People, plagues and process: Mastering operational risk · People, plagues and process: Mastering...
-
Upload
truongkhue -
Category
Documents
-
view
220 -
download
0
Transcript of People, plagues and process: Mastering operational risk · People, plagues and process: Mastering...
![Page 1: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/1.jpg)
People, plagues and process:Mastering operational risk
John Thirlwell
Chartered Banker Institute and Institute of Operational Risk,
Edinburgh, 1 March 2011
![Page 2: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/2.jpg)
Agenda
• Writing the book• Operational risk: what it is and why it
matters• The benefits of good operational risk
management• Operational risk governance• Measurement or assessment: uses and
abuses of data• Managing people risk
![Page 3: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/3.jpg)
Operational risk:How to break it down?
• The Framework; putting the Framework to work
![Page 4: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/4.jpg)
ORM FrameworkGovernance
Key indicators
Scenarios and Modelling
Reporting
Action plans
Identify risk and control indicators
Specify risk appetite
Losses
Action plans
Identify and capture internal and external losses
Analyse loss causes
Risk & Control Assessment
Action plans
Identify risk and owner Assess likelihood and impact
Identify control and owner Assess design and performance
![Page 5: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/5.jpg)
Operational risk:How to break it down?
• The Framework; putting the Framework to work
• History; the Framework, putting the Framework to work
• History; the Framework, putting the Framework to work; business case; mitigation
![Page 6: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/6.jpg)
Breaking it downPart 1: Setting the scene
What is operational risk? The business casePart 2: The Framework
Governance, RCA, events and losses, indicatorsPart 3: Advancing the Framework
Reporting, modelling, scenarios and stress testingPart 4: Mitigation and assurance
Business continuity, insurance, internal auditPart 5: Practical operational risk management
Outsourcing, people risk, reputation risk
![Page 7: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/7.jpg)
Operational risk: what it is and why it matters
![Page 8: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/8.jpg)
![Page 9: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/9.jpg)
‘The world has never been so full of risk’(Thomas Aquinas, 1245)
![Page 10: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/10.jpg)
National security strategy (Oct 2010)
Satellite communications disruptedInternational military crisis
Organised crimeMajor accident or natural hazard, e.g. extensive coastal flooding, pandemic
Overseas insurgency creating environment for terrorism
Cyber attacks and large scale cyber crime
Chemical, biological, nuclear, radioactive (CBNR) weapons
International terrorism
TIER 2TIER 1
![Page 11: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/11.jpg)
Eyjafjallajökull (Iceland) volcano2010
BP/Deepwater Horizon oil spill (+ Texas City (2005), Alaska pipeline (2006))
2010
Hurricane Katrina (+ Dennis, Emily, Rita, Wilma)2005
SARS near-pandemic2003
Enron/Arthur Andersen2001
World Trade Center (9/11)2001
Millennium Bug2000
Long Term Capital Management1998
Barings Bank (+ Daiwa (1995), Sumitomo (1995), Allfirst/Allied Irish (2002), National Australia Bank (2004), Société Générale (2008))
1995
Metallgesellschaft1993
Piper Alpha oil rig (North Sea)1988
EventYear
![Page 12: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/12.jpg)
Defining operational risk‘Operational risk is the risk of direct or indirect losses resulting from inadequate or failed processes, people or systems, or from external events.’ [Operational risk: the next frontier. RMA/PriceWaterhouseCoopers, 1999]
‘The risk of loss resulting from inadequate or failed internal processes, people or systems or from external events’ [Basel II]
- includes legal risk; excludes strategic and reputational risk - regulatory risk?
‘The risk of loss arising from inadequate or failed internal processes, or from personnel and systems, or from external events.’ [Solvency II]
![Page 13: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/13.jpg)
Is operational risk different from other risks?
Does the risk affect every activity?
Is everybody in the firm responsible for the risk?Can you trade the risk?
Can its financial impact be capped or limited?
Can audit confirm that every occurrence of the risk has been captured?
Can it be identified from accounting information e.g. the P&L?
Is the risk assumed proactively ?Is the risk transaction-based?
OperationalCredit, market, commodity, liquidity
![Page 14: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/14.jpg)
Operational Risk(including Strategic Risk)
![Page 15: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/15.jpg)
An attempt to frame the unframeable, to assuage fears about the uncontrollable ‘rogue others’ and to tame the man-made monsters [of the financial system].
Prof Michael Power, Organized uncertainty : designing a world of risk management (OUP, 2007)
![Page 16: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/16.jpg)
The benefits of good operational risk management
![Page 17: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/17.jpg)
Benefits of an effective operational risk management framework
Informed decision making• Understanding the OR context of decisions
(governance)• Distinguishing your operational risks and
optimising control resource (RCA)
![Page 18: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/18.jpg)
Optimising resource through risk and control assessments
![Page 19: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/19.jpg)
Benefits of an effective operational risk management framework
Informed decision making• Understanding the OR context of decisions
(governance)• Distinguishing your operational risks and
optimising control resource (RCA)• Assessing past problems (losses)• Knowing where you are now (indicators) . . .• . . . and where you may be heading (scenarios)• Allocating capital (modelling)• Getting the right information (reporting)
![Page 20: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/20.jpg)
Interaction of operational risk management and Six Sigma and Lean
![Page 21: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/21.jpg)
Other benefits of operational risk management
• Business continuity planning– Will you be a survivor?– Will you be back in business first?
• Insurance buying• Outsourcing
– Managing the core– Better customer service– Higher activity levels
• Project management• Reputational damage
– Preventing it– What to do if it happens
• People risk management
![Page 22: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/22.jpg)
Operational risk governance
![Page 23: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/23.jpg)
ORM FrameworkGovernance
Key indicators
Scenarios and Modelling
Reporting
Action plans
Identify risk and control indicators
Specify risk appetite
Losses
Action plans
Identify and capture internal and external losses
Analyse loss causes
Risk & Control Assessment
Action plans
Identify risk and owner Assess likelihood and impact
Identify control and owner Assess design and performance
![Page 24: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/24.jpg)
The 3 lines of defence
RISK OWNERSBusiness operations
RISK OVERSIGHTEg: Risk, compliance, legal, health & safety, IT security, etc
Risk Committee
B O A R D
Audit Committee
RISK ASSURANCEInternal and external audit
![Page 25: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/25.jpg)
Board
• Leadership– Culture– The tune in the middle
• Strategy and objectives– Risk appetite
• Reporting and communication
![Page 26: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/26.jpg)
ORM FrameworkGovernance
Key indicators
Scenarios and Modelling
Reporting
Action plans
Identify risk and control indicators
Specify risk appetite
Losses
Action plans
Identify and capture internal and external losses
Analyse loss causes
Risk & Control Assessment
Action plans
Identify risk and owner Assess likelihood and impact
Identify control and owner Assess design and performance
![Page 27: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/27.jpg)
Board• Leadership
– Culture– The tune in the middle
• Strategy and objectives– Risk appetite
• Reporting and communication• Risk, the Risk function and the Risk
Committee• Is the CEO also the CORO?
![Page 28: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/28.jpg)
Where does the operational risk function sit?
RISK OWNERSBusiness operations
RISK OVERSIGHTEg: Risk, HR, compliance, legal, health & safety, IT security, etc
Risk Committee
B O A R D
Audit Committee
RISK ASSURANCEInternal and external audit
![Page 29: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/29.jpg)
Risk assurance• Independent• Internal audit
– Clear objectives– Status and position in the firm
• Audit Committee– Priorities
• External audit – financial reporting• Internal audit as executive management• Internal audit as consultant • Internal audit as investigator
![Page 30: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/30.jpg)
Whose risk (appetite) is it anyway?
![Page 31: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/31.jpg)
Measurement or assessment: uses and abuses of data
![Page 32: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/32.jpg)
ORM FrameworkGovernance
Key indicators
Scenarios and modelling
Reporting
Action plans
Identify risk and control indicators
Specify risk appetite
Losses
Action plans
Identify and capture internal and external losses
Analyse loss causes
Risk & Control Assessment
Action plans
Identify risk and owner Assess likelihood and impact
Identify control and owner Assess design and performance
![Page 33: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/33.jpg)
The risk register
‘The conveyor belt of sins’or
‘What needs to go right?
![Page 34: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/34.jpg)
Issues and decisions concerning event data
• Which events?– Reporting threshold– Near misses– “Boundary” losses– Gains
• The data– Amount (the basis of severity)– Date (the basis of frequency)– Loss category
![Page 35: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/35.jpg)
Realities of risk event data• It will be incomplete, scarce and patchy, even
allowing for external data – the ‘tail’ problem.
![Page 36: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/36.jpg)
Lognormal and bimodal distributions
![Page 37: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/37.jpg)
Realities of risk event data• It will be incomplete, scarce and patchy, even allowing
for external data – the ‘tail’ problem.• It will be inconsistently reported although, once reported,
it is auditable.• It is historic and backward looking. Major events will
probably have led to tighter controls, change of policy etc. The external environment will change.
However• It can validate indicators, risk and control assessments
and scenarios• It is the beginning of the essential chain of:
Data →information→knowledge→understanding
BUT THAT ONLY COMES WITH . . .
![Page 38: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/38.jpg)
Felix qui potuit rerum cognoscere causas(Vergil, Georgics)
![Page 39: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/39.jpg)
Felix qui potuit rerum cognoscere causas(Vergil, Georgics)
It is the cause, it is the cause, my soul.(Shakespeare, Othello)
![Page 40: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/40.jpg)
Felix qui potuit rerum cognoscere causas(Vergil, Georgics)
It is the cause, it is the cause, my soul.(Shakespeare, Othello)
CAUSE EVENT EFFECT
![Page 41: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/41.jpg)
Some Nobel thoughts on quantificationUnlike the position that exists in the physical
sciences, in economics and other disciplines that deal with essentially complex phenomena [operational risk?], the aspects of the events to be accounted for about which we can get quantitative data are necessarily limited and may not include the important ones. [Friedrich von Hayek, Pretence of Knowledge, Nobel acceptance speech 1974]
Our knowledge of the way things work, in society or in nature, comes trailing clouds of vagueness. Vast ills have followed belief in certainty. [Kenneth Arrow, I know a hawk from a handsaw CUP 1992]
![Page 42: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/42.jpg)
ORM FrameworkGovernance
Key indicators
Scenarios and modelling
Reporting
Action plans
Identify risk and control indicators
Specify risk appetite
Losses
Action plans
Identify and capture internal and external losses
Analyse loss causes
Risk & Control Assessment
Action plans
Identify risk and owner Assess likelihood and impact
Identify control and owner Assess design and performance
![Page 43: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/43.jpg)
Traditional risk management
High (4)Med High (3)Med Low (2)Low (1)Impact
4321Low (1)
8642Med Low (2)
12963Med High(3)
161284LikelihoodHigh (4)
![Page 44: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/44.jpg)
Intelligent ORM
High (4)Med High (3)Med Low (2)Low (1)Impact
4321Low (1)
8642Med Low (2)
n/a963Med High(3)
n/an/a84LikelihoodHigh (4)
![Page 45: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/45.jpg)
Issues with risk and control assessments and scenarios
• Subjective biases– Availability bias - and the elephant– Motivational bias
• Lack of challenge / peer review• Combination of events over a period of time (scenarios)• Paper overload• Lack of management buy-in• Lack of feedback• Lack of follow-up• Failure to use in-house data as validation
(e.g. risk indicators, loss data)
![Page 46: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/46.jpg)
Modelling operational risk- a qualitative approach
• Use existing risk and control assessments• No need to wait for adequate loss history• How it might work:
– Set up ranges– Assess impact and likelihood of risks– Assess failure probabilities of controls– Correlate risks (if possible)– Challenge input– Run Monte Carlo simulations– Assimilate results and reports
![Page 47: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/47.jpg)
Managing people risk
![Page 48: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/48.jpg)
People risk
• Operational risk is the risk of loss from inadequate or failed internal processes, people and systems or from external events.
• ‘80% of operational risk is down to human error or management failure.’(Jonathan Howitt, ex Head of operational risk, Dresdner Kleinwort Benson, PRMIA, 2004)
![Page 49: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/49.jpg)
People risk and the financial crisis
Financial crisis– Asset bubble– Politicians, regulators, central banks– The banking ecosystem– Failure to apply good risk management – Failure to apply good risk governance– Human behaviour (bias, greed, herd instinct)
![Page 50: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/50.jpg)
Conclusions of the Financial Crisis Inquiry Commission
• Avoidable; self-harm• ‘dramatic failures of corporate governance
and risk management . . . were a key cause of this crisis’
• ‘there was a systemic breakdown in accountability and ethics’
• Collapsing mortgage lending standards; over-the-counter derivatives (W. Buffett: ‘financial WMD’); credit rating agencies
![Page 51: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/51.jpg)
People risk essentials• Leadership: Board and senior management
– Chairman– As team– Red flag issues
• Culture→ Strategy and objectives→ What we mean by excellent behaviour– Openness and transparency– Communication– Walking the talk
• Change and flexibility– Continuous improvement– Changing competitive, economic and social environments
![Page 52: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/52.jpg)
Senior people risk
• The people risk of the CEO– Chairman and Board– Emperor or celeb?– Strategy and implementation– Decisions: how many? how good?– Reputation risk
• The people risk of risk management– Something can be done– Abdication of responsibility– Blame
![Page 53: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/53.jpg)
People risk:causes, controls and indicators
• Objectives and, through them, behaviours are the drivers for key people risk controls:– Selection– Appraisal and performance management– Training– Reward– Succession planning
• People risk and reputation risk• People risk indicators
![Page 54: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/54.jpg)
People risk and HR• Is HR a transactional or a risk function?• Much risk is managed by good HR. How
much is managed by a good HR department?
• Understanding and predicting risk is highly dependent on understanding human and organisational behaviour. HR has a role as senior management’s guide.
• Would the HR Director be on the short-list for CEO or COO?
![Page 55: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/55.jpg)
• All risks should be viewed through a people lens and all people issues viewed through a risk lens
Good people managementis good risk management is good operational risk management
![Page 56: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/56.jpg)
‘The world has never been so full of risk.’
‘her infinite variety’
![Page 57: People, plagues and process: Mastering operational risk · People, plagues and process: Mastering operational risk John Thirlwell Chartered Banker Institute and Institute of Operational](https://reader035.fdocuments.in/reader035/viewer/2022062317/5c4d63d593f3c31760746844/html5/thumbnails/57.jpg)
Contact details
www.masteringoperationalrisk.com
John Thirlwell
Tel: +44 (0) 208 386 8019
Mob:+44 (0) 781 382 9362
e-mail: [email protected]
Web: www.johnthirlwell.co.uk