Operational Risk Management: A Survival GuideJanuary 11, 2016
By Zenobia Sethna
As the largest financial institutions grapple with how to better recognize, manage and mitigate losses from emerging risks, the takeaway is clear: it is imperative that organizations evolve their operational risk management practices now with future needs in mind.
A great deal is at stake, and not just in terms of direct financial costs or legal and regulatory liability. To paraphrase über-investor Warren Buffett, it takes twenty years to build a reputation and, in some circumstances, just one mishap to ruin it. This is why controlling operational and regulatory risk is so important to investment management firms, their clients, investors, regulators and trading partners.
Managing the following risks will be essential – not only for proactively addressing new operational risks, but, even more so, in helping the global banking community emerge as a more reliable industry that is more resilient than ever when faced with unpredictable events:
1. Complacency – These risks crop up in flawed business continuity plans, poor recordkeeping and deficient insurance coverage. Other practices, as any Risk management course would tell you, that place organizations at risk include hiring under-qualified personnel, neglecting to train employees, disregarding feedback from middle- and back-office staff, operating without an electronic document management system and failing to review employees’ work. To tackle these issues, firms must consider better training, tighten up internal procedures and improve communication.
2. The Blind Leading the Blind – Mid-level and senior managers who are not familiar with investment operations may rely on subordinates who are equally unqualified for the job at hand. External operational reviews can help identify these risks. To address them, consider ways to improve hiring, promotion and coaching practices as well as strengthening due diligence frameworks.
3. Novices, Apprentices and Soloists – Problem areas here include small, specialized teams that work in silos, and individuals who assume sole responsibility for a function or relationship, often zealously protecting their turf. Paying attention to organizational design, training and cross-training can encourage teamwork and reduce key-person risk at all levels.
4. Dropped Batons – Information transfer and handoffs between personnel, departments, organizations and systems are fraught with communication and timing challenges. The most useful tools to identify potential red flags are system diagrams that identify applications and their interfaces, and workflow diagrams that display hand-offs between teams or departments, and between the firm and external counterparties or clients.
5. Naïve Reliance on Technology – While automation can mitigate operational risk, it can create new threats if systems are not carefully designed or implemented. To reduce those risks, make sure that staff and consultants who deal with operational systems know how to perform automated functions manually and, furthermore, understand their operational context, including system and workflow linkages. Other high priorities include keeping system access permissions up to date, maintaining system infrastructure, and building in thorough audit trails. The criticality of written functional specifications and detailed testing cannot be overemphasized.
6. Playbooks – Non-existent, outdated or incomplete process-and-procedure documentation is frequently anelement in operational breakdowns. The solution, again, is workflow diagrams that are kept up-to-date and readily available. Not only are such workflows important in the effort to lower day-to-day risks, they also help in disaster recovery. Firms should also have well-defined issue escalation protocols that define both the magnitude and timing of potential impacts.
7. Amalgamated Assignments – When designing organizational structures, policies and procedures for the segregation of duties, it is important to maintain the distinction between the firm and the fund(s) it manages. Operational reviews can help detect conflicts of interest as well as opportunities for theft or fraud. Firms may want to consider instituting some degree of shadow accounting, whereby investment managers maintain their own sets of books and records for comparison with those of custodians, auditors and independent third-party fund administrators.
8. Reconciliation Gaps – Less than comprehensive procedures can leave investment managers unknowingly exposed to risks. To reduce that exposure, firms should conduct full reconciliations between their records and those of the custodians and administrators, with a requirement for supervisory review and accountability. Full reconciliations include comparisons of cost basis and market value, security identifiers, and local-currency cash balances; and reconciliation of margin or collateral positions using statements from the party holding the assets.
9. Reading the Fine Print – Legal documents should be analyzed not only by the firm’s attorneys, but also by knowledgeable operational managers. When assessing the counterparty risk, firms need to identify exactly which legal entity is their counterparty, determine who has regulatory jurisdiction, and continuously monitor net exposures as well as the creditworthiness of the counterparty.
10. Poor Planning and Slow Response Times – Investment management organizations that fail to plan ahead may sustain huge business and operational impacts as a result of the sweeping regulatory, marketplace and competitive changes that are transforming the industry. Against a backdrop of expanding regulatory requirements, clients and investors are pressing firms to increase transparency, fast-track reporting, and cut risks—all while lowering advisory fees. Operational benchmarking can help firms to analyze cost structures and the financial impacts of changes in key business drivers. A risk management course for the team is a must.
This is a small taste of what you will learn in Management Development Program, operational risk management workshop on 21st to 22nd January, 2016. Learn more about the program here.