05:18 PM
Andrew Waxman
Andrew Waxman
Connect Directly

Re-Thinking Operational Risk on Wall Street

With no let-up in the flow of operational risk accidents at major banks, firms are hiring more seasoned experts and throwing more resources at the function. But more work needs to be done.

The profile of operational risk has been greater than ever in 2012 with record fines imposed by regulators for anti-money laundering (AML) and Libor rate manipulations, coupled with stunning losses from risk management and technology failures and insider trading prosecutions unabated. So the question must be asked: what exactly is the job of operational risk departments on Wall Street and are they doing it?

There have historically been two drivers behind establishment of operational risk functions: major operational risk events and the regulators, themselves responding to those events. Operational risk management really got started with Nick Leeson and his unchecked trading that led to the collapse of Barings investment bank in 1995. Following this watershed event, the Basel Committee on Banking Supervision, an internationally recognized body by global banks, took action, ultimately introducing a capital charge and a framework for operational risk management under the Basel II accord. Key components of this framework included requirements for banks to report internal events, assess and improve internal controls and estimate worst case risk scenarios.

Though it has been a decade since Basel II's implementation, there has been no let up, and maybe even an increase in the flow of large operational risk incidents. While this may be in part due to increased awareness and reporting, it is also clear that a check the box approach to meeting the needs of regulators is far from sufficient if banks are to manage their operational risks effectively.

There are signs that help is on its way. CEOs finally after seeing their peers lose their footing at Barclays and UBS due to operational risk events, are getting the message. Boards are demanding to know if their business could suffer in similar ways to peers who have suffered operational risk losses. Both are demanding of chief risk officers (CROs) greater fluency with operational risk issues. CROs, though primarily still from the market risk discipline, are in turn seeking greater detail and understanding of risk events and risk mitigation plans. They are also seeking more seasoned executives and greater resources for the operational risk function. However, still more is needed to bring operational risk under control.

Organizations that are open to discussing their flaws are generally much better equipped to deal with operational risk. Imagine the harm where the fact pattern and scenario of a rogue trading incident in one division and region are not shared with other divisions' and regions’ risk managers. Could it not more easily reoccur elsewhere within the bank? Effective operational risk management cannot flourish in the closed societies that are so often the case on Wall Street.

By being honest about weaknesses, an organization gives itself an opportunity to address them before they lead to large losses. Operational risk departments have an important role in promoting such a culture. First, they can help their firms to learn more about their operational risks internally by ensuring lessons learnt from operational risk events are spread across silos. Second, they can help to ensure events that have taken place at their peers are discussed within their own organization and establish whether any pertinent control gaps or exposures exist. Finally, they can act as an important independent voice able to report upwards any issue they see without fear of reprisal.

With such a strengthened mandate and operating within an open society, Operational Risk Managers can help stem the flow of these losses and incidents and get some respect on the Street. To be fully effective, however, they need to build better tools. How to do so will be the subject of a follow-up article.

Andrew Waxman writes on operational risk in capital markets and financial services. Andrew is a consultant in IBM's US financial risk services and compliance group. The views expressed her are those of his own. As an operational risk manager, Andrew has worked at some of the ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/31/2013 | 9:43:14 AM
re: Re-Thinking Operational Risk on Wall Street
Informative article. Read a whitepaper about this very topic " Which SOC controls report is right for your organization " it offers valuable tips on SOC Controls reports , readers will find it very helpful @
More Commentary
SEC Examinations: What to Expect When the SEC Is on It's Way
Theodore Eichenlaub highlights trends in SEC expectations and how to approach a risk assessment of your compliance program.
The Value of Predictive Analytics in Financial Services
Risk management and customer data are two key areas where data analytics is being applied in financial services.
Moving the Trader Closer to the Investment Process
The sell side can demonstrate more value by applying analytics to pre- and post-trading, and by educating buy-side clients about broker segmentation, trading behavior and algorithm shortcomings, and more.
Wirehouses May See More Independent BDs as Retention Packages Expire
Retention bonuses are expiring, leaving brokerages vulnerable to attrition. Is access to technology making it easier for brokers to go independent?
SCI: A Whale of a Regulation
The SEC's Reg SCI weights in at a whopping 742 pages. Here is what you need to know about the oversized regulation.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.