Quantcast
BANKTHINK

Bankers, Regulators Embrace Fuzzy Science of Ops Risk

MAY 9, 2013 10:50am ET
Print
Email
Reprints
(2) Comments

Operational risk has become the flavor of the moment at industry risk management conferences and training sessions recently. Pioneering banks are developing new risk indicators, performing scenario analyses and grappling to quantify reputational risks.

Regulators are preaching the ops risk gospel, too, exhorting lenders of all sizes to embrace a risk-management culture.  

"Strong banks realize that the goal is not to avoid risk, but rather that they can understand it and earn an appropriate return for accepting it and managing it," Deputy Comptroller for Operational Risk Carolyn DuChene told an American Bankers Association conference last month in a keynote speech about the "5 E's of risk management."

If DuChene's message seems obvious, or a bit frothy, it might be because boiled down to its essentials ops risk is a mix of prudent management and contingency planning—ingredients that have been fundamental to the banking since its inception.

The Basel accords defined ops risk 15 years ago as "risk of loss resulting from inadequate or failed internal processes, people and systems or from external events." Turning these very general concepts into quantifiable calculations became part of banks' regulatory requirements.

"Once there was a requirement associated with ops risk, it created a mini industry in trying to measure that," recalls Karen Shaw Petrou, who's skeptical that such risk can be rendered in useful numerical terms.

The early efforts proved of questionable benefit. More recently, chastened by failures ranging from the foreclosure documentation debacle to gaping anti-money laundering lapses, banks and regulators have redoubled their efforts to detect and quantify ops risks.

One result has been a new lexicon of jargon, vendors hawking color coded risk dashboards and specialty ops risk consultancies. All were on prominent display at the ABA's annual risk management forum last month in Baltimore.

Not yet apparent is whether banks will generate value by rebranding sound business judgment and contingency planning as a cutting-edge discipline. Research on ops risk losses suggests that such failures correlate to the level of complexity and credit risk an institutions assumes. As a result, treating ops risk as something that once quantified can be easily tamed may create a false sense of confidence.

Before the 2008 financial crisis, "a lot of the profession already had operational risk people in place," says Clifford Rossi, a former risk manager for Washington Mutual who now teaches at University of Maryland's School of Business and contributes to American Banker. "Did it save any of those institutions? Hell no."

Quantifying ops risk does appear to have had successes. In certain data and technology-heavy areas, like computer security, major banks have performed quite well. If ops risk simply involved extending similar rigor and data improvements to other departments, it would likely offer big benefits.

"Once you start tracking [operations losses] systemically, with standard definitions, a lot of times you'll be surprised by additional information you can glean from these metrics," says Jane Yao, the ABA's senior vice president of benchmarking and surveys. "I think we've come a long way" since Basel's early days, she adds.

But the dangers in the latest ops-risk boom were on display at the ABA's recent forum. Experts seemed bent on deputizing risk managers as the hall monitors of institutional culture, diverting responsibility from business managers. Moreover, the treatment of ops risk management as a budding scientific discipline populated by experts could end up shielding its practitioners from outside, common-sense scrutiny.

The risk manager for a Midwestern bank indicated that she saw herself as a buffer between the line managers and the board, even if important messages get muted along the way.

JOIN THE DISCUSSION

(2) Comments

SEE MORE IN

RELATED TAGS

 

 
How the Best-Known Bankers in Town Stay Connected

Which bankers are boldface names in your city? You know the type: chairs the local Chamber of Commerce, raises big money for cultural institutions, knows everyone down at the country club and can greet a room full of customers by name. Of course having a sizeable donations budget can help buy connections, but maintaining a high level of community engagement and balancing it all with a day job at a bank comes down to skill.

We've profiled six bankers who raise this aspect of their work to an art form. They are from different institutions in different parts of the country, and each has a different story. One is a third-generation banker who has known many of her community's leaders since childhood. Another is an immigrant who began in banking as a teller, and whose commitment to volunteerism flourished along with his career. Some balance their activities with quiet alone time; others are social butterflies to the core. They are business leaders, civic boosters and ambassadors for their institutions. Here are the stories of how they became the best-known bankers in town.

Comments (2)
Good article. Indeed, operational risk is even harder to quantify than credit or market risk. Banks often lack high quality internal data for losses or the data exist but cause of loss is misclassified. It's also critical to distinguish between frequent losses but which have a low impact as opposed to the rare losses but which can having a devastating effect on a financial institution. In my professional experience working with banks and regulators, I have seen that operational risk management is the most neglected of any of the financial risks. http://bit.ly/WeXy4H www.MRVAssociates.com
Posted by Mayra Rodriguez Valladares, MRV Associates | Thursday, May 09 2013 at 2:21PM ET
While I agree Op Risk quantification and management is a fuzzy science, combining disparate risks such as fat-finger mistakes, software failures, lawsuits for suitability issues and even losses from natural disasters, the articles conclusions are misleading. Quantifying any risk is essential. One cannot manage what one cannot measure. However, there will always be one more rogue trader or fraudster who can get around preventative measures and cause substantial losses that fall outside of a company's risk tolerance. This is not to say a company should not model their loss history, adjust for the current risk environment and get a sense of the magnitude of their typical risks. Calculating a VaR does this, giving something of a benchmark.

It is intuitive that more complex systems will be more prone to error and loss. But "improving governance and internal controls" in a vacuum is not practical. Do we hire an army of consultants to review all operations and controls, then hire more staff to perform the controls or develop fixes? Despite the obvious benefits no bank can afford that today. Better to do that awful quantification using Key Risk Indicators (KRI's) to identify where controls are lacking, finding root causes for failures and then prioritize the improvement of governance and controls. THIS is risk management.

Lastly, prudent risk management as espoused by Basel and the Fed Final Rule, states that risk management should have an independent reporting line to a Board Risk Committee. It should, in effect, have some teeth. Any risk management function, not only Ops risk, should not be there just to "soften the bad news". Certainly people need to be tactful and polite. But risk management should be there to assure risks and issues get the right attention and not be swept under the rug.
Posted by Craig Williston | Friday, May 10 2013 at 7:15AM ET
Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

Email Newsletters

Get the Daily Briefing and the Morning Update when you sign up for a free trial.

TWITTER
FACEBOOK
LINKEDIN
Marketplace
Fiserv is a leading global provider of information management and electronic commerce systems for the financial services industry.
Learn More
Informa Research Services is the premier provider of competitive intelligence, mystery shopping, and compliance testing services to the financial industry.
Learn More
CSC is a leader in private-label, third-party loan servicing with 30+ years of proven experience in delivering effective, cost-effective solutions.
Learn More
Already a subscriber? Log in here
Please note you must now log in with your email address and password.