Operational Risk Framework – What it Means to Your Organization

Operational Risk Framework – What it Means to Your Organization

An operational risk governance framework is critical to forming organization synapses between inter-dependent relationships of stakeholders, including the board directors, managers, employees, and most importantly, shareholders.  However, policies and procedures are difficult to manage and enforce downstream and yet, it is critical to the framework of operational risk management.

Dr. Tom Huertas, EY, in an article “Too important to ignore: how banks can get a grip on operational risk,” stated the need to, “Review policies and procedures to assure that the bank complies with all relevant regulations…assure that they work as intended and that they cannot be gamed, evaded or subverted…”  This statement may be due to the fact that statistically, over 60% of operational risk issues are caused by failed or unenforced policies and procedures.

Most operational risk frameworks contain much the same points, calling for the creation of:

1. Operational risk definition pertinent to each area of the organization
   1. Defining the various stakeholders in each structure of the organization
   2. Defining the various risks indigenous to each business area
   3. Formulation of various policies to avoid or mitigate particular risks

Concern: A non-integrated policy solution may create more issues and costs and may be limited proactively, while increasing training costs.

RiskCALM₄:  Integrates the institution’s policies and procedures within the business processes and eliminates the need to have policy and process training.

2. Roles and Communication requirements of each participant
   1. Policies managing the various roles
   2. Communication alerts and report policies
   3. Performance assessment and remuneration processes

Concern: Policy and processes are more difficult to manage, maintain and train, downstream.

RiskCALM₄: Audited execution or overrides of policies enforces accountability through automatic alerts.

3. Strategy
   1. Define policies and triggers for operational risk “red flags” for each area/structure of the organization
   2. Define dynamic reminders when a trigger appears and when it has been pulled
   3. Monitor and report and retain event data

Concern:  Capturing and defining new organization synapses of concern through event data analysis.

RiskCALM₄: Automated Collection and management of event data for analytics with dynamic alerts.

4. Board responsibilities
   1. Define committees and Board responsibilities
   2. Hold senior management accountable with oversight of operational risk
      1. Proof of the flow of information from frontline level through to Board level
   3. Empower operational risk management with information to enable forward looking risk management
   4. Involve Board and audit committee engagement with risk oversight

Concern: Information and data availability for timely business decisions

RiskCALM₄: With complete audit trails of all executed or overridden policies, senior management process decisioning and qualitative analysis, the Board, C-executives and other managers are empowered with information to make business decisions.

5. Capital Analysis and Review
   1. The need for a ‘Loss event’ database for forward looking analytics
   2. Qualitative analysis

Concern: Capital risk has been reactive to operational risk losses rather than proactive

RiskCALM₄: With data from losses being automatically stored and managed it allows for quantitative and qualitative analysis to afford organizations forward looking analysis.

Obviously, there is a need for a framework and a plan that includes most of the same points as above, with a common theme, as you can see, of the importance of policies and data.  As Deloitte expresses in the “Deloitte Perspective” an article, “Establishing an operational risk framework in banking”, “Notwithstanding the industry consensus, regulatory expectations still require a thorough investigation of the data to identify whether meaningful correlations can be found…”

Most institutions have a framework and plan but then have to identify the technology to help fulfill the plan.  The technology solutions typically necessitate multiple technical products, which in some cases, create silos, causing more processes and costs.  The RiskCALM₄ Solution can easily incorporate the operational framework, in total and fulfills a complete integrated plan, with, reduced costs, improved compliance, automated policing management and enforcement and dynamically created audit trails, with a built in communication capability for alerts and triggers and data management, while dynamically resolving, in-branch, online and integrated, the following:

• Automated, dynamic IFRS 9 credit risk model
• Automated AML/CFT/KYC risk-based program
• Automatic sanction review of customer/member base
• Credit risk modeling
• Market risk modeling
• Operational risk modeling
• Qualitative analysis
• Automated FIU/UAF reporting
• Automated, dynamic Correspondent inter-action and de-risking
• Complete audit trail
• Automated loan origination and account opening
• Automated, dynamic loan documentation

Yes, using RiskCALM₄ also is a competitive differentiator:

• Automated and dynamic regulatory compliance translates to better service, more business opportunities, more revenue
• Converting the perception of risk from mitigation to prevention or calculated risk taking, improves the timeliness and the business decisions, improving competitive position and revenue opportunities
• Integrating governance, oversight and enforcement in all aspects of the business, institutions become more efficient, reduce costs, minimize losses.
• Board directors and C-executives have information at their fingertips, concerning the complete picture of their business, identifying to the regulators their commitment to accountability.

Request a 15 minute overview of RiskCALM_4.