1. Fundamentals of ops risk part 2 Flashcards
what is business continuity risk
Business continuity risk: The risk that a firm is either inadequately prepared f or a business continuity event (process) or that the business continuity preparations fail to function in the manner intended during a business continuity crisis (people , systems or process).
Give some examples of what business continuity risk could include
- Disruption to the customer facing processes due to a natural disaster.
- Disruption to IT systems due to a successful hacking attempt.
- Damage to physical assets due to a terrorist attack.
Explain systems and IT risk
Systems or IT risk: The risk that systems fail, process information incorrectly, become
obsolete, or cannot support transactional volumes. Examples of such risk may include:
• Disruption to IT Systems due to software defects.
• Incorrect fees/charges added to customer accounts due to poor quality input information.
• Disruption to IT Systems due to excessive volume of transactions.
explain process execution risk
Information security or privacy risk: The risk that confidential information, such as client
personal details, client financial information, the firm’s own product, strategic or financial
information, is exposed to unauthorised individuals or is deliberately mis-used or stolen.
Examples of such risk ma y include:
• Theft of customer data b y external hackers.
• Mis-use of customer data b y employees.
• Customer data accidently shared with external par ties.
explain process execution risk
Process execution risk: The risk that business processes of the firm are disrupted, are not
designed adequately, are not executed as designed or produce incorrect results. Examples of
such risk ma y include:
• A marketing campaign with incorrect information is released to the public due to lack
of adequate approval processes.
• A firm allows terrorists to open an account due to lack of adequate ‘Know Your Customer’
due diligence procedures.
15
• Call centre staff give incorrect advice to customer s due to incorrect product information
provided to them.
what is financial crime risk
Financial crime risk: A broad form of risk that covers internal and external fraud involving
money laundering, sanctions and embargo breaches, processing proceeds of organised crime,
bribery, terrorism financing, insurance fraud and credit card fraud. Examples of such risk ma y
include:
• Offering financial products to individuals or organisations covered b y inter national sanctions
or embargoes due to inadequate or un used procedures or controls.
• Clients utilising financial products for purpose of money laundering due to inadequate
or poorly designed controls.
• Credit card fraud committed by external parties.
what is physical security risk
Physical security risk: The risk that the firm suffers some form of loss as the result of
inadequate physical security precautions or failures within the physical security infrastructure.
Examples of such risk may include:
• Theft of physical assets (e .g. laptops) by external par ties due to staff not following internal
security procedures.
• Damage to physical assets caused b y fire due to failure to maintain f ire extinguisher systems.
• Unauthorised external par ties are able to visit restricted areas within the off ice building
due to lax security.
what is healthy and safety or personal risk
Health and safety or personal safety risk: The risk that the health or safety of stakeholders
(e.g. employees, customer s, vendors) may be impacted due to the working environment of the
firm. Examples of such risk may include:
• Injuries or death of employees due to use of faulty equipment (e .g. laptop catching f ire).
• Injuries or death of employees due to excessive amount of work pressure .
• Kidnapping of employees during their work related travel.
what is legal or litigation risk
Legal or litigation risk: The risk that the firm suffers loss due to unexpected legal
judgements or unexpected failure to enforce contracts for legal reasons. Examples of such risk
may include:
• Customer contracts drafted inadequately or incorrectly from a legal perspective.
• Vendor contracts drafted inadequately or incorrectly from a legal perspective.
• Employment contracts drafted inadequately or incorrectly from a legal perspective
what is compliance risk
Compliance risk: The risk of non-compliance with external laws, regulations and rules.
This can include people not doing what they should be doing, or processes or systems not
being appropriate or adequate to meet compliance requirements. Examples of such risk
may include:
• Submitting incorrect information within regulator y reports to regulators.
• Delay in submitting regulatory reports to regulators.
• Sales staff do not provide mandatory regulatory information to customers.
what is 3rd party risk
Third-party risk: The risk that the firm suffers loss due to third-par ties (e .g. vendors or
suppliers) failing to follow Service Level Agreements, or where the third-party may breach
expectations or trust of key stakeholders (e .g. customer s). Examples of such risk ma y include:
• A firm has to compensate staff as a result repeated delays in payroll managed b y a third party, in breach of its SLA.
• Vendors get involved in price fixing to inflate their prices.
• Theft of customer information by vendors for purpose of committing fraud.
What is conduct risk?
Conduct risk: Generally accepted as the risk that the firm’s behaviours will result in poor outcomes f or customer s. However, it is arguable whether conduct risk is strictly a ‘risk’.
Conduct is an essential element of operational risk because it is integral to the fundamental cause of operational risk which is ‘people’. Whilst conduct is generally aimed at customer outcomes, a firm’s behaviours will also have a detrimental effect on the markets in which it operates, other key stakeholders, such as third-par ties with which it deals and, importantly, its staff. Examples of poor conduct ma y include:
• Intentional mis-selling products/ser vices to clients.
• Intentional discrimination against customer s based on their religion, country of origin,
appearance or sexual orientation.
• Sales staff not following the designed sales process when dealing with new customer
enquiries due to poor under standing of the products offered b y the firm.
what is cyber risk
Cyber risk: The risk that the firm may be unable to protect its digital assets. It typically covers
damage to digital assets from external par ties (e .g. hackers) but should also cover damage to digital assets by employees. Examples of such risk may include:
• Theft of customer information from IT systems as a result of staff not following cyber security procedures.
• Theft of confidential strategy-related information from IT systems by competitors as a result
of lax physical security.
• Disruption to IT Systems caused b y unexpected volumes of transaction generated by hackers, known as ‘denial of service’ attacks.
