Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Infrastructure

05:18 PM
Andrew Waxman
Andrew Waxman
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Re-Thinking Operational Risk on Wall Street

With no let-up in the flow of operational risk accidents at major banks, firms are hiring more seasoned experts and throwing more resources at the function. But more work needs to be done.

The profile of operational risk has been greater than ever in 2012 with record fines imposed by regulators for anti-money laundering (AML) and Libor rate manipulations, coupled with stunning losses from risk management and technology failures and insider trading prosecutions unabated. So the question must be asked: what exactly is the job of operational risk departments on Wall Street and are they doing it?

There have historically been two drivers behind establishment of operational risk functions: major operational risk events and the regulators, themselves responding to those events. Operational risk management really got started with Nick Leeson and his unchecked trading that led to the collapse of Barings investment bank in 1995. Following this watershed event, the Basel Committee on Banking Supervision, an internationally recognized body by global banks, took action, ultimately introducing a capital charge and a framework for operational risk management under the Basel II accord. Key components of this framework included requirements for banks to report internal events, assess and improve internal controls and estimate worst case risk scenarios.

Though it has been a decade since Basel II's implementation, there has been no let up, and maybe even an increase in the flow of large operational risk incidents. While this may be in part due to increased awareness and reporting, it is also clear that a check the box approach to meeting the needs of regulators is far from sufficient if banks are to manage their operational risks effectively.

There are signs that help is on its way. CEOs finally after seeing their peers lose their footing at Barclays and UBS due to operational risk events, are getting the message. Boards are demanding to know if their business could suffer in similar ways to peers who have suffered operational risk losses. Both are demanding of chief risk officers (CROs) greater fluency with operational risk issues. CROs, though primarily still from the market risk discipline, are in turn seeking greater detail and understanding of risk events and risk mitigation plans. They are also seeking more seasoned executives and greater resources for the operational risk function. However, still more is needed to bring operational risk under control.

Organizations that are open to discussing their flaws are generally much better equipped to deal with operational risk. Imagine the harm where the fact pattern and scenario of a rogue trading incident in one division and region are not shared with other divisions' and regions’ risk managers. Could it not more easily reoccur elsewhere within the bank? Effective operational risk management cannot flourish in the closed societies that are so often the case on Wall Street.

By being honest about weaknesses, an organization gives itself an opportunity to address them before they lead to large losses. Operational risk departments have an important role in promoting such a culture. First, they can help their firms to learn more about their operational risks internally by ensuring lessons learnt from operational risk events are spread across silos. Second, they can help to ensure events that have taken place at their peers are discussed within their own organization and establish whether any pertinent control gaps or exposures exist. Finally, they can act as an important independent voice able to report upwards any issue they see without fear of reprisal.

With such a strengthened mandate and operating within an open society, Operational Risk Managers can help stem the flow of these losses and incidents and get some respect on the Street. To be fully effective, however, they need to build better tools. How to do so will be the subject of a follow-up article.

Andrew Waxman writes on operational risk in capital markets and financial services. Andrew is a consultant in IBM's US financial risk services and compliance group. The views expressed her are those of his own. As an operational risk manager, Andrew has worked at some of the ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.