2019 HORF reflects changing op risk environment

The 2019 ORX Heads of Operational Risk Forum (HORF) came at time of unprecedented change for the industry. Operational risk (we use the term to include non-financial risk) managers are facing new challenges across all areas. Digitalisation, data and automation are changing how the financial industry operates. As a result, banks and insurers are having to reinvent what they do and how they do it. On top of this, regulatory and public scrutiny of the financial services industry continues.

The recent Australian Royal Commission into Financial Services was launched to investigate practices within the financial services industry in Australia. During the rounds of testimony, the commission heard how banks and insurers have mis-treated their customers across a range of activities. These public hearings have been widely reported and have renewed the focus on the interaction between financial firms and their retail clients. The duty of care they owe to their stakeholders has been brought centre stage.

With this in the background, over 40 Heads of Operational Risk met in Singapore for two days of discussion on the key topics facing risk managers today. The agenda included digital transformation, operational resilience and risk-managing change.

Five themes from the 2019 Heads of Operational Risk Forum

Five key themes emerged throughout the event:

1. The need for simplification
2. Becoming active risk managers
3. The challenges and opportunities of digital
4. Regulatory focus and operational resilience
5. Operational risk’s strategy for the future

1. The need for simplification

A common theme throughout multiple sessions was how simplification can enhance operational risk management.  The frameworks which have developed to help manage operational risk – for example RCSA – are quite resource intensive. They involve a lot of people and take time to do, without always generating enough value. Making these less complex and more value oriented is a key focus across the industry.

It is not just frameworks that can be simplified – organisational structure was also the focus of discussions. These changes mean that operational risk can become more streamlined, quicker and more effective. As these structures are put in place, other new challenges start to surface such as who has accountability and responsibility under the umbrella. Read our study on Operational Risk: The Umbrella Function to learn more.

2. Becoming active risk managers

Traditionally, operational risk has reported across a wide variety of activities, often just noting what has happened. While this interesting and not without use, it doesn’t necessarily prevent issues from happening again. By refocusing frameworks on the proactive and effective management of risk, we can deliver more value to our organisations.

The reorientation of frameworks is happening at the same time as the environment that operational risk is operating in is becoming more agile, with a focus on delivering change and products quickly. Risk managers are being pushed to change at the same speed as the business. This means they need to make decisions quickly across a wide range of risks. But, how do they balance this with ensuring that all these risks are appropriately managed?

This theme is picked up in two of our recent research studies – Operational Risk Framework Design and Operational Risk: The Umbrella Function.

3. The challenges and opportunities of digital

Risk managers face two critical challenges when it comes digital. The first is to remain involved as the business seeks to change and change at pace. As mentioned above, firms are picking up the speed at which they develop products, launch them and bring them to market. The risks involved are diverse and require a wide cross section of skills and effective working relationships with a range of subject matter experts as well as the business. The risk manager needs to be on top of this.

This leads to the second challenge, which is that operational risk cannot be seen to be preventing or blocking progress. This is a new environment for operational risk professionals, one in which their traditional tools are not effective (see above), they have a wide set of responsibilities, and they have to act quickly and decisively sometimes with an incomplete view of the risks.

However, there are opportunities as well as challenges. Improved data and digitalisation (for example, data mining, AI and machine learning) can help risk managers understand risks to a greater extent than ever before. We're currently running a study to explore the impact of advanced analytics on operational risk.

4. Regulatory focus and operational resilience

As well as dealing with the challenges of an industry that is changing at a previously unknown rate, operational risk professionals are still faced with a variety of regulatory requirements. The regulatory environment is relatively stable at the moment, with regulators focusing on the SMA and risk-specific activities. However, there is a renewed focus on operational resilience.

Recently, there have been several high-profile cases where customers have suffered due to new systems being poorly launched and implemented – for example, the TSB system upgrade that stopped customers accessing their accounts. Not only have these instances been widely reported by traditional media outlets, they are now also shared on social media often before the company is even aware that it has an issue. This increases the potential for reputational damage and means that firms have nowhere to hide. These high profile cases and their impact on retail customers in particular have drawn the attention of the regulators (notably the PRA in the UK).

To counter this, firms must first try to prevent issues from occurring through better understanding of the changes they are making and their impact on their customer base and improved risk management. If this fails, they need be ready to respond quickly and effectively and then recover from the incident. Managing the message is now key. To better understand this challenge, we conducted in-depth interviews with 16 Chief Risk Officers from some of the world's leading banks and insurance companies. Download the report on risk-managing change to see what we found out.

5. Op risk’s strategy for the future

And what of the future? The operational risk discipline has been around for almost three decades now. Throughout this time it has evolved to achieve certain specific goals – whether that was capital modelling or building and implementing an operational risk framework with supporting technology – and it has done this very well. However, in 2019 it is not clear what the next strategic development is for operational risk.

Where do we want to be in ten years’ time and how do we want to get there? Will the industry fragment and go in different directions, or will we develop a coherent strategy and travel forwards together? The event attendees all agreed that a coherent industry-wide approach would be to the advantage of all but this is an important conversation, and it is one the ORX will continue to facilitate with our members.

An opportunity to network

As well as giving participants the chance to discuss key topical themes, our events are also a great chance to network and make connections. As well as many opportunities to chat throughout the day, we hosted a free dinner which all delegates were invited to. This was a great opportunity to get to know each other and network in an informal setting, which everyone who attended really valued.