Operational risk
Category: Corporate Governance
Operational risk (or Transaction risk). The risk arising from problems with service or product delivery. This risk is a function of internal controls, information systems, human resource issues, and operating processes. Operational risk exists in all products and services.
Operational risk affects the long-term existence of a bank, and arises from breakdowns in corporate governance -internal controls. Such breakdowns can lead to financial losses through error, fraud, or failure to perform in a timely manner or cause the interests of the bank to be compromised in some other way, for example, by its dealers, lending officers or other staff exceeding their authority or conducting business in an unethical or risky manner. Other aspects of operations risk include major failure of information technology systems or events such as major fires or other disasters
• Human Resource Issues- Development of management and staff
It is the duty of Supervisory Council and Management Board to support and encourage the recruitment and development of the Bank’s human resources. Access to professional development is important, often through arrangements with training academies or internal training capabilities. Hiring and retention of qualified professionals is not only an obligation, but has financial implications to the Bank — either positive or negative — depending on whether the Bank can retain talented people. This leads logically to the discussion of compensation policies. Included in this would be compensation far exceeding agreed-upon performance levels and goals and address the use of a bonus as compensation. Performance-based compensation is the objective.
• Information Management Issues
As the national and global financial transactions and markets are increasingly interrelated, the necessity to capture information flows has become more important, including for the management of the Bank’s decision-making. Information systems are necessary to deliver the proper information to various levels of management in a timely manner.
A primary example of use of the information system is the so-called «management information system» or MIS, which is designed to capture the key information that various levels of management need to see their markets and make their decisions. This will be interactive between levels of management and between areas of the Bank that influence each other’s business. Particularly important in this is the creation of a customer profile for the Bank that shows its full use of services, its overall profitability to the Bank.
Example
Below is just a short list of examples of losses that were caused by failure to address operational risks at some international banks.
Bank of Montreal — unauthorized withdrawal from client accounts by a branch employee. Losses in amount of 2.7 million Canadian Dollars.
Canadian Imperial Bank of Commerce — Electronic Banking processing problems affected 85,000 deposit accounts.
NatWest — system problems following implementation of new Windows NT platform. Impact — 400 branches and 300 ATM temporarily had to close down.
In May 2001 year, London’s FTSE 100 index dropped by more than 2%, after a trader typed GBP 300m, instead of GBP 30m, while selling a parcel of shares.
In 2001, Merrill Lynch sacked two senior executives for failing to supervise a currency dealer who diverted some GBP 7m in profits to favored clients.
In 1998, in the biggest incident of its kind ever, a Salomon Brothers trader mistakenly sold GBP 850m-worth of French government bonds, when he carelessly leaned on his keyboard.
Compliance risk. The risk arising from violations of, or nonconformance with, laws, rules, regulations, prescribed practices, or ethical standards. Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of the bank’s clients may be ambiguous or untested.
Strategic risk. The risk from adverse business decisions or improper implementation of those decisions. This risk is a function of the compatibility of an organization’s strategic goals, the business strategies developed to achieve these goals, the resources deployed against these goals, and the quality of implementation.
Reputation risk. The risk arising from negative public opinion. Reputation risk affects the bank’s ability to establish new relationships or services, or continue servicing existing relationships.
Example
Below is the example of how the reputation risk can pose a significant losses for the bank. In 1999, the Bank of New York was in the center of a money laundering scandal.
The New York law firm of Milberg Weiss Bershad Hynes & Lerach, LLP brought suit against the bank’s directors alleging massive corruption and negligence by BoNY’s highest echelon in October 1999. Seeking $270 million in damages, the lawsuit also named as defendants BoNY’s three top executives, Thomas A. Renyi, Alan R. Griffith, vice chairman for international operations; and Charles E. Rappold II, chief administrative officer.
Apart from the negative publicity, regulatory fines and damage to its reputation arising from involvement of the Bank in the scandal, the Bank of New York had to sign the Agreement with the York State Banking Department and the Federal Reserve Bank of New York on implementing a range of measures to prevent the money laundering. These procedures cost the Bank millions of dollars.
Chapter summary
• Risk management plays the central role in the corporate governance of banks
• Each bank should develop its own risk management program tailored to its needs and circumstances. The Supervisory Council should play the key role in this process.
• Bank supervision assess the banks using various catergories of risk; bank supervision also expects the Supervisory Councils and Management Boards of banks properly manage these risks.
• Risk management program include four elements:
— identifying
— measuring
— controlling
— monitoring
• The main risk categories are:
— credit risk
— interest rate risk
— liquidity risk
— price risk
— foreign exchange risk
— operational risk
— IT risk (as sub-category of operational risk)
— compliance or legal risk
— strategic risk
— reputation risk