In recent years, more than 100 losses exceeding US$ 100 million have been reported, prompting the regulators to turn their focus towards effectiveness of Operational Risk Management practices at banks. BCBS (Basel Committee on Banking Supervision) has issued guidance to financial institutions to create sound operational risk management infrastructure.
A study of 30 globally systematic important banks (G-SIBs) conducted by the Basel committee in 2013 did not provide too many reasons to cheer for other banks. Important challenges highlighted by the study focused around data architecture, reporting and KRI framework.
Data Architecture
Lack of sophisticated data architecture, including incomplete standardization of data taxonomies, lack of consistent processes across decentralized business models and inordinate reliance on manual workarounds
Reporting
Very limited means by which banks can react to operational events, quickly aggregate data and generate ad hoc reports as per the requirements from the regulators, as well as a need for tools and facilities that can produce customized reports
KRI Framework
Lack of methodical approach in identifying KRIs, and the fact that processes like KRI identification, KRI selection, KRI thresholds setting, and KRI tracking and reporting are not well established.
In our opinion, the challenges highlighted by Basel study can be addressed by the banks by adopting following methods:
- Establishing Enterprise level KRI framework
- Building technological layer to support implementation of operational risk data management
Illustrated below is the high level process map that banks should adopt to establish a sound KRI framework:
The purpose of putting the second line of defense in the committee is to ensure that as the first line of defense executes its mandate, it does not overlook any important risk for want of appropriate ownership or misaligned incentives. This also helps in setting the tone of the top management to perceive operational risk as a critical means to enhance the bank’s competitiveness and performance rather than a mere regulatory mandate.
To support the operational risk management process, an information infrastructure is required with characteristics as shown in the below graphic:
Pre-built KRI library, pre-defined data model, embedded provisions for visualization are critical accelerators in the above-mentioned information infrastructure.
It is important to note that the challenges in operational risk management should be tackled by an effective strategy with endorsement from the senior management of the organization. Success of the strategy is dependent on availability of efficient and intelligent information architecture. In other words, while the senior management should provide necessary impetus to change the way banks look at operational risk management, it is the data lying in disparate systems, with disjointed taxonomies that holds the key.