Overview of Key Operational Risk Issues

• The impact of operational risk on the organization
• Regulatory focus on issues relating to misconduct of management and employees
• Systems of accountability, responsibilities bounded by safety thresholds, alerts, disciplinary guidelines, sanctions for violation
• Implementing an organizational structure
• Estimating probability of adverse outcome and loss to business
• Determining the direct and indirect effects of an adverse outcome
• Separation of risk compliance function from P&L targets
• Cyber risks – internal vulnerabilities, integrity of software systems, third party risk, outsourcing, cloud computing, phishing, etc.

Adverse Consequences from Operational Failures

• Reputational risk
• Legal risk
• Litigation risk, fines, and class action lawsuits
• Rogue trading – Soc Gen, UBS, ineffective back-office controls
• Avoiding overly complex instruments

Root Cause Analysis

• Identification of underlying causes for operational failures
• Forensic and systematic analysis of large-scale failures and near failures
• Data mining approaches and timeline sequences
• Transforming from a reactive approach to operational failure to a pro-active approach
• Prioritizing amongst multiple root causes
• Process mapping
• Establishing the relevant metrics for each root cause
• Checks to ensure that action plans would alleviate or mitigate symptoms arising from root causes

Addressing Cyber Risks and Vulnerabilities in Business Processes

• Core concepts in the architecture of enterprise software, especially systems integration and security issues
• Principal sources of cyber risk – internal and external
• Risks associated with introducing new business systems
• Risks associated with introducing new products
• Opportunities and challenges presented by new, disruptive technologies – blockchain, AI, Big Data analytics, machine learning
• The cultural divide between IT “tech” staff and senior management
• Business process re-engineering (BPR)
• Differentiation between prevention and managing negative outcomes.
• Cloud computing and outsourcing – Amazon Web Services
• Change management – implementing new requirements on privacy, GDPR etc.

Methodologies for Measuring and Modelling Operational Risks

• Loss Modelling Methods – contingency scenarios
• Templates for collecting loss data
• Using Scenario Based Analysis (SBA) for filling in gaps in data
• The role of Business Environment Internal Control Factors (BEICF’s)
• Scarcity of historical data in the outliers for operational losses
• Different distributions for modelling severity of losses
• Monte Carlo based loss scenarios
• Stress testing methodologies
• Data limitations involved in quantifying operational risks
• Segregating internal versus external software failures

Risk Control Self-Assessment (RCSA)

• Templates for collecting loss data
• Using Scenario Based Analysis for filling in gaps in empirical data
• Questionnaires – alerts to potential risk areas and points of failure
• Conducting an RCSA Workshop – role of facilitators, experts, back office
• Internal Reporting mechanisms – iterations, validation protocols
• Key Risk Indicators – developing new KRI’s and following peer groups.
• Reporting protocols
• The role of Business Environment Internal Control Factors (BEICF’s)
• Developing templates for Scorecard based risk assessment
• Discrete versus continuous data is used for the modelling
• Explanation of Poisson distribution for occurrences of operational losses
• Different distributions for modelling severity of losses
• Application of a lognormal distribution  

Overview of Scenario Generation for Stress Testing

• How to generate and calibrate shocks and adverse scenarios
  • Simulations – randomized market scenarios expressing risk factors
  • Macro factors – establishing associations with broad macro-economic variables
  • Expert judgment – qualitative and forward looking
• Identification of key risk factors
• Associating probabilities to risk factors – quantitative and qualitative approaches
• Mapping qualitative and descriptive data to numerical values
• Identification of worst-case scenarios
• Data deficiencies and estimation of outlier scenarios

Fundamentals of Business Ethics

• Ethics as moral principles which govern good behaviour
• Distinguish between ethical issues and legal issues
• Business ethics and corporate social responsibility (CSR)
• A socially responsible firm should be an ethical firm and vice-versa
• Responsibility to all stakeholders and not just shareholders
• How do businesses ensure that directors, managers, and employees act ethically?
• Codes of conduct and best practice
• Environmental policy and actions
• Rules for personal and corporate integrity
• Is the corporation a moral agent?

Financial Crimes and Anti Money Laundering

• Surveillance of financial services sector by regulatory bodies
• Know Your Customer (KYC) and Anti-Money Laundering (AML) remediation
• International context for Anti-Money Laundering (AML)
• Focus on Counter Terrorist Financing (CTF)
• Legal, regulatory, and supervisory frameworks underpinning AML/CTF
• Money Laundering Reporting Officer (MLRO)
• Transaction Monitoring and Filtering Framework
• Suspicious Activity Reporting
• Senior Management Responsibility regarding AML/CTF
• Role of banking supervisors
• Sanctions provisions and “blacklisted” territories and individuals.
• Tax avoidance – FATCA
• Consumer protection focus – SEC, FCA, CFTC, EU Commission

Public Policy and the Role of Financial Regulators

• Balancing regulatory compliance and internal best practice
• Increasing focus on macro-prudential regulation – stress testing
• Role of political action groups and commercial lobbying
• Surveillance of financial services sector by regulatory bodies
• Focus on boundaries between financial crime and operational vulnerabilities.
• Examination of the robustness of procedures to avoid money laundering.
• Description of $10 billion fine to BNP Paribas for dealing with clients in countries on US “black list”
• Capital adequacy, Basel III, role of banking supervisors
• Miscellaneous risks arising from government/supra national actions

Basel Approaches for Operational Risks

• Basel Basic Indicator Approach (BIA) and Standard Approach (SA)
• Explanation of the Basel III Advanced Measurement Approach (AMA)
• Scenario Based Approach (SBA)
• Loss Distribution Approach (LDA)
• Business environment and internal control factors (BEICFs)
• Role of senior management in identifying adverse scenarios
• Distributions for occurrence and severity of losses
• Basel III Business Line and Event Type Codes
• Process Mapping – mapping processes to appropriate regulatory categories
• Templates for data capture for Basel compliance and internal reporting
• Role of external data – scaling of comparable institutions

The New Basel Standardized Approach for Operational Risk

• BCBS documents on revisions to op risk approaches
• Explanation of the Business Indicator metric
• Non-linear scaling of operational risk to total revenue of a bank
• Using absolute values for estimating bank’s exposure to operational risk
• Review of the BCBS Operational risk Capital-at Risk (Op CaR) model
• Internal Loss Multiplier and Loss Component

Enterprise Risk Management and Reporting Systems

• Enterprise-wide risk control environment
• Risk assessment process
• Credit policy and levels of authority for credit decision making
• Monitoring/reporting mechanisms within banks
• Risk control systems
• Holistic views regarding risk
• Avoidance of silos
• Monitoring of controls
• Role of internal auditors
• Role of the Chief Risk Officer

Best Practice in Enhancing Risk Culture

• Risk control systems
• Risk governance philosophy
• Ethical principles
• Codes of conduct
• Human resources personnel
• Ongoing professional development
• Diversity of perspectives
• Rewards and bonuses