Building operational risk awareness

download Building operational risk awareness

of 6

Transcript of Building operational risk awareness

  • 8/13/2019 Building operational risk awareness

    1/6

    Building operational risk awarenessAuthor: Abdulaziz H AlKhaldi

    Building and embedding operational risk awareness is one of the

    most difficult areas of risk management to master. Abdulaziz AlKhaldi

    shares his experiences of improving staff awareness of operational

    risk management in the Middle East

    One of the major challenges in attempting to implement an operational risk

    management framework in banks in the Gulf Cooperation Council !GCC" and the

    #iddle $ast is raising awareness and instilling an operational risk culture% &enior

    management realise the main factors in the success and prosperit' of their business(

    and what helps them achie)e their objecti)es( is ha)ing robust knowledge and

    awareness of operational risk% But the best wa' to achie)e this is less clear%

    #an' banks in the region ha)e entered into contracts with international op risk

    specialists such as &A&( Grant *hornton( Algorithmics and &unGard to assist and

    support them in creating an operational risk management framework% But these

    companies can onl' assist and support banks in the creation and implementation of the

    operational risk department( its framework and functions + the' cannot coach and train

    emplo'ees to build awareness of operational risk% $)en if the' offer such a ser)ice( it is

    onl' done as part of( and for the duration of( the contract period% As a result( banks

    should establish a continuous training programme to ensure their entire workforce is

    educated about the importance of operational risk%

    A report b' published b' #ood',s -n)estors &er)ice in &eptember ./0/( GCC -slamic

    in)estment banks: #idcrisis collapse to force impro)ed risk management( deduced that

    the primar' cause of the outbreak of the global financial crisis was weak risk

    management and man' -slamic firms did not take the ad)ice of the risk management

    department% Basel -- defines the beha)iour and actions of people in an organisation as

    one of the main sources of operational risk% *herefore( educating and moti)ating the

    workforce is crucial for implementing a risk strateg'( while moti)ating emplo'ees andensuring job satisfaction can help staff identif' with the corporate objecti)es% Although

    sanctions are an important instrument for correcti)e inter)entions( the' should onl' be

    one of se)eral tools used to achie)e desired beha)iour in a wellbalanced( pre)enti)e

    s'stem of incenti)es% 1e)eloping appropriate risk management awareness is central to

    this process%

  • 8/13/2019 Building operational risk awareness

    2/6

    The implementation of Basel represents a big cultural change for a

    bank. !taffs are re"uired to identif# potential operational risk events

    in their business units

    Building op risk awareness*he board of directors should be aware of the major aspects of the bank,s operational

    risk profile and )iew it as a distinct risk categor' that needs to be managed% -t should

    also ensure the bank,s op risk management framework is subject to effecti)e and

    comprehensi)e internal audit b' operationall' independent( appropriatel' trained and

    competent staff% As the Basel Committee,s Sound practices for the management and

    supervision of operational risk.//2 paper suggests( senior management should then

    be responsible for implementing the operational risk management framework appro)ed

    b' the board of directors% !*his paper has recentl' been updated( see %"

    Building effecti)e awareness is an integral part of the operational risk management

    framework and is a highle)el priorit' for operational risk managers% -t is a continuous

    process% Operational risk affects e)er' member of staff of the bank and as such the'

    are obliged to manage the operational risks in their area% -t is essential for banks to

    ensure op risk management is embedded and to demonstrate the bank has fulfilled its

    obligations under Basel --% Operational risk management offers business benefits for the

    whole bank( but the' cannot be achie)ed unless all staff are aware of the benefits as

    well as their responsibilities to tr' to realise them%

    *he implementation of Basel -- represents a big cultural change for a bank% &taff are

    re3uired to identif' potential operational risk e)ents in their business units% *his e4ercise

    re3uires the support of an e4tensi)e awareness programme( which includes la'ers of

    guidance to help e4plain the implications of implementing an operational risk framework%

    *he objecti)es of an awareness strateg' are:

    *o support the cultural change necessar' for the successful implementation of

    the operational risk management !O5#" framework%

    *o ensure staff know what to do to manage their operational risk efficientl' and

    effecti)el'%

    *o le)erage the e4pert resources pro)ided b' the O5#%

    *o ensure the appropriate le)el of operational risk management knowledge is

    a)ailable to business units so 3ueries can be dealt with as soon as possible%

    *o pro)ide the practical skills and competencies needed to support the

    operational risk framework%

  • 8/13/2019 Building operational risk awareness

    3/6

    *o transfer comple4 technical knowledge between departments and foster

    interaction between the different areas of the bank to build better risk awareness%

    *o ensure staff are aware of the bank,s obligations under Basel -- and take

    appropriate measures to meet those obligations%

    *he first step in the process towards embedding operational risk management within the

    organisation is to raise awareness% Often a major internal loss suffered b' a bank

    pro)ides a good impetus for this but e)er' bank should seek to better understand its

    own risk profile before this occurs( and be able to acti)el' manage operational risks on

    the basis of structured information and take pre)enti)e measures%

    The top$down approach

    &enior management are ultimatel' responsible for all the risks of the bank( and

    designing and implementing risk strateg'% *his is one of the most important

    prere3uisites for establishing an effecti)e operational risk management s'stem%

    *he support of the top management should be gi)en right from the start% $ither senior

    management should take the initiati)e to launch an operational risk management project

    or( if it is initiated b' somebod' else( such as the risk control unit( the' should show

    support that goes be'ond mere acceptance of the project and also back the ongoing

    operation% &enior management should allocate appropriate budget funds and human

    resources to operational risk management% *he e4ample set b' the management( or the

    tone at the top( has a considerable influence on the risk management and control

    en)ironment% A positi)e attitude from the top e4ecuti)es towards risk management( as

    well as specificall' operational risk management( is a prere3uisite for establishing an

    open risk culture characterised b' mutual trust%

    6or e4ample( when the bank implements a risk and control selfassessment !5C&A"

    process within the bank,s departments( management needs to be aware that this is not

    onl' about risk and control identification( it is also about )alidation and re)iew% *he

    banks should therefore create a )alidation re)iew unit within the operational risk

    department( which can facilitate the 5C&A process and support the department in

    raising op risk awareness% *he unit will be responsible for making sure all theemplo'ees understand and are aware of their 5C&A obligations( ensuring this is done

    in a proper wa' and that the testing of e4isting controls is correct and understandable%

    *he unit must also make sure all emplo'ees and management understand their risks

    and keep a twowa' communication between the operational risk management

    department and the other business units in the bank%

  • 8/13/2019 Building operational risk awareness

    4/6

    *he chief risk officer !C5O" is responsible for implementing the risk polic' adopted b'

    the board of directors and( as 7sponsor, of the project( should support its operational risk

    management implementation methods% *he C5O is also charged with appro)ing

    fundamental decisions%

    *he board,s main role is to control the op risk management( but to do so effecti)el' it

    needs to be acti)el' informed about the most important aspects of the projects from the

    outset% After the implementation phase( riskcontrol units such as risk committees can

    be charged with the authorit' to la' down guidelines and methods of risk management%

    *he operational risk committee is in charge of discussing highle)el technical issues and

    supporting senior management in monitoring and implementing risk polic' and strateg'(

    as well as defining wa's to impro)e the 3ualit' of risk management%

    8ine management is usuall' responsible for the operati)e implementation of the risk

    strateg' and( hence( operati)e risk management% $mplo'ees working in the business

    lines who are specificall' in charge of managing operational risks ha)e a ke' role to

    pla' due to their knowledge and e4perience( in particular with regard to their function as

    coordinators between the business lines and super)ising units( such as risk control%

    -nternal auditors might act in an audit( ad)isor' and projectsupport capacit'% Howe)er(

    taking responsibilit' for operational risk management( or for the rele)ant guidelines and

    procedures( would contradict the function,s independence% -n most cases though( the'

    ha)e sound knowledge of operational risk( which should be e4ploited b' op risk

    managers%

    Op risk managers can also work with the compliance function to help build better

    awareness% Compliance,s primar' dut' is to establish a wellfunctioning compliance

    organisation to pre)ent insider trading( manage conflicts of interest and complaints( and

    monitor the transactions made b' emplo'ees for their own holdings !staff transactions"%

    *he works council is also an effecti)e channel for ensuring op risk awareness is

    embedded% Although it is often necessar' to obtain its consent to measures relating to

    staff( it makes sense to inform and consult the works council at an earl' stage% -n)ol)ing

    the emplo'ees through their statutor' representati)e bod' is an important element of a

    corporate culture promoting effecti)e risk management and an efficient internal control

    s'stem%

    Awareness channels

  • 8/13/2019 Building operational risk awareness

    5/6

    Banks can use a wide )ariet' of channels within the organisation to build awareness of

    the benefits of good op risk management%

    Bank intranet %portal&e$learning'

    A bank should work to de)elop an informati)e link in all of its business lines% *heinformation contained on the operational risk management pages should ha)e multiple

    access points% Op risk managers can use the firm,s intranet e4tensi)el' for electronic

    learning( as almost all the staff ha)e access to it( as well as sharing internal magazines(

    educational articles and papers among emplo'ees%

    nduction and awareness programmes

    Apart from introducing new staff to the importance of operational risk management(

    e4isting staff also need to attend regular training programmes on op risk to maintain

    knowledge and skills% *he op risk management department should offer a range ofpresentations or training courses to meet the needs of different t'pes of staff( which

    should include an annual general training course on operational risk management%

    Bank magazine

    A bank,s internal magazines are essential for raising emplo'ee awareness of

    operational risks and their responsibilit' for mitigating the bank,s e4posure% &hort

    articles could be prepared on current topics( or to coincide with the latest guidance of

    the central bank or the Basel Committee on Banking &uper)ision( as well as including

    guidance on efficient management( new techni3ues and selfassessments%

    Business op risk co$ordinator&champion

    A business operational risk coordinator or champion is the thread between business

    unit staff and the operational risk team% *he' are the face of the department within the

    business units and are responsible for ensuring regular communication% *hese

    indi)iduals can organise biweekl' or monthl' workshops to address operational risk

    related issues in their business unit( which will also help increase staff awareness%

    Audience

    -n addition to regular and ongoing awareness programmes( the operational risk team

    should deli)er focused e4ecuti)e briefings and conduct )arious awareness sessions

    across all le)els of management( including groups such as the e4ecuti)e management

    and operational risk steering committees% At these briefings the op risk team can deli)er

    regular updates on O5# plans( ke' decisions and implementation issues% *he' can

    gather the support and guidance needed to bring about a successful shift in risk

  • 8/13/2019 Building operational risk awareness

    6/6

    management practices to enable them to benchmark against the best standards and

    practices%

    8astl'( the op risk management team is the essential element of the O5# framework%

    5otating team members into all of the important business units of the banks will help the

    department to keep abreast with the bank,s practices and allow them to identif'emerging operational risks%