ORX wins Initiative of the Year at the 2019 Operational Risk Awards

We are delighted to announce that ORX has won Initiative of the Year at the 2019 Operational Risk Awards. Held on 18 June 2019 in New York, the Operational Risk Awards honour excellence in op risk management and compliance.

ORX scooped the Initiative of the Year Award for our recent work to create a reference taxonomy for the financial services industry.

Commenting on the award win, ORX Executive Director, Simon Wills said:

“This is excellent recognition of our work. It’s testament to the fact that we’ve expanded our remit way beyond just being a data exchange for our members and now play an active and strategic role to strengthen the operational risk discipline. With our work on the reference taxonomy, we’re supporting any financial institution to better categorise their risks, and therefore helping to improve stability across the whole financial services industry.”

Read more about why we won this prestigious award…

Leading the way in creating a more proactive approach to risk management

ORX has worked with 44 of the world’s largest financial organisations to develop a new operational risk taxonomy that is more closely aligned with the way firms are set up to manage risks today. We've just launched the second phase of our work on an industry risk taxonomy – you can find out more here.

Commenting on the project, ORX’s Chairman and Group General Manager of HSBC, Mark Cooke, said:

“This is the most important structural development in operational risk management for 15 years.”

Why the change?

We recognised that the discipline of operational risk management was at a crossroads. Our work to develop a new taxonomy arrived at a crucial time in the evolution of the operational risk discipline, which has become far more proactive than the traditional frameworks have allowed for.

Through our extensive interactions with the leading firms in the financial services industry, it became clear to ORX that one of the limitations of the traditional methods was the way risks were currently being categorised. Operational risk taxonomies had simply not kept up with the changes in the way that risk was being managed. Basel event types - originally defined to assist with risk measurement - were not helping risk managers understand, manage or report on the real risks they were facing. Cyber risk, for example, was not part of the original Basel event types which were developed before this became the critical area it is today.

The other reason for undertaking this challenging work was due to divergence within the industry. Where firms have developed their own taxonomies, it is not possible to develop industry responses to key operational risk issues.

A new foundation was required.

What was the opportunity?

Advances to risk management digitisation meant that more data was available for detailed analysis. To be effective, this data needed to be linked directly to the way in which firms manage their risk today. To achieve this, a new taxonomy was needed that was:

• Clear - the new taxonomy needed to be fully understood by a broad set of stakeholders
• Current - it needed to reflect the changing business environment and risk profile to prioritise attention on, and be responsive to, today’s material risks
• Complete - the taxonomy needed to be a centralised source of truth - an umbrella function providing a holistic view and way of managing all risks and frameworks.

What challenges needed to be overcome with this project?

The biggest challenge ORX faced with this transformative programme of work was that taxonomies are notoriously difficult and costly to change because of the breadth of the areas they support. From risk control self-assessments (RCSAs) and reporting, through to event management, scenario analysis and key risk indicators (KRIs), taxonomies are used across many tools and processes. They are also integrated into different committee structures and sometimes even into organisational structures. Therefore, the case for change in an organisation needs to be incredibly robust.

How did ORX overcome these challenges to create positive change?

To begin the enormous task of modernising the taxonomy for operational risk management, ORX has worked with 44 financial services organisations from around the globe to build an understanding of how these institutions are categorising risk. Each firm completed a survey about the taxonomy practices, as well as submitting their full operational risk taxonomy, which ORX then analysed in detail, including reviewing over 4,000 lines of data. This analysis identified that 90 per cent of participants were already using more than just the event types defined by Basel, using additional risk categories to help them understand and manage their risk.

ORX’s approach to creating a more modern taxonomy has not been a strictly scientific or academic one. Instead, it has involved practical analysis of real-life taxonomies in use today. It has also involved talking with the very people who are actually using it day-to-day in order to find key areas of commonality across the different organisations. This more pragmatic approach will make it easier for risk managers to both justify and implement the change within their organisations.

Summary

ORX’s work has provided the industry with a new way to categorise operational risk data that provides the basis for a more proactive approach to risk management. Basing the new taxonomy on discussions with over 40 global institutions means that the taxonomy is practical and robust rather than focusing on academic purity.

The outcomes from the new taxonomy have acted to strengthen the quality of meaningful conversations – both within firms and across the whole industry. It provides a common, centralised language that covers the wide range of modern operational risks. Without this, inconsistent and siloed information will continue to proliferate across the industry and make the job of risk management significantly more difficult.

Further developing the op risk taxonomy

We've now begun the second stage of our work on creating a taxonomy. As our level 1 taxonomy received such interest and recognition from the operational risk industry, we have decided to further develop our initial taxonomy. This enhanced operational risk/non-financial risk (NFR) taxonomy will go deeper into level 2 risks.