Operational risk management has evolved from the simple calculation of capital requirements to a proactive, holistic approach. This new strategy ensures that operational risk managers maintain their organizations’ profitability and brand reputation. In fact, recent financial scandals revealed that operational risk can result in incredible losses that many organizations can sometimes never fully recover from.
According to Ger Jan Meijer, Director of Operational Risk Management for Citco Fund Services (USA) Inc., there are several key steps that all organizations must take to develop a holistic approach to operational risk governance. Meijer will speak about operational risk at the Global Financial Markets Intelligence (GFMI) Proactive Operational Risk Management Conference, September 9-11 in New York. (Note: The views expressed in this interview are those of Ger Jan Meijer and are not necessarily representative of, and should not be attributed to, Citco Fund Services (USA) Inc.)
“Companies need to take risks to create value and manage risks to protect value,” Meijer said. “The challenge is to find and keep a good balance between risk and reward in a fast-changing and increasingly complex environment. Companies have to deal with new technologies, more regulations and even new disaster scenarios because of climate change. You need to find the risk before its finds you.”
Meijer pointed out that organizations must prepare for many types of operational risk, including:
- Internal Fraud: misappropriation of assets, tax evasion, intentional mismarking of positions and bribery.
- External Fraud: theft of information, hacking damage, third-party theft and forgery.
- Employment Practices and Workplace Safety: discrimination, workers compensation, employee health and safety.
- Clients, Products, and Business Practice: market manipulation, antitrust, improper trade, product defects, fiduciary breaches and account churning.
- Damage to Physical Assets: natural disasters, terrorism and vandalism.
- Business Disruption and Systems Failures: utility disruptions, software failures and hardware failures.
- Execution, Delivery, and Process Management: data entry errors, accounting errors, failed mandatory reporting and negligent loss of client assets.
“I believe that the Basel II event type categories are still a good starting point for an initial risk assessment,” Meijer said. “However, every organization has its own risk profile with different vulnerability levels for each category of risk.”
Meijer also pointed out that the most commonly overlooked operational risks inside an organization are those related to silos. “Silo mentality can result in a lack of understanding of operational risk as a driver for other risk types or could result in not identifying certain operational risks due to not fully understanding the entire process and interdependencies.”
This is the exact reason why Meijer emphasizes the importance of risk managers following a cross-silo (holistic) approach, which includes integrating the following strategies into their plan:
- Developing an organizational-wide view of operational risk, including determining the organization’s risk appetite.
- Designing and implementing a single, unified governance risk and compliance framework to identify, assess, mitigate and manage (monitor) risk.
- Developing systems to manage operational risk across different business units.
- Producing robust operational risk policies.
- Developing operational risk control matrices and risk reporting.
“It is not easy to objectively measure the added value of an effective operational risk management program,” Meijer explained. “However, certain statistics and trends can prove added value and success of an effective operational risk management program, e.g., incidents, KRI and KPI levels, client satisfactory surveys audit findings and exit interviews.”
As a speaker at the 2013 GFMI Proactive Operational Risk Management Conference in New York, Meijer looks forward to hearing from his risk management colleagues with other organizations about their challenges. “Operational risk management is a relatively new discipline and still in development,” he said. “I’d like to get new ideas about how to further develop the risk management framework of within my current organization.”
The GFMI Proactive Operational Risk Management Conference will take place in New York, September 9-11. For more information, visit the Proactive Operational Risk Management Web page or contact Tyler Kelch, Marketing & PR Coordinator, GFMI at 312-540-3000, ext. 6680 or email@example.com.
About Global Financial Markets Intelligence
GFMI is a specialized provider of content-led conferences for the financial markets. Carefully researched with leading financial market experts, our focused quality events deliver key bottom-line value through targeted presentations, interactive discussions and high-level networking opportunities.