Be better placed to manage, measure and mitigate the emerging and interconnected non-financial risks that your firm faces today
It has never been more important for financial organisations to understand operational risk. As the coronavirus pandemic has shown, the risks can be broad and interconnected—from how they impact people, to how they disrupt processes and systems. In Acin’s latest webinar Operational Risk at a Crossroads, Acin’s Network and Insights Lead Rupal Patel was joined by Damian Hoskins, a senior risk and controls leader; Samantha Ng, Head of Portfolio Management and Transformation Risk at Deutsche Bank; and Stephen Mascall, Investment Banking Controls and Regulatory COO for EMEA at Credit Suisse, to discuss the challenges financial organisations face when manging operational risk and why a fresh approach is needed.
Here are five key takeaways from the webinar:
1. Changing perceptions
During the credit crunch era, operational risk was defined more by what it wasn’t than what it was, says Hoskins: it wasn’t financial risk. Senior managers at that time would have had a clear understanding of the financial risks and their role in managing those risks and controls, but that wasn’t the same with operational risk—they would assume those risks were owned by somebody else and they didn’t need to think too deeply about them. Today, ownership of operational risk has shifted, says Hoskins, with people now having a much more nuanced and detailed perspective on non-financial risk management—and their role in managing it—than they did a decade or so ago.
2. Evolving risk landscape
It is not just the coronavirus pandemic that has made people think more broadly about operational risk management. Emerging risks such as environmental, social and governance (ESG) issues underscore why an enterprise-wide approach to operational risk management is needed, says Ng. “These emerging risks are very often cross-risk themes, they don’t just impact one or two risk types, they impact the entire system,” she says. “You almost have to think outside of the box about how we manage these risks.” That means as risks become more challenging and complex, there needs to be more collaboration between the first and second lines of defence to manage those interconnected risks more effectively.
3. More dynamic, data-led approaches
The pandemic has shown that firms need to be more agile with their risk and control self-assessments (RCSAs)—doing them just once or twice a year is not just a resource-heavy exercise, the findings are likely to become quickly outdated. By moving to a more dynamic model firms can continuously monitor their data, to see what is going on, and immediately identify anything that requires remediation. “That encourages good risk management throughout the year, so you don’t end up having a once-a-year debate,” says Ng. Hoskins adds that banks shouldn’t be looking to achieve 100% perfection in their data before making risk decisions—as long as the data indicates the direction of travel, its quality is probably sufficient. “Models can always be fine-tuned later,” he says.
4. Cross-industry collaboration
The World Economic Forum recently published a report outlining the need for organisations to work more collaboratively to navigate risks and opportunities. For instance, data sharing can help companies become more resilient without losing any competitive advantage. “There are whole areas that encompass the non-financial risk world where there is no advantage in keeping special information close to your chest,” says Hoskins. Threats such as third-party risk, cyber risk and emerging climate risk are all areas where there is a benefit for the wider financial community to share data. “Keeping that little gold nugget to yourself won’t necessarily be to the direct advantage of your individual financial firm,” he adds.
5. Getting all stakeholders on board
Sometimes it is as simple as educating the first line of defence that they own the underlying risks, says Ng, but sometimes it requires more persuasive measures such as balanced scorecards to help motivate senior managers to understand non-financial risks, and their ownership of them. Hoskins says there are still people in most financial firms who don’t understand their role in the wider risk and control responsibilities of the business. That is partly because of a lack of consequences if something goes wrong. Mascall says regulators are now paying closer attention to how issues are escalated and who is ultimately accountable. “It’s not about a witch hunt of making sure somebody is responsible, it’s making sure that someone knows that they have responsibility for the process and the control,” he says.
By taking a data-driven approach to operational risk management—and by encouraging collaboration both across your organisation and the wider industry—you will be better placed to manage, measure and mitigate the emerging and interconnected non-financial risks that your firm faces today.