Risk professionals have been tripping over each other for the chance to model, quantify, aggregate, and report on credit and market risk. These two fields of risk are highly developed, theoretical, and computational, have long tails, and provide an opportunity to forecast future scenarios. What happened to all the ORM professionals? They have all gone missing!! Where have they gone? Well, it seems that ORM is not nearly as sexy, mathematical or as highly developed.
To continue to sidestep ORM is a crucial error. There are many reasons behind the last financial crisis – the most obvious of which is ORM, and more to the point, THE LACK OF IT. In the past 10 years, ORM has diminished in importance while the factors that create the consequences of badly managed operational risks related to people, processes, systems, and external factors have gone up on the severity scale. I make this statement with great confidence and with a lot of supporting evidence. One only needs to read the daily news feeds from around the world. The worst events (and largest fines) arising out of unidentified operational risks continue to surface in the financial services sector.
Scandals erupt of unethical behaviour, theft/fraud, corruption, systems failures, process failure, transparency, false financial reporting . . . shall I go on? We forget too quickly that the examples in the news are directly related to ORM in the sense that it is peoples’ behaviour, people steal and commit fraud, people are corrupt, people are not following processes that ensure system integrity and performance, people don’t call out a failed process, transparency is owned by people and false reporting is a function of people, systems and processes.
Signing a code of conduct is not enough. The Leadership needs to set a different example. Where is Leadership, but more to the point, WHERE WAS THE BOARD??? Did anyone believe that inadequate ORM actually impacts reputation far more than having a poor performing credit portfolio?
When I am facilitating a Risk Governance program for Boards and Senior Management, my first questions are:
- Do you know what is actually being managed?
- Do you know how it is being managed?
- Do you understand how a specific risk is tied to objectives and strategy?
The responses are often blank looks. That is alarming! This is not petty detail, people!! These are important questions and the answers need to make sense at the Board level. If any information on ORM gets to the board it is likely taken from a loss database. This is useless. You cannot mitigate history.
It is my point of view that, if the scandals continue, the financial sector will not have much option but to pay much closer attention to the cost of poorly managed operational risks. ORM is not a checklist at a point in time – it is dynamic and it changes every day. While there is a cost of capital for ORM, the bottom line cost could be greater, if the math is right.
Do you have dynamic tools to identify what risk is emerging?
What new operational risk will you see emerging today?
Are you looking at how to get at some of those answers?
Call us, we can show you how.