Operational risk is associated with human error, system failures and inadequate procedures and controls. It is the risk of loss arising from the potential that inadequate information system; technology failures, breaches in internal controls, fraud, unforeseen catastrophes, or other operational problems may result in unexpected losses or reputation problems. Operational risk exists in all products and business activities.
The objective of operational risk management is the same as for credit, market and liquidity risks that is to find out the extent of the bank’s operational risk exposure; to understand what drives it, to allocate capital against it and identify trends internally and externally that would help predicting it. The management of specific operational risks is not a new practice; it has always been important for banks to try to prevent fraud, maintain the integrity of internal controls, and reduce errors in transactions processing, and so on. However, what is relatively new is the view of operational risk management as a comprehensive practice comparable to the management of credit and market risks in principles.
Failure to understand and manage bank operational risk, which is present in virtually all banking transactions and activities, may greatly increase the likelihood that some risks will go unrecognized and uncontrolled.
There are 6 fundamental principles that all institutions, regardless of their size or complexity, should address in their approach to operational risk management. CCG Catalyst can assist you in these areas.
- Ultimate accountability for operational risk management rests with the board, and the level of risk that the organization accepts, together with the basis for managing those risks, is driven from the top down by those charged with overall responsibility for running the business.
- The board and executive management should ensure that there is an effective, integrated operational risk management framework. This should incorporate a clearly defined organizational structure, with defined roles and responsibilities for all aspects of operational risk management/monitoring and appropriate tools that support the identification, assessment, control and reporting of key risks.
- Board and executive management should recognize, understand and have defined all categories of operational risk applicable to the institution. Furthermore, they should ensure that their operational risk management framework adequately covers all of these categories of operational risk, including those that do not readily lend themselves to measurement.
- Operational risk policies and procedures that clearly define the way in which all aspects of operational risk are managed should be documented and Operational risk management policies and procedures should be aligned to the overall business strategy and should support the continuous improvement of risk management
- All business and support functions should be an integral part of the overall operational risk management framework in order to enable the institution to manage effectively the key operational risks facing the institution.
- Line management should establish processes for the identification, assessment, mitigation, monitoring and reporting of operational risks that are appropriate to the needs of the institution, easy to implement, operate consistently over time and support an organizational view of operational risks and material failures.
The ultimate responsibility of operational risk management rests with the board of directors. Both the board and senior management should establish an organizational culture that places a high priority on effective operational risk management and adherence to sound operating controls. CCG Catalyst can assist your board establish tolerance level and set strategic direction in relation to operational risk. Such a strategy would be based on the requirements and obligation to the stakeholders of the institution.
With CCG Catalyst assistance, senior management will transform the strategic direction given by the board through operational risk management policy. Although the Board may delegate the management of this process, it must ensure that its requirements are being executed. The policy should include:
The strategy given by the board of the bank.
- The systems and procedures to institute effective operational risk management framework.
- The structure of operational risk management function and the roles and responsibilities of individuals involved.