects of the projects from the
outset% After the implementation phase( riskcontrol units such as risk committees can
be charged with the authorit' to la' down guidelines and methods of risk management%
*he operational risk committee is in charge of discussing highle)el technical issues and
supporting senior management in monitoring and implementing risk polic' and strateg'(
as well as defining wa's to impro)e the 3ualit' of risk management%
8ine management is usuall' responsible for the operati)e implementation of the risk
strateg' and( hence( operati)e risk management% $mplo'ees working in the business
lines who are specificall' in charge of managing operational risks ha)e a ke' role to
pla' due to their knowledge and e4perience( in particular with regard to their function as
coordinators between the business lines and super)ising units( such as risk control%
-nternal auditors might act in an audit( ad)isor' and projectsupport capacit'% Howe)er(
taking responsibilit' for operational risk management( or for the rele)ant guidelines and
procedures( would contradict the function,s independence% -n most cases though( the'
ha)e sound knowledge of operational risk( which should be e4ploited b' op risk
managers%
Op risk managers can also work with the compliance function to help build better
awareness% Compliance,s primar' dut' is to establish a wellfunctioning compliance
organisation to pre)ent insider trading( manage conflicts of interest and complaints( and
monitor the transactions made b' emplo'ees for their own holdings !staff transactions"%
*he works council is also an effecti)e channel for ensuring op risk awareness is
embedded% Although it is often necessar' to obtain its consent to measures relating to
staff( it makes sense to inform and consult the works council at an earl' stage% -n)ol)ing
the emplo'ees through their statutor' representati)e bod' is an important element of a
corporate culture promoting effecti)e risk management and an efficient internal control
s'stem%
Awareness channels
-
8/13/2019 Building operational risk awareness
5/6
Banks can use a wide )ariet' of channels within the organisation to build awareness of
the benefits of good op risk management%
Bank intranet %portal&e$learning'
A bank should work to de)elop an informati)e link in all of its business lines% *heinformation contained on the operational risk management pages should ha)e multiple
access points% Op risk managers can use the firm,s intranet e4tensi)el' for electronic
learning( as almost all the staff ha)e access to it( as well as sharing internal magazines(
educational articles and papers among emplo'ees%
nduction and awareness programmes
Apart from introducing new staff to the importance of operational risk management(
e4isting staff also need to attend regular training programmes on op risk to maintain
knowledge and skills% *he op risk management department should offer a range ofpresentations or training courses to meet the needs of different t'pes of staff( which
should include an annual general training course on operational risk management%
Bank magazine
A bank,s internal magazines are essential for raising emplo'ee awareness of
operational risks and their responsibilit' for mitigating the bank,s e4posure% &hort
articles could be prepared on current topics( or to coincide with the latest guidance of
the central bank or the Basel Committee on Banking &uper)ision( as well as including
guidance on efficient management( new techni3ues and selfassessments%
Business op risk co$ordinator&champion
A business operational risk coordinator or champion is the thread between business
unit staff and the operational risk team% *he' are the face of the department within the
business units and are responsible for ensuring regular communication% *hese
indi)iduals can organise biweekl' or monthl' workshops to address operational risk
related issues in their business unit( which will also help increase staff awareness%
Audience
-n addition to regular and ongoing awareness programmes( the operational risk team
should deli)er focused e4ecuti)e briefings and conduct )arious awareness sessions
across all le)els of management( including groups such as the e4ecuti)e management
and operational risk steering committees% At these briefings the op risk team can deli)er
regular updates on O5# plans( ke' decisions and implementation issues% *he' can
gather the support and guidance needed to bring about a successful shift in risk
-
8/13/2019 Building operational risk awareness
6/6
management practices to enable them to benchmark against the best standards and
practices%
8astl'( the op risk management team is the essential element of the O5# framework%
5otating team members into all of the important business units of the banks will help the
department to keep abreast with the bank,s practices and allow them to identif'emerging operational risks%