Profisor
Profisor
  • Home
  • About Us
    • Leaders & Advisors
  • Industry
    • Banking Financial Services & Insurance >
      • USA Mortgage Market Study
      • Underwriting Engine
    • Healthcare >
      • Hospital Asset Utilization Study
      • USA Healthcare Market Study
    • Retail >
      • Social Media & Advanced Analytics
      • Are You Flying High Enough?
      • AAP Penetration in Punjab
    • Pharmaceuticals
  • Services
    • Consulting
    • Analytics
    • Outsourcing
  • TRINITI
  • People
    • Careers
  • View Point
  • Contact Us
  • Home
  • About Us
    • Leaders & Advisors
  • Industry
    • Banking Financial Services & Insurance >
      • USA Mortgage Market Study
      • Underwriting Engine
    • Healthcare >
      • Hospital Asset Utilization Study
      • USA Healthcare Market Study
    • Retail >
      • Social Media & Advanced Analytics
      • Are You Flying High Enough?
      • AAP Penetration in Punjab
    • Pharmaceuticals
  • Services
    • Consulting
    • Analytics
    • Outsourcing
  • TRINITI
  • People
    • Careers
  • View Point
  • Contact Us

We bring You latest perspectives & bespoke Research based Evolving business practices

What Will Wreck The Trek

2/28/2017

0 Comments

 
How must Financial Institutions Plan and prepare when charting a journey towards operational risk management?

People, Process and Technology, the Operations Ecosystem, is fast evolving, and posing new challenges and risks for the senior management.  Time and again the robustness of an organization’s machinery is undergoing a test of its design, its capability maturity and its operating effectiveness.  Recent and recurring market and industry risk events have re-emphasized the need for Indian Financial Institutions to recognize their failures resulting from sub-standard business practices and inadequate technology investments, and to position renewed energies into Operational Risk Management. 

Highlights of few select events from the recent past are as follows:
Picture
Picture
  • Axis Bank suspends more employees and files several Suspicious Transaction Reports (STRs) over violation of Anti Money Laundering (AML) and Know Your Customer (KYC) norms in a racket of illegally exchanging demonetised currency notes
  • IRDAI slaps a penalty of INR 35 lakhs on Bharti AXA General Insurance for breach of Outsourcing and Corporate Governance guidelines . . company was soliciting business with unauthorised entities
  • RBI slaps INR 27 crore penalty on 13 banks for FEMA violations and lapses in KYC rules; INR 5 crore penalty alone on Bank of Baroda . . deficiencies and failures noted in internal control AML machinery
  • Gross NPAs of banks nearly double to INR 629,000 crore . . State Bank of India leading the list with its gross bad loans soaring to INR 100,000 crore
  • Cybercrime in India up 300% in 3 years; 30 million across the nation fell victim to online frauds . . financial losses resulting from cyber-crime rise beyond $4 billion, annually
  • NSDL’s negligence in reporting Cyber Breach disappoints SEBI . . a detailed inquiry by the regulator revealed ‘very weak security controls’
  • 25 banks penalized a total fine of INR 60 crore for flouting money laundering and KYC norms; RBI cancels 56 NBFC licenses to operate business
  • Poor risk management system and persisting issues with the treatment of collateral
Picture
Picture
  • Compromised Independence of RBI . . when the RBI signed off on demonetisation, its central board had the lowest number of directors in 15 years and only three truly independent directors
  • RBI tightens NBFC rules; NPA norms on par with banks . . NBFCs to make submission on non-performing assets (NPA) and capital adequacy ratios
  • NBFCs require higher minimum capital, have less time to declare bad loans, and a board-approved fit and proper criteria for appointment of directors
  • RBI plans to procure an Audit Management and Risk Monitoring System (AMRMS) to efficiently facilitate its Internal Audit and Risk Monitoring functions
  • RBI asks banks to strengthen their internal audit mechanisms and perform a thorough review of data security measures
  • SEBI issues guidelines asking companies and government to appoint at least one woman director on their boards . . to ensure gender diversity on high-table under corporate governance norms
  • Government appoints 3 Directors on RBI Central Board as part-time Non-Official Directors for more transparency
  • Conduct of business – a key priority – awaits RBI guidance for assessment and standard implementation
In a previous article on this subject – Mind The Gap – we elaborated on the boundaries between operational risk with conduct risk in context to the changing regulatory landscape in UK.  Understanding these risk boundaries is not a complex process but implementing an organization-wide methodology "consistently" is a significant task.  Mature markets in the western economies continue to explore and develop scalable and sustainable models to embed a culture of risk management. 

Financial Institutions in India have made varying degrees of effort and resource investments in developing policies, processes and controls, followed by periodic self-assessments of risks and controls.  While a few have exercised rigor in performing comprehensive risk impact assessment studies, most others have bought themselves a ready reckoner, a checklist, that acts as a handbook to meet regulator’s expectations.  Organizations who perceive this as a problem of non-compliance with policies and procedures continuously make additional investments in cultivating a culture of absolute compliance. 

However, quantification of effort and investment for exercising control over operations and realizing efficiencies remains a difficult challenge.  Only a handful organizations have chosen the path of evaluating their investment to perform an integrated analysis of operational performance and risk management for greater good of their business, to drive efficiencies and to optimize costs.  Reviewing the recent risk and regulatory events in India and the maturity of risk management practices followed by Indian Financial institutions, we recognize the need for defining essential capabilities that form part of an operational risk management framework.

Let’s begin by examining the key elements of an operational risk management framework.
Picture
Copyright © Profisor Services Pvt. Ltd. 2015.  All rights reserved. This document is subject to contract and contains confidential and proprietary information.

"There are many pitfalls in the journey Towards effective operational risk management that will ‘Wreck Your Trek’ . . . . knowing them ahead of time will certainly help in planning for the rough phases and managing the challenges more confidently."

Where does one start?  What are the key enablers of operational risk management?  What is the role for technology?  What are the necessary capabilities?  How should one develop capabilities?  How does one test the level of maturity?  What mature practices from western economies offer ready learning?  Answers to these and many related questions will offer insights into challenges, hurdles, which most financial institutions encounter in their efforts to embed an effective operational risk culture.

With that aim in mind we present you the typical journey, articulating in detail the best practices, success factors, potential issues, causes of inefficiencies and industry-wide challenges at every stage of the process - from ORM Enablers to Risk & Control Self Assessment (RCSA), Key Risk Indicator (KRI) & Risk Events to Stress Testing and to Capital Management.

Insightful Journey Into Effective Operational Risk Management

Picture
Copyright © Profisor Services Pvt. Ltd. 2015.  All rights reserved. This document is subject to contract and contains confidential and proprietary information.
While the above info-graph offers learning opportunity, in our experience, organizations always benefit from engaging with proficient advisors to determine an approach for robust capability development to effective operational risk management.

Remember, resources are scarce and any wasteful investments will adversely impact your operational losses!
0 Comments

Mind the Gap . . . . 

1/2/2016

 
U.K. firms must prepare to map the relationship between operational and conduct risk . .
April 2013

It won’t be long before a new regulatory supervisor, the Financial Conduct Authority (FCA), one of the successors to the U.K.’s Financial Services Authority, comes knocking on the door. For U.K. financial firms, now is the time to map the relationship between operational risk and conduct risk.

Over the past three years a majority of operational losses occurred in the “clients, products and business practices” event category. Mis-selling, billing errors, failure to pay client claims … the list is ever growing and represents huge operational losses. Hence the U.K.’s new twin-peaks model, which has a particular focus on conduct-of-business, or conduct, risk.

Consumers today understand the definition of conduct risk through their own experiences — either their medical insurance has failed to provide necessary coverage, their investments are now worthless, or their pension claims are just claims. Recognizing the consumer demand for fair and suitable products, financial institutions face an enormous challenge in designing their product offerings and trade strategies to not only ensure future growth and profitability, but also to win shareholder confidence.

In this article we will analyze the relationship between conduct risk and operational risk, while charting the opportunities and benefits of collective risk and compliance management under the organization-wide operational risk management framework.

Mis-selling of interest-only mortgages, a conduct risk event, may result from incorrect advice on the mortgage product or inadequate checks on the borrower’s in-place capital repayment vehicle. “Wrong advice” qualifies under the “product flaws” and/or “product suitability and disclosure” operational risk event categories, and “inadequate checks” qualify under the “improper business or market practices” category. Controls devised to monitor and mitigate such events, though ineffective, may exist in the risk and control assessment document, which is a key component of the operational risk management framework.

Financial institutions must recognize these relationships before endeavoring to add measures to monitor compliance with conduct-of-business rules. It is highly likely that supervisory reviews, rising product claims and compliance issues will drive management’s focus toward a specific event or a product class, like mortgages. Nevertheless, for effective conduct-of-business compliance, organizations must act to enhance their operational risk management capabilities.

Essential enablers and components of an effective operational risk management framework are illustrated in Figure 1.
Figure 1 – An Effective Operational Risk Management Framework
Picture

Operational risk management techniques have evolved over the past few years, yet financial institutions have not made much progress on the effective implementation of these standards. Traditional techniques with a heavy focus on risk and controls, inconsistent risk management standards, and inconsistent interpretation and application of policies and procedures have resulted in teething problems, including:

  1. Disparate and deficient operational risk taxonomy
  2. Large counts of ineffective risks and controls
  3. High volumes of immaterial control issues
  4. Lack of risk ownership
  5. Ineffective and inconsistent mitigation plans
  6. Inconsistent use and application of KRIs
  7. Inadequate operational risk MI
  8. Deficient loss event capture process
  9. Lack of historical internal loss database
  10. Unclear risk appetite definition

When planning to enhance their operational risk management framework, financial institutions must assess the relationship with conduct risk before embarking on a journey to manage compliance requests from the regulators. Below is a viewpoint on – or an approach to – the crucial next steps.

1.  Understand the definition and significance of conduct risk

Where should you find conduct risk definitions? A good starting point is the FCA’s Risk Outlook, which sets out the most significant retail conduct risks.  For example, changes in product design pose a strategic risk, but the complexity of design or lack of marketing disclosures pose operational risks with a potential for reputational damage. Mis-selling is a “business practice” operational risk event and also falls under the definition of conduct risk. Articulating the relationship between operational risk and conduct risk is a fundamental step for effective monitoring and management of these risks.

2. Map conduct risk relationships in the operational risk taxonomy
Accurate operational risk taxonomy, which is a key enabler, outlines the strong foundation of a robust operational risk management framework. Identify and map conduct risk relationships –based on the nature of business and product offerings — to the operational risk taxonomy. Remember the boundary definitions when categorizing operational risk events as conduct risk. This step also offers an opportunity to find gaps in accuracy and completeness in the existing operational risk taxonomy.

Operational risk technology infrastructure will play a significant role in the effective management and reporting of conduct risk. Ease of use, data customization and the ability to expand the data dictionary will help in implementing unified operational risk management standards with an explicit focus on conduct risk.

3.  Enhance policies and procedures
Past supervisory reviews have reflected weaknesses in management’s policy framework — jurisdictional vs. global, and divisional vs. group standards, for example. Review the existing policy statements and procedures for inconsistent definitions and the potential for misinterpretation. Enhance and develop unified standards for effective measurement, monitoring and management of operational risk and conduct risk.

4.  Create awareness
Common understanding and consistent use of the operational risk taxonomy, including conduct risk relationships, will be essential for driving enhancements to the operational risk management framework. Create awareness of conduct risk relationships and an enhanced operational risk taxonomy by hosting workshops, to develop skills and train “risk champions” or people responsible for managing operational risk in the organization.

Clear and well communicated risk management strategies and appetite definitions help embed risk culture in the organization. Involve people responsible for implementation of operational risk management frameworks when developing standards and policy statements. Results will be visible in the quality of risk management information, risk mitigation responses, and escalation of threats and concerns.

5.  Assess and align the operational risk framework
Review the key components of the operational risk management framework — risk and control assessment, control assurance, loss and risk event analysis, and key indicator analysis — for conduct risk coverage. One key aspect of such an assessment should be the ownership of risks and controls. Most organizations still struggle to assign responsibility for risk and to make the business accountable for managing these risks.

Another key aspect is the use of “risk indicators”. With conduct risk in question, organizations will have to re-align key risk indicators for effective analysis and compliance. For example, monitor and measure product design change vs. product mis-selling, cost reduction initiatives vs. quality of customer service, use of advanced payment platforms vs. potential for fraud, and others.

While the Financial Conduct Authority will question compliance with conduct-of-business rules, the Prudential Regulation Authority will question compliance with regulatory capital standards. Many financial institutions suffer from deficiencies in their historical loss event database, which is needed to perform scenario analysis and stress testing. Establish robust standards for loss and risk event capture. Validate and capture loss and risk events, when possible, keeping in mind the boundary definition and relationship between operational risk and conduct risk. For instance, while performing a root-cause analysis for reasons of product mis-selling, map and capture resulting claims (losses) to the correct operational risk event categories — “product flaws” or “product suitability and disclosure” or “improper business or market practices.” A comprehensive account of internal losses will help in conducting empirical study for capital management and to establish an adequate risk appetite definition.

Resources are scarce so be wary of the end-to-end impact of regulatory change on your operational risk management framework. Aligning a compliance program to respond to regulators’ requests is essential for compliance monitoring and reporting. However, for effective regulatory compliance, such initiatives must be aligned under an umbrella program with the overarching objective of enhancing the operational risk management capabilities. Otherwise, budgets wasted on “monitoring and reporting” will have to be considered operational losses under the “execution, delivery and process management” operational loss event category.

    Author

    Profisor Team - Proficient Advisors.
    Non-Linear Thinking.
    Intelligent Solutions.

    Categories

    All
    Analytics
    Consulting
    People Analytics
    People Consulting
    Risk Consulting
    Strategy

    RSS Feed

    View my profile on LinkedIn

Services

Consulting
Analytics
Outsourcing

Company

About Us
People
Leaders & Advisors

Connect

View Point
Contact Us
Careers
© COPYRIGHT 2015-2020.  ALL RIGHTS RESERVED.


Profisor Services Private Limited
Management Consulting Office

Welldone Technology Park, 1106 A & B,
Sohna Road, Sector - 48
Gurgaon, Haryana 122 018 India


mobile India:  +91 70110 69795
email:  info@profisor.com



Privacy Policy & Terms of Use