Operational Risk Management (ORM) is defined by the Basel Committee on Banking Supervision (BCBS) Basel II accords as “the risk of negative effects on the financial result and capital of the bank caused by omissions in the work of employees, inadequate internal procedures and processes, inadequate management of information and other systems, and unforeseeable external events.” This has been subsequently revised and extended under BCBS 239 with fourteen principles of governance and risk management.
In addition to these broad risk management policy proposals, there are two major business drivers to contemporary banking ORM initiatives:
- Standardization across value chain for competitive advantage and enhanced customer experience
- Capital adequacy management and analysis such as for the Basel Accords
Initial ORM implementations were typically built off single data instances and were unable to adapt to evolving approaches. Next generation systems need to support data integration across data silos and be agile and adaptive to reflect the results of continuous incremental change. ORM is not one and done, but a constant and evolving need.
A major obstacle to the development of a 360-degree view of risk is that the required data comes from many sources including:
- Portfolio position data
- Client data
- Financial Accounting data
- Market data
- Organizational structure data
- Reference data
As part of an ORM solution, quantified risks across all parts of the organization need to be continuously analyzed and monitored against accepted ranges so that remedial action can be taken and processes adjusted. Reference data needs to be adjusted to ensure that the solution incorporates and reflects changes to targets and ranges.
Capital Adequacy management and analysis using approaches such as the Basel Accords Advanced Measurement Approach (AMA) require the collection of data across four broad classes of data:
- Internal loss data
- External data
- Scenario analysis
- Business environment and internal control factors
This requires that data is collected and managed at low levels of granularity so that losses can be categorized into standard units of measure, prior to the computation of potential distributions of loss.
ORM is a complex subject, and the challenge of building a comprehensive and accurate view of risk factors only exacerbates the problem. Providing tools that support the increasingly fine levels of granularity, data integration across silos, and synchronized views to support continuous availability of data will ensure operational risk management success in the face of changing approaches and constant refinement.