05:18 PM
Andrew Waxman
Andrew Waxman
Connect Directly

Re-Thinking Operational Risk on Wall Street

With no let-up in the flow of operational risk accidents at major banks, firms are hiring more seasoned experts and throwing more resources at the function. But more work needs to be done.

The profile of operational risk has been greater than ever in 2012 with record fines imposed by regulators for anti-money laundering (AML) and Libor rate manipulations, coupled with stunning losses from risk management and technology failures and insider trading prosecutions unabated. So the question must be asked: what exactly is the job of operational risk departments on Wall Street and are they doing it?

There have historically been two drivers behind establishment of operational risk functions: major operational risk events and the regulators, themselves responding to those events. Operational risk management really got started with Nick Leeson and his unchecked trading that led to the collapse of Barings investment bank in 1995. Following this watershed event, the Basel Committee on Banking Supervision, an internationally recognized body by global banks, took action, ultimately introducing a capital charge and a framework for operational risk management under the Basel II accord. Key components of this framework included requirements for banks to report internal events, assess and improve internal controls and estimate worst case risk scenarios.

Though it has been a decade since Basel II's implementation, there has been no let up, and maybe even an increase in the flow of large operational risk incidents. While this may be in part due to increased awareness and reporting, it is also clear that a check the box approach to meeting the needs of regulators is far from sufficient if banks are to manage their operational risks effectively.

There are signs that help is on its way. CEOs finally after seeing their peers lose their footing at Barclays and UBS due to operational risk events, are getting the message. Boards are demanding to know if their business could suffer in similar ways to peers who have suffered operational risk losses. Both are demanding of chief risk officers (CROs) greater fluency with operational risk issues. CROs, though primarily still from the market risk discipline, are in turn seeking greater detail and understanding of risk events and risk mitigation plans. They are also seeking more seasoned executives and greater resources for the operational risk function. However, still more is needed to bring operational risk under control.

Organizations that are open to discussing their flaws are generally much better equipped to deal with operational risk. Imagine the harm where the fact pattern and scenario of a rogue trading incident in one division and region are not shared with other divisions' and regions’ risk managers. Could it not more easily reoccur elsewhere within the bank? Effective operational risk management cannot flourish in the closed societies that are so often the case on Wall Street.

By being honest about weaknesses, an organization gives itself an opportunity to address them before they lead to large losses. Operational risk departments have an important role in promoting such a culture. First, they can help their firms to learn more about their operational risks internally by ensuring lessons learnt from operational risk events are spread across silos. Second, they can help to ensure events that have taken place at their peers are discussed within their own organization and establish whether any pertinent control gaps or exposures exist. Finally, they can act as an important independent voice able to report upwards any issue they see without fear of reprisal.

With such a strengthened mandate and operating within an open society, Operational Risk Managers can help stem the flow of these losses and incidents and get some respect on the Street. To be fully effective, however, they need to build better tools. How to do so will be the subject of a follow-up article.

Andrew Waxman writes on operational risk in capital markets and financial services. Andrew is a consultant in IBM's US financial risk services and compliance group. The views expressed her are those of his own. As an operational risk manager, Andrew has worked at some of the ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/31/2013 | 9:43:14 AM
re: Re-Thinking Operational Risk on Wall Street
Informative article. Read a whitepaper about this very topic " Which SOC controls report is right for your organization " it offers valuable tips on SOC Controls reports , readers will find it very helpful @
More Commentary
Data Integrity: A Necessity, Not an Option
Financial institutions that have taken on the data integrity task in the past now have to spend more money on hardware, software, and people just to keep up with the demand.
What Colombia’s New IT Campaign Means for Latin American Tech Investment
Colombia’s campaign is the latest example of how Latin America is trying to edge into the global technology space.
Initial Margin: When Does More Turn Out to Be Less?
Changing margin regulations are set to affect the OTC derivative market, including initial margin risk models for non-cleared OTCs.
The Mainframe Innovation Drag
It may be time for a consortium of firms motivated around the objective of eliminating the mainframe. What if every self-clearing firm decided to participate in building a modern, back-office system as an open-source, cloud-based project?
Big Data DIY
Now that we have passed the initial hype phase of big data, companies are searching for real business value from their investments. Consultants can play a part, but only if financial firms insist on a new partnership model.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.