Module 29: Management of operational and other risks Flashcards

1
Q

The key to managing operational risk

A

having sufficient effective controls (ie a combination of information, assessment and response).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

5 Features of best-practice operational risk management

A
  • broad definition of operational risk
  • internal and external early warning indicators
  • qualitative and quantitative assessment tools (eg scenario testing and simulation models)
  • capital is allocated to operational risk
  • insurance function is fully integrated with the operational risk function
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

11 Actions aimed at managing operational risks

A
  • outsourcing (people, processes, systems)
  • business continuity and crisis management plans and resources
  • horizon scanning (regulatory, event)
  • maintenance (technology, systems, event)
  • security (technology, crime)
  • good HR practices (people: employment-related, agency)
  • careful underwriting, product design and pricing (people: adverse selection, moral hazard)
  • education, checks and balances (people: bias)
  • good change management (process, technology, model)
  • strong relationship with key stakeholders (regulatory, reputational)
  • sound ERM framework that is integrated into the business (reputational)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

7 Steps of an Enterprise-wide process for transferring operational risk

A
  1. identify operational risk exposures
  2. quantify them (probabilities, severities and capital requirements)
  3. integrate the operational risk with credit and market risk to establish an enterprise-wide risk profile
  4. establish limits
  5. implement controls
  6. develop strategies for risk transfer and financing
  7. evaluate alternatives (providers and structures) based on a cost/benefit analysis.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

2 Actions in respect of retained operational risks

A
  • establishing reserves (self-insurance)
  • allowing for operational risk when allocating (economic) capital - to incentivise management to improve operational risk management.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

6 Actions to manage liquidity risk

A
  • active monitoring of liquidity requirements, within and across legal entities, allowing for differing transferability of liquid assets (fungibility)
  • varying investment strategy
  • using swaps
  • maintenance of a contingency fund
  • diversifying sources of funding
  • obtaining contingent sources of funding
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A business can manage some systemic risks by: (2)

A
  • ensuring it deals with a diverse range of counterparties, eg avoiding concentration by imposing internal limits
  • trading via exchanges
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

5 Activities designed to reduce feedback risk

A
  • the use of circuit breakers by exchanges
  • certain government actions (eg propping up a bank)
  • regulations requiring the establishment of reserves
  • avoiding pro-cyclical regulations
  • physically separating certain types of businesses (eg retail and investment banking)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

5 Processes to manage other risks

A
  • underwriting
  • risk transfer
  • reducing risk concentrations
  • improving diversification
  • hedging
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Operational risk management:

define “controls”

A

Controls in this context means a combination of information, assessment and response.

I.e. what information do we have that we can use to decide what course of action to take.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Outline 8 desirable features of controls

A
  1. focussed on results
  2. in place for both measurable and non-measurable events
  3. standardised for efficient communication
  4. high quality, so as to improve management
  5. few, rather than many
  6. meaningful and appropriate
  7. timely, so as to give sufficient warning
  8. simple, so they are easily understood
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

2 Disadvantages of outsourcing

A

Additional risks that need to be managed, including:

  • possible failure of the third-party to deliver its commitments
  • reduced control over the processes and people in the third party
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

5 Considerations a company should make before entering into an outsourcing agreement with a third-party

A
  1. Regulatory environment and the status of the third party
  2. Financial standing of the third party
  3. Competency, business continuity plans and risk processes of the third party
  4. Its legal agreement with the third party, including the right to terminate and the third party’s right to sub-contract
  5. How it will monitor the third party
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

7 External event risks known to have impacted on businesses

A
  1. Loss of IT or telephony capacity
  2. Loss of people or skills
  3. Bad PR or negative publicity
  4. Disruption to supply chain
  5. fire / flooding / high winds
  6. Protest from pressure groups
  7. Terrorist damage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Broad definition of business continuity

A

Safeguarding the business’ reputation, brand and other value-creating activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

7 Actions that can be taken to manage technology and cyber-crime risks

A
  1. Keeping systems up-to-date
  2. Routine maintenance
  3. Thorough testing (for robustness and compatibility) when introducing new IT systems.
  4. Quick response IT helpdesks to deal with minor IT issues.
  5. Training staff - eg not to open suspicious email attachments.
  6. Restrictions on employees’ use of social media applications or use of devices that might circumvent IT security.
  7. Implementing and testing security software and routines, such as firewalls, back-ups and regular password changes, to prevent cyber attacks and ensure data can be rapidly recovered in the event of loss.
17
Q

State how the risk of adverse selection can be managed

A

By careful underwriting and product design and pricing.

18
Q

Process risk

A

The introduction of changes into business processes or IT systems introduces the risk to the business that the new processes or systems may fail or be poorly implemented.

19
Q

State how process risks can be managed

A
  • undertaking pilot studies
  • precise definition of the requirements of any new solution to best meet the needs of the whole enterprise
  • designing systems that can be easily maintained, enhanced and upgraded
  • careful deployment of the new systems with user education
20
Q

To manage model risk it is important to: (3)

A
  • have documented processes for model building and testing
  • have clear audit trails and change-management routines
  • use models only for their intended purpose
21
Q

To manage data risk it is important to: (3)

A
  • limit what can be entered to what is valid (eg range checks)
  • check data entry
  • re-check data on transfer and, in particular, de-duplicate.
22
Q

State 3 defenses against reputational risk

A
  • a sound ERM framework
  • business continuity and crisis management plans and processes
  • strong relationships with key stakeholders
23
Q

3 Methods of managing market liquidity risk

A
  1. Varying investment strategy
  2. Using swaps
  3. Having a contingency fund of high-quality liquid assets
24
Q

3 Methods of managing funding liquidity risk

A
  1. Diversifying sources of funding.
  2. Continuously monitoring the ability to raise additional capital.
  3. Contingency sources of funding from their bank (eg a line of credit) to draw upon in times of stress.