Operational Risk: An Overview
IN PRINT ARCHIVE CIR Winter 2001
|Alison Warden - Finance and Administration Partner, Baillie Gifford & Co.|
|In the past, issues of operational risk have been relatively low on the agenda of many fund management companies, with investment risk being the main focus.|
Identifying specific risks isn't a one-off exercise undertaken every few years with the senior people - to succeed it must involve the entire organization and become part of its culture. The first steps are to identify, assess and prioritize.
Definitions of operational risk tend to be very generic. One definition is "the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events." Firms therefore apply their own interpretation to this to come up with their own methods of classifying their risks. There is no right answer. What is important is that the classifications are relevant and clearly defined.
A number of factors explain why risk management has become so important. Risk is increasing, as capital markets become ever more volatile and change with alarming speed. At the same time, regulatory attention is increasing (particularly in the UK), which goes hand-in-hand with more onerous corporate governance requirements. As clients and consultants become more demanding, it is no longer enough for firms to say they manage risks. They have to be able to prove it. Meanwhile, senior management, which could be on the fiduciary hook for discipline or a fine, needs assurance that there are no hidden risks.
Investment firms are open to risk on many fronts:
* Business risk, as a result of developments
in the external market.
In developing risk management strategies, a company must first decide if it accepts a risk. If it does, there are a number of options: retain the risk (by planning for it or repricing); reduce the risk (by implementing or improving controls); transfer the risk (through insurance, hedging or outsourcing); or exploit the risk (by increasing the firm's exposure and repricing or redesigning).
Operational risk strategies yield many benefits.
* They tell the CEO whether or not the business
In conclusion, risks are never static. As the environment changes, so do the risks that a firm faces, whether this is through internal factors such as staff moves or technology, or external factors such as industry developments, government regulation and competition. A risk assessment must be continuously revisited to ensure that risks remain manageable and that no new ones emerge.
Simply having good corporate governance is not enough. We need to ensure that all interested parties know how the firm is being run and that management is in control. Having an effective risk management system in place ensures that there is a structured way of looking at what risks the firm is facing and how much they might hurt. But the biggest risk of all is complacency and thinking that once you have identified the biggest risks and their relationships, you can relax and get on with other business. This is really only just the beginning. *