The credit and market risk management are well known subjects in banking. However, operational risk management (ORM) has become a serious emerging issue for the regulators. In recent times this is being particularly stressed by Bank of International Settlement (BIS) under Basel II accord.
The Basel II provides three compliance options under ORM ie Basic indicator, Standard approach and Advance Measurement Approach. (AMA). The most desired compliance of them from a regulatory view is AMA. The susceptibility of the regulators not to impose any deadlines on ORM is quite justified. The severity of ORM's implementation can vary from country to country depending on the advancement of the financial market and institutions.
This is particularly valid for the emerging market in Sub-continent and the Middle East. It is quite true that most banks are not yet clear about the ORM implementation approach. The main reason being that it represents a huge task with very little competencies and data availability compared to credit and market risks.
WHILE TALKING ABOUT ORM, DIFFERENT ISSUES COME INSTANTLY TO OUR MIND DEPENDING ON EACH PERSON'S PERSPECTIVE AND AWARENESS. FOR INSTANCE:
-- To shareholders: Cost and gains
-- To Business Managers: We are already doing it. How much we have to do it.
-- To Project Managers: Systems & Software
-- To Risk Managers: Opvar, Models, Quantitative methods, etc.
-- To Regulators: Compliance of Basel II, Sarbanes-oxley
ORM simply means to identify your potential business risk within Basel II frame work (ie People, systems. Internal process) and decide how to manage the same if it can adversely affect your business. However, the nature and extent can again vary from one business to another. In other words, the first logical step would be to ensure compliance of internal control framework in line with the Basel II requirement supervised by independent function of Operational Risk Management.
THE OBJECTIVES OF ORM SHOULD BE TO:
-- Identify the inherent risk and report residual risk to the senior management
-- Ensure continuity of the of risk assessment and management process
-- Ensure that the controls are embedded in the process and reflected in procedures
-- Ensure independent function for loss data collection
-- Encourage internal control and risk awareness culture for example:
-- Good corporate governance (Shareholder, Board of Directors commitment)
-- Risk awareness control culture (eg People)
-- Implementation of best practices (eg BCP, ISMS)
-- Strive for AMA approach that is:
-- Reasoning through quantitative methods and statistics
-- Models, stress testing
-- Risk mitigation against those identified risk
Furthermore internal control function should be organised in two distinct functions that ie (a) Permanent Control and (b) Periodical control. Permanent control could be treated as a part of the ORM, while periodical controls would normally be an audit function.
In my recent ORM related project (Risk identification and awareness program), I was stunned to note the dimensional benefits that can be achieved through ORM. Although, it was a very modest attempt to any ORM project but it is worth noting the benefits:
Potential business managers empower to take risk (risk appetite) and in each business unit could be identified.
Employees were trained for managing the identified risks on a day to day basis.
Business processes were improved due to comfortable participation and communication with the employees compared to auditors for example.
Employee's commitment was enhanced further to linking of his / her performance to loss data and near miss incident reporting.
Establishing data required for AMA and to attain its results will be painstaking tasks at least in our part of the world. However, this does not mean that we will only rely on others. A simple approach of introducing risk awareness and management along with the best practices can reap in immediate secured conditions for any business as well as an edge against competitors for future requirement.
Comments
Comments are closed.