The initial role of operational risk management focused on identifying and reporting non-financial risks such as regulatory risks, third-party risks and litigation. We believe this mandate should be expanded so that the second line is an effective partner for the front line and plays a challenging role in supporting the fundamental resilience of the business model and processes. Process disruption is now at the heart of many non-financial risks, including negative regulatory outcomes such as lack of disclosure, customer and customer disruption, and revenue and reputational costs. The business risk management function should help Chief Risk Officers and other senior managers answer several key questions, including: Have we designed business processes in each area to achieve consistent and positive outcomes for clients? Do these processes work well under normal, stressful conditions? Is our change management process robust enough to avoid disruption? Is the operating model designed to limit the risk of malicious actors? The benefits for the financial service providers who create this are significant. Efforts to address new challenges are already having a measurable impact on results. For example, a global bank fought unacceptable false positive rates in money laundering detection (AML), which reached 96%. Using machine learning to identify critical data failures, the bank made the necessary improvements to data quality, quickly eliminating approximately 35,000 hours of investigation. A North American bank assessed behavioural risks in its retail banking services. Using advanced analytics models to monitor the behavior patterns of 20,000 employees, the bank identified unwanted anomalies before they became serious problems. The case for change is indeed multiple and compelling, but transformations can pose significant challenges to functions and their institutions. Risk is inherent in all tasks, training, missions, operations and personal activities, no matter how routine. The most common cause of task degradation or failure is human error, especially the inability to manage risk consistently. The MNO reduces or compensates for risks by systematically identifying hazards and assessing and controlling associated risks so that decisions can be made that weigh the risks against the benefits of missions or tasks.
As professionals, naval personnel are responsible for risk management for all tasks, while managers at all levels are responsible for ensuring that appropriate procedures are in place and that their personnel have adequate resources to perform assigned tasks. The Navy`s vision is to create an environment where every officer, soldier or civilian is trained and motivated to personally manage risk in everything they do. This includes developments during and outside ministry in peacetime and during conflicts, enabling the successful accomplishment of any task and mission. Naval commands and activities achieve this by implementing a four-pillar strategy. The U.S. Navy summarizes the urgent risk management process in a four-step model:[4] Together, real-time analysis and reporting can transform operational risk detection, enabling banks to move from qualitative self-assessments to automated, real-time risk detection and visibility. The path is difficult – it requires institutions to overcome the challenges of aggregating data and implementing large-scale risk analysis – but it will lead to more effective and efficient risk identification. Bank employees determine the performance of the company, but are also a potential source of operational risk.
Some organizations have a formal operational risk management function, others do not. Those who have them tend to be at different stages of maturity. However, here are the steps that companies follow: Operational risk management is a methodology for companies that want to implement real monitoring and risk management strategy. Each company faces circumstances or fundamental changes in its situation that can be considered different risks for that business, ranging from minor inconveniences to the potential threat to its existence. New framework conditions and tools are therefore needed to properly assess the reliability of business processes, question corporate governance if necessary and prioritize interventions. These frameworks should support the following types of actions: Advanced Analytics has applications in all or almost all areas of operational risk. It significantly improves operational risk detection, detects risks faster and reduces false alarms. Whether it`s information security, data security, compliance, technology and systems, process failure or even personal security and other human risks, the benefits of advanced analytics are becoming increasingly evident.
Some applications are described below: As organizations become increasingly digital and use more data, operational risk managers must continuously monitor and assess risks in real time to minimize their potential impact. The operational risk discipline must evolve in four areas: 1) the mandate must be expanded to include second-line oversight to support operational excellence and business process resilience; 2) Problem detection based on real-time risk analysis and reporting should replace manual risk assessments; 3) Talent needs to be realigned as digitization continues and data and analytics continue: Banks need specialists to manage certain types of risks, such as cyber risks, fraud and behavioral risks. and 4) risks to the human factor must be monitored and assessed, including those related to misconduct (such as sexual harassment), diversity and inclusion. The goal is to make operational risk management a valuable partner for the company. Banks need to take specific steps to move from reporting and aggregating front-line controls to providing thoughtful expertise and partnerships. Areas where the function will help execute business strategy include operational strengths and weaknesses, new product design and infrastructure improvements, and other areas that will enable the business to operate efficiently and avoid excessive issues with major risks. Today, operational risk management has evolved technologically, leading to the concept of integrated risk management (IRM). In risk management, software and technology work together to help organizations predict where their biggest risks lie while connecting different areas of risk mitigation through cloud technology. Software can also give companies prescriptive guidance on determining “leading indicators” to help them mitigate incidents before they even happen. Of course, the first step in any operational risk management strategy is to understand the nature of your business and the particular risks involved.
If you run a company that offers water ski lessons, there are risks your business faces that are very different from a company that makes technology for vending machines.
