Industry Trends Discussion
From FISD Wiki
Contents |
Interesting Interview on Operational Risk
June 18: Interview - Dispatches from the Front Line
Location: New York Author: Sean Lyons Date: Wednesday, June 18, 2008
In this dispatch from the front line Philip Martin, the Chairman of the Institute of Operational Risk (IOR) shares his insights on the management of operational risk and its role in corporate defense with Sean Lyons.
Sean Lyons: While no agreed universal definition exists for operational risk, traditionally it was often considered to be all risks apart from either market or credit risk. In your opinion what are the main characteristics of operational risk and what is its relationship with credit and market risk?
Philip Martin: Operational Risk is unique in that it touches all parts of a Company’s business - unlike either Market or Credit Risk. If one considers major Market or Credit Risk events, it is highly likely that a significant component of any such event is actually Operational. Take four simple examples:
a. LTCM – Models failed to anticipate particular movements in the market – this is an operational failure to consider all possible outcomes.
b. Bradford & Bingley – Mortgage fraud to the tune of £15mm. Undoubtedly a control failure in checking the efficacy of valuations and collateral documentation.
c. HSBC – Sub-prime lending in the USA. The purchase of third party sub-prime mortgage portfolios which were not then subjected to HSBC’s credit rating software.
d. Northern Rock – Liquidity disappeared – failure to consider an alternative business strategy.
These are just a few examples, but it is also worth noting that it is major Operational Risk Events that destroy companies rather than Credit or Market Risk events. Little work has been done around the correlation of Operational, Credit and Market Risks and it is certainly worth further consideration. Aspects of the current credit crunch can be put down to a failure to understand the effects on a product or a portfolio when the three risk categories collide. Where was the operational risk review when a mortgage portfolio (credit risk) was bundled together with other portfolios of dubious quality and securitized (market risk)? UBS admitted that their internal controls failed to identify the underlying value of the securitized assets they were purchasing – and they were not alone. Ultimately Operational Risk events are largely caused by two things. Either it is an Act of God (earthquake, windstorm, flood), or it is a Person – doing something they should not be doing, or not doing something they should be doing. Accordingly the characteristics of Operational Risk are very different from either Market or Credit risk.
Sean Lyons: Operational risk is perhaps an unavoidable consequence of doing business and the sources of operational risk can be wide ranging and can be spread across the entire organization. Given the nature of operational risk, to what extent do you agree with the view that everyone in the organization is to some extent a risk manager?
Philip Martin:It is a well-worn cliché that everyone in an organization is a risk manager – but it is absolutely true. Each employee, from the Chairman of the Board to the Security Guard on your front door, has a role to play. Of course each employee will have a different role depending on their responsibilities, but it’s almost like aneighbourhood watch scheme in your local community. If everyone participates in the effort to prevent crime, pretty soon the incidents of crime will reduce. So it is for operational risk. By building awareness across the Company and training staff so that they understand what they are looking for and what is their required behaviour, a company goes a long way towards the development of a robust operational risk management framework.
Sean Lyons: When you look back on where operational risk management (ORM) has come from over the years, what developments most stick out in your mind?
Philip Martin:
a. The recognition that Operational Risk is a discipline in its own right. This is significant, but there is still a long way to go before Operational Risk management is on the same footing as Credit or Market Risk management disciplines. To those involved in the management of Operational Risk this is frustrating as history indicates that neither Credit nor Market risk will bring down a company, whereas the past is littered with dramatic failures of companies, both large and small, as a consequence of Operational Risk.
b. The recognition that the measurement of Operational Risk has limitations and it is not the nirvana we are seeking. Operational Risk is unique in its characteristics – it makes a mockery of those who argue that “if you can’t measure it, you can’t manage it!”
c. The recognition that Operational Risk Management is a leadership role within a business and has a significant role to play in the strategic planning and business development of a company.
Sean Lyons: We have seen a number of examples in the not too distant past of corporate scandals where operational risks were not addressed which proved to be unexpectedly costly and in some cases catastrophic to the organizations concerned. This has resulted in increased regulatory intervention. In light of this intervention how have regulatory developments such as Sarbanes Oxley and Basel II impacted on ORM as a discipline?
Philip Martin: BASEL II – I just wish the Regulatory community had called the AMA the “Advanced MANAGEMENT Approach” rather than the “Advanced Measurement Approach”. It took far too long for the international regulators to admit that they would rather see institutions spending money on preventing operational risk events, rather than spending money on counting the cost of such events. Nevertheless, Basel II gave a name to the discipline of Operational Risk management. It allowed a more formal process to emerge for the management of Operational Risk and it almost forced institutions to invest in the development of risk management frameworks. It is doubtful that such investment would have been forthcoming without Basel II. What happens next will be interesting to watch. Basel II is overly prescriptive and has done little to help through the current financial difficulties. There is much to be said for Basel II to become counter-cyclical, i.e. to force Banks to hold more capital when times are good and to allow them to hold less in times of stress. Sarbanes Oxley (SOX) – A classic example of a political knee jerk reaction to a problem. The SOX legislation was rushed into law without enough time to consider the consequences. The result was the emergence within companies of a cottage industry around the management of financial controls and beyond. This was a huge and unnecessary cost for most companies and went as far as causing companies to de-list in the USA as a way to avoid the burden.
Sean Lyons: In recent years a great deal of time and effort has been spent on attempts to measure, quantify and model operational risks, particularly in financial institutions. What in your view have been the major benefits to organizations of such a metrics driven approach?
Philip Martin:There has been an inordinate amount of money spent on attempting to measure Operational Risk, with limited benefit in my view. For a while, it seemed like the Quantitative world was dominating and even controlling the Operational Risk management debate – and therein lay the road to madness! Attempting to place a number on a risk that depends on an individual’s behaviour and then use that to drive a capital requirement made little sense. Further, some of the measurement approaches were so complicated that they could only be understood by the individual who designed the mathematical equation. Companies have spent millions of dollars in developing such “black-box” approaches which have been of little use to those who run the business. Thankfully, the use of scenario analysis and stress tests has emerged as a credible manner in which to gain an understanding of the capital requirements of a company. This allows a company to ask itself a series of “what if” questions in planning its strategy and in examining significant risks that have been identified by the company. Such an approach allows the company to factor in the quality of its operations and control environments and mitigate the cost of Operational Risk. Further, the ICAAP implementation process has introduced a degree of proportionality into the discipline. From there, Executives can use the information to better run their company.
Sean Lyons: Risk quantification and modeling place a great deal of importance on the historical data available within an organization. Some would argue that operational risk is far less predictable than other risk types, and that in terms of operational risk the occurrence of past events gives far less guidance on the occurrence of future ones. In your opinion what reliance can be placed on operational risk models which are based solely on historic data?
Philip Martin:Well, it depends what you are looking for and what you are going to do with the information. If you want a number to demonstrate the potential cost of Operational Risk at a given point in time, then the use of loss event data can give you a snap-shot at a given point in time. This assumes of course that you have enough internal data available to build a credible model and that there is limited reliance on external data. If you are looking for such models to provide an indication of what is likely to happen tomorrow, or the day after, or any period in the future, then little reliance should be placed on them. Backward looking models can be useful from an educational perspective in looking at what costs have been incurred and may be useful in helping to determine capital allocation across a company. Further, you should not lose sight of the prospect of leveraging off these models in a drive for potential remedial work and operational improvement.
Sean Lyons: Many operational risk courses and books tend to focus on the more theoretical aspects of risk absorption and mitigation, at the expense of how to manage the ongoing on the ground day to day responsibilities which help prevent risks from materializing. To what extent do you feel that there has been a disconnect developing between the theoretical aspects of ORM and its more practical responsibilities?
Philip Martin:I haven’t sensed a disconnect in the manner described, if anything I think it may be the reverse. Recent conferences and workshops have focused very much on the practical aspects of Operational Risk management techniques rather than the theory. There will always be room for quantitative techniques, the work that is being undertaken is important, but this will be for the minority – for a specialist department of an Operational Risk management function. The majority of Operational Risk professionals are much more concerned about the development of practical approaches for Operational Risk management techniques.
Sean Lyons: In many organizations decisions to develop new products and services are driven by the business requirement without sufficient consideration for the operational risk implications. In your view what can be done to ensure that those responsible for operational risk have sufficient and appropriate status and authority within their organizations to ensure that the organization is not exposed to excessive operational risks?
Philip Martin:This is all about the “tone at the top”. Senior Management, starting with the Chief Executive, must support the involvement of the Operational Risk management function in the planning of new business initiatives. Without it, it is unlikely that frontline business units will invite risk management to the table – in much the same way that, if they thought they could get away with it, they would not invite compliance or legal,. A robust Operational Risk management function will strive to prove its value to the business units and will strive to win the position of “trusted advisor” within the company. Assuming that the right personnel are in place with the right experience and expertise, and are provided with the total backing of senior management, the business units will quickly see the value of including Operational Risk personnel early in a process. But without this management support, it can be a real uphill battle for the risk management function. There is still an image issue in that the Front Office will frequently view Risk as a business “disabler” rather than an “enabler”. There is also an educational element here. Many CEO’s need to be much more involved and incentive packages ought to be aligned with sensibly reduced risk rather than reward for failure.
Sean Lyons: Certain organizations have adopted the COSO ERM framework as their chosen ORM framework. What are your views on this approach and are there other frameworks which you consider to be more suitable for ORM?
Philip Martin:COSO will work for some, others may choose the Australian/New Zealand standard and others may choose a hybrid. The concept of “Enterprise Risk Management” is an interesting one – it’s easy to say, but not easy to do. Within the financial services industry, ERM is still a relatively new concept and there are few companies who are prepared to put their hands up and say that their ERM initiative has been a success. Certainly it makes sense for all risks to be proactively managed across a business rather than in silos – but is this not the responsibility of a Chief Risk Officer? Is it not his role to report to the Board of Directors or Executive Management Committee on risk across the “enterprise”? Proactive risk management is about excellent communication across business lines so that all business units understand how their actions can impact on others and having the discipline to tackle potential obstacles. Some suggest that ERM is about the bringing together of Operational Risk, Credit Risk, Market Risk management with Compliance and Internal Audit. While this sounds good in theory, it really takes enlightened and determined management to successfully implement. There are very real practical issues to overcome and manage. For example, in practice, rarely are the Heads of Risk, Heads of Compliance and Heads of Internal Audit shrinking violets. An ERM initiative can create considerable conflict as to who will be responsible for what and it takes strong leadership to make this work. Further, care must be taken to ensure that the independence of Internal Audit is not conflicted. And finally, it must be recognized that as Operational Risk management is a leadership function, Compliance and Internal Audit are assurance functions – very different roles within a business! So, while ERM does appear to have much going for it, we must recognize that it is not easy and should be approached with care.
Sean Lyons: What advice would you give to those with responsibility for ORM when putting forward the business case for operational risk in their organization?
Philip Martin: Focus on the business benefits! A good Operational Risk management function will:
· help a business achieve its strategic objectives;
· help smooth earnings;
· educate the business about the risks it may potentially face;
· develop solutions to business obstacles and risks;
· reduce the level of operational risk events;
· be a great training ground for up and coming stars;
· be a “trusted advisor”; to name a few benefits.
Sean Lyons: In your opinion where should the responsibility for ORM ideally rest in the corporate framework in order to be most effective?
Philip Martin:The responsibility MUST rest with the Board of Directors. The Board should be under no doubt that they are responsible and that the Regulatory community will take action against them in the event of a significant ORM failure. The Board should formally adopt the Operational Risk management framework, develop a clear statement of Risk Appetite and set the objectives to be met by the Operational Risk management function. They then pass the responsibility for delivery of the objectives to Senior Management.
Sean Lyons: In your view where does ORM currently fit into the broader concept of an organizations program of self-defense and how do you see it developing going forward?
Philip Martin:I rather suspect that anybody answering this question 18 months ago might answer it differently than they will today. It is quite clear that the events of the last 12 to 18 months within the global financial services community have significantly moved the risk management goal posts. The disturbing thing is that it looks like this is a cyclical issue. One just has to look at the internal reports issued by UBS and Société Générale to observe the breakdown and failure of the risk management infrastructure. When the good times roll, profits can cover up a multitude of problems and what we are seeing today is very reminiscent of the mid-1980‘s, late-1990’s and early 2000’s. During each of these periods we saw a series of corporate scandals emerge, largely driven by short-termism and, in some cases, fraud. In all cases, there was a massive failure of the management of operational risk. There is no doubt that the behaviour of a minority of large companies – or, more to the point, the behaviour of those running such companies - has fell far short of an acceptable standard. There is a very real need for operational risk management to be written into senior management incentive schemes so that personal rewards structures are properly aligned with the long term benefits of good risk management. For all staff, engagement with operational risk management ought to form part of their personal appraisal and development plans. Operational Risk Management ought to be front and centre in a company’s program of self-defense. If you go back to the empty-space definition of “if it’s not market or credit risk, it must be operational risk”, then this would suggest that ORM must take the lead. I would like to think that the discipline of Operational Risk Management will continue to grow in importance, but this will depend on the skills of the ORM professionals. This is not an easy discipline, its benefits are hard to measure and it is entirely dependent on the culture of the company in which it resides. Implemented properly, the benefits for companies are clear – but there is still a long way to go to get this message adequately understood.
Article Printed From RiskCenter.com
Financial Services Industry about to shrink?
In a story (Image:Financial Industry Heydey.pdf) dated April 28, 2008, the WSJ talked about an observation being discussed at varying levels in government, academic, and business policy circles. Namely, that Financial Services, as an industry, has become too big for our britches, specifically (usually), in term of $AMT of Overall Corporate Revenues (or some % of GDP, etc., etc.)
Some specific statistics cited included:
- GE's 1st Q profit from FS down 21% YoY,
- Target Corp. 13% of pre-tax profit was from credit cards in 2007,in March wrote off $55.5MM, or 8.1% of its total portfolio (on an annualized basis),
- According to the Federal Reserve
- In 1980 US FS profits = 13% of total (domestic) pre-tax profits
- In 2007, FS profits = 27% of domestic pre-tax profits
Two quotes directly related to jobs, for those of us in the industry:
"As finance rose, financial workers took a bigger chunk of total U.S. pay. And as technology allowed financial firms to do more with fewer people, individual paychecks got fatter. Finance was a major factor in the widening gap between the very rich and the middle class. In 1980, finance workers made about 10% more than comparable workers in other fields, estimates New York University economist Thomas Philippon. By 2005, that premium was 50%."
"For finance workers, this shift could resemble the 1980s, when manufacturing lost its pole position in the U.S. labor market and thousands found that skills they had honed over the years were less marketable."
Which brings up the question -- what are the trends in marketable skills? Where is the industry going, and who is going to get paid to do what?
MiFID
Wikipedia "interwiki" link example: wikipedia:Markets_in_Financial_Instruments_Directive
A New Type of Risk?
June 12, 2008: Industry Risk - Managing Real-Time Execution Risk is Crucial for Sell-Side Firms
Location: New York Author: Martin Rabkinink Date: Thursday, June 12, 2008 Cutthroat competition, high levels of automation and a wealth of information that must be absorbed literally at the speed of delivery have turned the US equity execution into a complex science for sell-side firms. It is this high dependency on automation, writes Miranda Mizen, senior consultant and author of TABB Group’s new research report released yesterday, “Real-Time Risk: Managing Execution Risk in an Increasingly Electronic World,” that raises the need to control execution risk as an entirely new type of risk that must be aggregated into other risk management efforts.
“It is global expansion,” says Mizen, “that is accelerating four execution risk forces that need to be managed by sell side firms: trading automation within asset classes; cross- asset class investment strategies; market structure changes; and increasing product complexity. The combined effect of these four forces happening at once is serving to create a perfect storm for managing risk across the desk in real time. As the level of automated trading already seen in the US equity market stretches further within the US as well as across continents, the potential for the failure of any one of these moving parts is enormous.” She adds that real-time risk cannot be monitored in silos, but has to incorporate much wider, cross-organizational, enterprise-wide views to have any effect.
“Trading’s not what it used to be,” writes Mizen. In 2006, order flow was centered in one or several primary venues, surrounded by little competition and a handful of dark pools with low volume with the majority of volume controlled by sales traders who fiercely guarded client relationships and had responsibility for best execution. However, she adds, in one fell swoop, the US Securities and Exchange Commission’s overhaul of equities trading, Regulation National Market Structure (NMS), broke the stranglehold held by the exchanges and changed the competitive landscape. “In a little over a year, US equity execution has evolved into a more complex science, as Regulation NMS requires that the best displayed prices be respected, leading to the rise and importance of smart order routing (SOR).”
Accordingly, sell-side firms are racing to develop strategies and tools that allow them to improve, measure, monitor and control the execution process, eager to reduce execution risk through the combination of accurate data, fast processing, comprehensive views of the market place and the ability to anticipate or minimize issues as they occur. Those that do not control execution risk will see their opportunities limited and their organization exposed, while competitors take advantage of more trading opportunities as well as have a superior quality of execution.”
With the emphasis on managing risk at an all-time high, to maintain this accelerated pace, sell-side firms will continue to spend on equity analytics at a compound annual growth rate (CAGR) of five percent through 2012 globally. In 2008 alone, TABB Group forecasts they will spend $157 million on technology relating to algorithms, smart routers and analytics technology.
“Managing risk is a survival test,” says Larry Tabb, founder and CEO at TABB Group. “As Miranda writes, enterprise risk management is already on everyone’s radar, but in these fast-moving, high-volume, global markets, execution-time risk needs to be developed, broadened and redefined. Global expansion will escalate the stakes, which are already high and getting higher, as automation grips every asset class and each continent, accelerating the gap between the winners who maximize their ability to manage risk profitably and the others, who might just risk losing their shirts.”
Article Printed From RiskCenter.com
