What is Sound Management of Operational Risk?

“Sound Management of Operational Risk” is a collection of principles that has been developed over the years by the Basel Committee on Banking Supervision for the purpose of guiding firms in the financial services industry and their regulators to establish sound practices for the management of Operational Risk. These principles cover three main areas: (i) governance; (ii) the risk management environment; and (iii) the role of disclosure.

Governance:

Since risk management is fundamental to running any business, risk governance is a fundamental part of corporate governance.  The operational risk management encompasses everybody in the organisation. Hence, the risk governance framework should also include everybody throughout the organisation. Everybody shall be aware of their own risk responsibilities and accountabilities and those of others with whom they work. However, effective risk management program starts with “The Attitude at the Top”- determined by the top management and adhered by the bottom line.  If the top management of the bank perceives operational risk management (ORM) solely as a regulatory mandate, rather than as an important means of enhancing competitiveness and performance, they may tend to be less supportive of such efforts. Thus, Governance of risk management shall deliver effective accountability, including the accountability of the Board of the Bank to all its stake holders.

Environment:

The framework for operational risk management chosen by an individual organisation will depend on a range of factors, including its nature, size, complexity and risk profile. The Management and the Board of the bank must understand the importance of operational risk; establish appropriate framework for the risk identification and assessment of the operational risk of the organization inherent in all their activities process and systems within their purview on an ongoing basis. The top management of the bank shall be responsible for risk monitoring and risk mitigating accomplishments inherent in all their activities process and systems within their purview.  The organization should have a robust risk management environment and control that utilises policies, processes and systems. It must have appropriate Internal Control; appropriate Risk Mitigation and/or Risk Transfer strategies that are fully integrated into its overall risk management processes.

Role of disclosure:

The Importance of Sound Risk Management is enhanced transparency, clear lines of accountability         well-defined objectives cost and risk concepts, risk policies and procedures well defined and documented motives for operations clearer to all stakeholders.  In this regard BCBS recommends the following:

A bank should disclose its operational risk management framework in a manner that will allow stakeholders to determine whether the bank identifies, assesses, monitors and controls/mitigates operational risk effectively.

A bank’s disclosures should be consistent with how senior management and the board of directors assess and manage the operational risk of the bank.

A bank should have a formal disclosure policy approved by the board of directors that addresses the bank’s approach for determining what operational risk disclosures it will make and the internal controls over the disclosure process. In addition, banks should implement a process for assessing the appropriateness of their disclosures, including the verification and frequency of them.

Related post: How operational risk is measured?