Module 29: Management of operational and other risks Flashcards
The key to managing operational risk
having sufficient effective controls (ie a combination of information, assessment and response).
5 Features of best-practice operational risk management
- broad definition of operational risk
- internal and external early warning indicators
- qualitative and quantitative assessment tools (eg scenario testing and simulation models)
- capital is allocated to operational risk
- insurance function is fully integrated with the operational risk function
11 Actions aimed at managing operational risks
- outsourcing (people, processes, systems)
- business continuity and crisis management plans and resources
- horizon scanning (regulatory, event)
- maintenance (technology, systems, event)
- security (technology, crime)
- good HR practices (people: employment-related, agency)
- careful underwriting, product design and pricing (people: adverse selection, moral hazard)
- education, checks and balances (people: bias)
- good change management (process, technology, model)
- strong relationship with key stakeholders (regulatory, reputational)
- sound ERM framework that is integrated into the business (reputational)
7 Steps of an Enterprise-wide process for transferring operational risk
- identify operational risk exposures
- quantify them (probabilities, severities and capital requirements)
- integrate the operational risk with credit and market risk to establish an enterprise-wide risk profile
- establish limits
- implement controls
- develop strategies for risk transfer and financing
- evaluate alternatives (providers and structures) based on a cost/benefit analysis.
2 Actions in respect of retained operational risks
- establishing reserves (self-insurance)
- allowing for operational risk when allocating (economic) capital - to incentivise management to improve operational risk management.
6 Actions to manage liquidity risk
- active monitoring of liquidity requirements, within and across legal entities, allowing for differing transferability of liquid assets (fungibility)
- varying investment strategy
- using swaps
- maintenance of a contingency fund
- diversifying sources of funding
- obtaining contingent sources of funding
A business can manage some systemic risks by: (2)
- ensuring it deals with a diverse range of counterparties, eg avoiding concentration by imposing internal limits
- trading via exchanges
5 Activities designed to reduce feedback risk
- the use of circuit breakers by exchanges
- certain government actions (eg propping up a bank)
- regulations requiring the establishment of reserves
- avoiding pro-cyclical regulations
- physically separating certain types of businesses (eg retail and investment banking)
5 Processes to manage other risks
- underwriting
- risk transfer
- reducing risk concentrations
- improving diversification
- hedging
Operational risk management:
define “controls”
Controls in this context means a combination of information, assessment and response.
I.e. what information do we have that we can use to decide what course of action to take.
Outline 8 desirable features of controls
- focussed on results
- in place for both measurable and non-measurable events
- standardised for efficient communication
- high quality, so as to improve management
- few, rather than many
- meaningful and appropriate
- timely, so as to give sufficient warning
- simple, so they are easily understood
2 Disadvantages of outsourcing
Additional risks that need to be managed, including:
- possible failure of the third-party to deliver its commitments
- reduced control over the processes and people in the third party
5 Considerations a company should make before entering into an outsourcing agreement with a third-party
- Regulatory environment and the status of the third party
- Financial standing of the third party
- Competency, business continuity plans and risk processes of the third party
- Its legal agreement with the third party, including the right to terminate and the third party’s right to sub-contract
- How it will monitor the third party
7 External event risks known to have impacted on businesses
- Loss of IT or telephony capacity
- Loss of people or skills
- Bad PR or negative publicity
- Disruption to supply chain
- fire / flooding / high winds
- Protest from pressure groups
- Terrorist damage
Broad definition of business continuity
Safeguarding the business’ reputation, brand and other value-creating activities.