A recent study conducted by Bain & Company examined how banks can control and manage operational risks to avoid severe losses. Since the global financial crisis at the very latest, banks and the bodies that regulate them are required to control risks in an effective, sustainable manner. Once banks have established solid practices to manage financial risks through appropriate systems, their next challenge is to implement them for operational risks.
Should operational risks occur, the consequences could be fatal – both in a financial sense and for the reputation of the bank affected. From 2011 to 2016 alone, losses from operational risks totaled $210 billion. Compared to financial risks, operational risks are much more complex and challenging to control and manage. What’s more, operational risks are lurking just about everywhere – namely, in people, processes and systems. Aside from financial losses, legal fees, fines and other obvious short-term consequences of an operational risk event, there are also ongoing, indirect effects that can be even more dangerous. Examples include higher credit costs and mandatory increases of the thresholds for risk-weighted assets and reputation damages that can inevitably affect the view of relevant stakeholders.
Operational risks are determined by human behavior, organizational processes, cultural issues and other complex, interconnected factors that are difficult to separate. Many banks still have problems integrating their operational risk management in a comprehensive enterprise risk management as well as understanding, measuring and controlling the factors that constitute operational risk. They find it difficult to create cultural, leadership and management structures that can control these risks in a systematic manner. Instead of following an integrated, proactive, long-term approach to managing operational risks, they often control it with reactive, short-term measures.
Banks traditionally rely on a series of various samplings and controls to determine operational risks. Leading banks, however, use advanced technologies to extend these checks or even replace them. Using innovative software, they can use their massive pools of data to ensure automatic, continual monitoring of the entire bank operations. They apply the findings from ongoing monitoring to adjust processes accordingly and manage risks sustainably.
The GRC software platform BIC GRC Solutions (formerly risk2value) fulfills the complete requirements for operational risk management. It enables an integrative mapping of various processes and use cases in a flexible, efficient risk management system. In addition to the classic domains of risk, control, audit, security and compliance, BIC GRC Solutions enable an integral view of further systems such as strategic management (in particular, strategy implementation), quality management or sustainability management. The BIC GRC Solution processes are flexible to configure into custom-tailored solutions for midsize companies and international corporations.
Various banks including DekaBank, Hypo Vereinsbank and LGT are among the clients of GBTEC (formerly avedos). Through their comprehensive industry knowledge, the GRC experts at GBTEC individually implement specific banking requirements for risk management.
Banks that establish an active, integrated form of risk management can achieve tangible financial advantages – and, more importantly, prevent catastrophes that result in long-term, negative effects.
Source: Bain & Company Germany, August 2018