Relationship between your role and your personal character :
The role of a risk officer, is to identify, mitigate and manage operational risk for the business unit. What is the importance of the relationship between the stakeholders who manage daily operational decisions vs the risk role.
The expectations of the risk role is to perform daily risk and control oriented activities, which helps business unit to progress and protect from various form of operational risk.
How can risk office initiate and establish a proactive risk culture with operations :
A true risk officer should know the day to day operational risk of the business unit. Risk officer should be able to focus on the right mixture of safety vs speed and empower operations in steering the show ahead.
Why cant operations team manage their own risk and why do they require an independent role to manage it ?
Operations is risk management and managing risk is operations on a daily basis. Independent role can naturally have the ability to challenge the basic assumptions the operations had and can provide a neutral view. Independent view can make a collective decision more stronger.
The relationship between the person who is running operations vs risk role is very important. The risk officer has to keenly listen and understand the requirements of operations team and their day to day priorities. Everything in operations is dynamic and can change from time to time. Therefore it is important to listen to the key messages from operations and be active in day to day operational activity.
Why should risk officer should know the business risk of the particular department ?
Every business has its own risk and it differs from market to market, product to product. client to clients.
Therefore, it is key for a true risk manager to understand the business critical situations and accordingly develop a risk mitigation plan to tackle the day to day risks of the department.
How can the risk manager develop more understanding of the business ?
It can start from the point that, exceptions are handled. Day to day break management activities, outstanding breaks, daily controls, SLA, key risk indicators etc.
Theoretically speaking , studying breaks and how a nostro, ledger and statement works in itself can be a major part of the learning. Secondly , the kind of risk events, financial loss and client complaints can act a great source of learning’s
Every day outstanding tasks and regular monitoring of volumes, capacity can also provide more context of the operational unit and kind of risk profile.
In the end, it is very important to partner with the operations stakeholders and associate with the business goals and add value to them on a daily basis.
Mostly importantly, daily, weekly, monthly update with operations is important present the review complete, observations from risk and control but also to know their change in plans, objectives, goals etc. It is very important to have a structure in place to approach objectives in a sytematic manner.
In risk and control it is easy to deviate and kind of lost in the direction. Therefore it is important to have a weekly and monthly target to complete certain set of objectives. The trick is to have a 1 year plan with a weekly/monthly target to achieve.
How do we become a true risk/control partner to operations
a) Understand operations objectives/approach and methodology
b) Understand and know operations priorities
c) Create plan to showcase value creation model on a regular basis – Value can be created by proactively identifying risks to and work with operations in implementing those controls
Between risk officer and risks in operations : Risk officer should know the key situations where exactly risks emerge. The thing is not about risks.The point is about the key situations where the issues/risks emerge from . Situations could be high volumes vs inadequate capacity, lack of clarity in roles. Lack of correct/complete procedure document. Lack of meaningful controls in the unit. Understanding and awareness of business understanding with staff, high nature of manual oriented processes. The risk officer should be focussing on the situations and suggest right methods to manage and overcome it. Operations will take on more volumes, but will have to design the capacity correctly to ensure, right level of staff are there to manage volumes on a daily basis.
Between risk officer and key stakeholders in operations : Business stakeholders know how to manage operations. They know what issues will come in their daily BAU. Whilst it is understandable that, operations manager will manage on their own, the role of a risk officer comes in handy during crucial decisions. The role of a risk officer should not be to do what is required from operations, but to ensure, what is needed in the situation and manage it from risk and control perspective. In difficult situations, risk officer becomes vulnerable and does what is told to him from operations and therefore becomes a victim. It is important to manage stakeholders, but doesnt mean, do what is told by operations stakeholders. There is a thin line of balance risk officer should maintain to ensure, the line of independency is created, maintained and visibly shown. The key is to show the independency and not individualistic behaviour. Risk officer should know, how to show risk and control team as independent and therefore the role. There are times, when the individual assumes his/her individual nature instead of the characteristic of a risk officer. At this point in time, there emerges a conflict. Operations stakeholders see risk and control officer as a police officer and not a partner. Operations stakeholder will understand, risk officer being independent, however, the point should not be prove independency alone but to offer right solutions where required.
Between risk officer and his risk role : Character mapping. Or match the following between what comes naturally vs what is required to do
Between risk office , role, & objectives
To connect with the core/heart of operations, RCO has to be aware of the power, authority, relevant business knowledge, stakeholders support. What value to be provided to the operations team has to be very clearly discussed and defined and documented. Otherwise, doing things in a timely and proactively manner will go in the bin, if not clearly articulated during the beginning of the contract. Value creation chain or process has to be clear and simple. This has to be articulate. In order to create the value chain for the operations, OR&C need to understand the priorities for the year, business goals (short term/long term).
From RCO perspective, business knowledge, process knowledge, local knowledge of the unit has to be key.
How will the operations benefit by having a dedicated RCO in place an what is the value creation the role can offer to operations.
RCO —- Value Creation—–Independency, issue based solution
RCO —-Reactive management
RCO – —Oversight
RCO —-Support & MI
Independence of Operational risk management functions:
I wanted to write about the right way of designing and functioning risk and control function in a bank. Before starting about various methods and approaches, let’s go through the basic definition of operational risk function as per Basel II. ‘Operational risk is “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events” including legal risk”. From this basic definition of risk, we can see sources from where risks emanate. Risks emerge from any flawed process, issues/wrongdoing from people, flawed application, system build out or could be a natural disaster. What’s complex in understanding the definition and implementing the same in the bank? Its’ simple isn’t? Then why do banks record heavy operational losses, huge reputational impact and legal penalties?
The way I see:
It is agreeable in investment banking operations unit, risk and reward go hand in hand if an entity desires to go, it needs risk taking appetite. Over a period, it has become synonyms that risk is reward. In any business people now talk about taking risk, start young, diversify risk, risk is courage and so many proverbs. Whilst I agree, risk is an essential element in managing and growing any commercial project, it is not just guaranteed for a sustained success. And the concept of risk is hugely spoken written and analyzed in a bank. Rightfully so , as large amount of money is deposited based on trust/assurances that there will be reasonable return on customers investment, therefore it is very important that risk is considered as core concept like profit, shareholders return, if not more.
I would like to see the concept of risk slightly differently: Risk is not bad thing, there are lots of advises and caution come in from peers, team members and managers, when someone talks about risk in an operations and banking environment. Risk is not just a concept to be cautioned or get panic; rather it should be seen as inclusive and managed methodically. When I mean ‘methodical’ I mean being ‘orderly’ being systematic’ and organized. In an organized environment, risk has to be managed in an open and orderly manner.
There are scenarios you would have seen, a senior management professional asking his team members about the daily breaks exposure and urging them to get the funds back, have the commentaries being narrated correctly, has the breaks exposure report (say above 1 mill GBP) has been shared on time etc. I feel everything is done in a ‘cautious’ manner, there is a sense of panic amongst the team member, resulting in urgency alone. And how come any action or reaction in an urgent context can be orderly and methodical. My view is risk should be thought as a method to achieve cost control, lean efficiency, and volumes management instead of just taking risk acceptance to save ‘unsatisfactory’ audit rating, seeking risk waiver for outstanding breaks beyond banks threshold etc. This mind-set has to evolve. I am not thinking of a utopian model of ‘Change’. I wanted to see a balance far sighted approach, hence my call for a right kind of ‘evolution’. Let’s agree, operations members have seen, shared, felt risk as a caution to be managed and from here, let’s evolve into seeing risk as an inclusive element like cost savings, employee engagement, lean efficiency etc. That’s my point.
Why do I feel, risk is not seen inclusive in an operations environment: if given a change, if regulators relax few significant controls, what do you think, operation unit will do? They will prepare a forecasting report to see, what does this mean, and they mention of the cost of control and say, by removing this control, by not adhering to one particular regulation, there are XX mill savings from FTE, technology, supervision and time saves. Every regulation has a purpose and it is in the best interest of the clients, investors and market efficiency. However, banks might not see the same. Banks might see it as increase in overall cost to implement the regulation in letter and spirit. And if this regulation is not implemented within agreed time frame, then the bank will attract huge fines and receive reputation damage. There comes this point of caution and fear about risk. It’s time we move across from doing for the sake of regulation.
Risk Management for Data Management functions :
Risk Management for Exception oriented functions like settlements, Middle office :
Banks leadership team: I would like to have the operations senior most leadership team to endorse this approach and start rewarding staff who employ methodical orderly manner of managing risk. Not just by give gift vouchers but also include it part of banks values, every idea, project, action, programme initiated should contain this element of risk concept, managed in a orderly manner.