The Operational Risk Handbook for Financial Companies
eBook - ePub

The Operational Risk Handbook for Financial Companies

A guide to the new world of performance-oriented operational risk

Brian Barnier

Share book
  1. 276 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

The Operational Risk Handbook for Financial Companies

A guide to the new world of performance-oriented operational risk

Brian Barnier

Book details
Book preview
Table of contents
Citations

About This Book

The Operational Risk Handbook for Financial Companies is a groundbreaking new book. It seeks to apply for the first time a range of proven operational risk techniques from other industries and disciplines to the troubled territory of financial services.Operational risk expert Brian Barnier introduces a range of sophisticated, dependable and - crucially - approachable tools for risk evaluation, risk response and risk governance. He provides a more robust way of gaining a better picture of risks, shows how to build risk-return awareness into decision making, and how to fix (and not just report) risks.The practical importance of fully understanding and acting on risk to the business begins in the foreword on plan-B thinking, penned by Marshall Carter, chairman of the NYSE and deputy chairman of NYSE Euronext.The book is unique because:- It is not just about modeling and a few basic tools derived from regulatory requirements. Instead, it looks at management of risk to operations across industries, professional disciplines and history to help ops risk leaders become aware of the entire landscape of proven experience, not just their own conference room.- It is not just about compliance. Instead, it looks to operations as part of performance - managing risk to return for shareholders and other interests (e.g. guarantee funds).- It is not content to look at risk in stand-alone segments or silos; instead it takes a systems approach.- It is not just about ops risk leaders sharing war stories at a conference. Instead, it introduces a panel of six financial institution board members who get risk management and provide their perspectives throughout the book to encourage/demand more from ops risk to meet the needs of the institution in the world.- It is not a semi-random collection of tips and tricks. Instead, it is grounded in a risk-management process flow tailored to financial companies from a range of proven experience, providing tools to help at each step.Suitable for companies of all sizes, this book is of direct relevance and use to all business managers, practitioners, boards and senior executives. Key insights from and for each are built into every chapter, including unique contributions from board members of a range of companies.The Operational Risk Handbook for Financial Companies is an essential book for making better decisions at every level of a financial company; ones that measurably improve outcomes for boards, managers, employees and shareholders alike.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is The Operational Risk Handbook for Financial Companies an online PDF/ePUB?
Yes, you can access The Operational Risk Handbook for Financial Companies by Brian Barnier in PDF and/or ePUB format, as well as other popular books in Betriebswirtschaft & Unternehmensfinanzen. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Harriman House
Year
2011
ISBN
9780857191564
Edition
1
Topic
Betriebswirtschaft
Subtopic
Unternehmensfinanzen

Part 1. Evaluating Risk

Finding and understanding risks to operations is the focus of this first part of the book. This includes understanding the dynamics of the environment in which the institution operates, the capabilities of the enterprise that is the financial institution, the interaction of the environment and capabilities as they play out in scenarios or situations of unfolding chains of events, and the warning signs of those unfolding events that should be watched to avoid cascading problems. This part of the book will introduce a systematic process for taking these steps to help you be more efficient and effective in finding and understanding risks.

1.1. Lighting up ‘Dark Corners’

“In complex organizations, the operational risk manager must coordinate across all areas of the business to ensure risks are identified, measured in terms of the amount and severity of worst-case outcomes, and that plans are designed to prevent them. Board oversight, executive leadership and employee engagement across the business are required.”
— Karen Osar, board member of Webster Financial Corporation
Regulators say: ‘Banks need to better see in “dark corners”.’ Operational risk leaders ask: ‘How can we avoid “surprises”?’ Shareholders and board members facing a changing business environment seek risk management that improves return relative to risk. As I speak with ops risk executives, most express frustration and a sense that there must be a better way than just trudging through their daily challenges.
Practical experience in risk and operations suggests that shifting to a more performance-driven, systematic approach to risk management can better meet shareholder expectations and helps meet compliance requirements.
To shift to that performance focus, the operational risk management leader needs to strengthen the three basic ingredients in any productive activity—people, process and technology. To be more basic, it means clarity in terms so people can communicate easily, effectiveness in framework (including process) so they can get the job done, and efficiency in tools/technology so they can get the job done faster and easier.
Tools are best used in the context of a framework. This is true for any activity, whether for repairing a car or knitting a scarf.
There are a number of frameworks for risk management. With similarities and differences, frameworks can make life easier for practitioners. The more complete frameworks for management include these elements:
  • what to do: process model steps
  • management practices
  • input–output tables
  • what to measure: goals and metrics tables
  • who does it: Responsible, Accountable, Consulted, Informed (RACI) tables
  • how to measure and progress: maturity models or agreed upon procedures
  • glossary.
Two groups of benefits come from using frameworks. First, there are design benefits. They are developed by teams with a range of perspectives (sometimes across industries and countries); are refined by peer review; come with supporting guidance and mapped to other frameworks and standards; and have a user community for help, training and periodic updates. Second, there are use benefits. They are flexible for tailoring to enterprise needs, but provide a defined measuring stick; are systematic to avoid gaps; improve communications clarity (internally, and to partners, regulators and shareholders); and add genuine credibility. In short, they save time and money.
A key element of a good framework is a risk management process cycle. To guide our selection and use of tools, this book is partly organized around taking you through the steps of this cycle; the following figure, and progressive variants of it, will recur throughout the book.
As one regulator observed: “This can be used for anything, right?” Yes, it can. It applies equally well to any type of risk to operations, whether to product, process, IT, facilities, people, intellectual property, reputation—anything. The cycle offered here is based on a long history of use in professional disciplines and industries (including several areas of financial institutions). This makes it valuable for two reasons—it draws on a record of success, and it makes it easier to communicate with colleagues from various backgrounds in managing risk to operations (and strategy).
Figure 1
The process in this framework includes both evaluating and responding to risk. Evaluation steps are shown in the black circles; response steps in white. Bringing both together is the first step toward getting more business value from risk management. Starting with the topmost circle and moving clockwise:
  • Evaluate the environment and enterprise is about the environment (economic, competitive, market, political, regulatory, social, technology, natural) in which an enterprise, product or process operates. The enterprise capabilities are those in product, process, IT and other areas of the institution that work together to achieve objectives.
  • Seek scenarios illuminates how situations unfold in the environment and enterprise that can impact objectives.
  • Watch for warnings looks for signs that the potential scenarios are unfolding.
  • Prioritize uses the warning information to help select projects from the range of options that optimize risk–return performance and balance cost and benefit.
  • Improve position in environment and capability designs and implements solutions to strengthen capabilities to earn return from taking risk; reposition away from danger; reshape the environment; or some combination of these. Improving capability includes oversight, management, controls and core business process. As the cycle continues, the new state of environment exposure and enterprise capability is evaluated and the cycle continues.
The speed at which the cycle spins will depend on the speed at which real-world situations unfold. Yet the risk leader need not be a passive victim of too-rapid events. Instead, each step in the cycle also points to the value of preparation so as to be ready to respond when a warning rings. In such a situation, the inner react loop is followed.
The risk management cycle addresses the ‘normal’ situation when time is available to build capability and/or reposition in the environment. When warnings ring, then rapid reaction is required.
Figure 2
  • React immediately implements pre-planned and other actions to contain, reduce or stop an unfolding chain of events.
  • Recover begins when the cascading chain of events has been sufficiently stopped and the damaged capability can begin its journey back to ‘normal’ or ‘steady state’. Depending on the extent of the damage, this may be relatively quick and with current resources (reversing a trade or resetting failed equipment) or more extensive (fire, earthquake, flood, fraud investigations, diagnoses and fixes) requiring new resources to be prioritized. In either case, the full risk evaluation and response cycle is resumed as the enterprise seeks to continually improve performance within its environment.
  • Speed is again prominent, based on the real-world speed of the unfolding situation, reaction and recovery.
The chapters that follow address each of the steps.
“The business press and the global press regularly tell us about preventable disasters, or lesser adverse events that affect reputations, profitability and even lives. Risk management is a tool to systematically identify what could go wrong, to what degree and how could it hurt us, and then to determine how to manage, mitigate or eliminate the risk. In corporations increasingly governed by managers with specialized expertise in manufacturing, logistics, supply chains, human resources etc, only a well-organized collaborative effort can succeed in evaluating risks so that they can be managed.”
— Karen Osar
These three steps in risk evaluation will help answer common questions such as: Why are there so many ‘surprises’? Is it all really the fault of ‘unknown unknowns’? Are these situations really unknown to everyone or just to some institutions or some people in an institution? How do we get ahead of what the auditors or examiners will find next? How do we get more business value from all the resources spent on compliance?

Key concepts in these steps

The business objective of operational risk evaluation is to improve risk-adjusted return through better decisions based on a more complete understanding of risk to business operations. In financial terms, that means better risk-adjusted return on capital overall and individual investments in the institution. The test of the quality of risk evaluation is whether all the risks have been identified and understood.
Risks cannot be evaluated if we don’t know they exist. Turning the lights on is doable because there are not many risks (at least root causes) that are new in the world. A risk might be new to a certain executive, business team, or even company, and yet well-known to many other people. A key task (and opportunity) is always to find the people who already know about the risk, and engage that learning in your risk management process,...

Table of contents