Friday, March 31, 2006

An OPS Risk Refresher...

What are Operational Risks? Here is a refresher for the Financial Services Sector:

Key People Risks

Employee fraud or malice Including collusion, embezzlement, sabotage of bank reputation, money laundering, theft of physical and intellectual property, programming fraud including virus introduction

Unauthorized activity
Including misuse of privileged information, churning, market manipulation, activity leading to deliberate mis-pricing or with unauthorized counterpart or unauthorized product, limit breach, intentionally incorrect models such as deliberate changes to parameters, activity outside exchange rules, illegal/aggressive selling tactics, Ignoring/short-circuiting procedures deliberately

Employment law Including wrongful termination of employment, discrimination/equal opportunity, harassment, non-adherence to other employment law, non-adherence to Health and Safety regulations Workforce disruption Industrial action and other forms of disruption

Loss or lack of key personnel Lack of suitable employees and loss of key personnel



Key Systems Risks


Technology risk
Inappropriate architecture

Investment risk Including strategic platform or supplier risk, inappropriate definition of business requirements, incompatibility with existing systems, obsolescence of software

Systems development and implementation Including inadequate project management, cost/time overruns, programming errors (internal/external), failure to integrate and/or migrate from existing systems, failure of system to meet business requirements

Systems capacity
Including lack of adequate capacity planning, inadequate software Systems failuresIncluding network failure, interdependency risk, interface failure, hardware failure, software failure, internal telecommunication failure

Systems security breaches
Including external security breaches, internal security breaches, programming fraud, computer viruses


Key External Risks

Legal/public liabilities Including breach of fiduciary duty, etc. Criminal activitiesIncluding money laundering, terrorism, robberies, etc.

Outsourcing/supplier risk Including breach of service level agreement, supplier failure, etc.

Insourcing risk Including failure of firm as supplier of services to third-party

Disasters and infrastructural utilities failures Including fire, flood, and failure of critical supplies etc.

Regulatory risk
Including change of regulatory rules etc.

Political/government risk
Including expropriation of assets, changes in tax regime, law and industry regime, etc.

Remember, this does not even cover the largest category of Operational Risk, Processes. The process associated with our different procedures, protocols and mechanisms for doing business are one of the greatest areas to incur loss events. Errors, ommissions and lack of training are just a few of the areas that need to have consistent monitoring and continuous auditing.

No comments: