Consultancy of the year: EY
Operational Risk Awards 2015: Offering an enterprise-wide view and multi-disciplinary skill set is important to tackling op risk challenges
The failure of firms to take an integrated view of their risk positions in the lead-up to the financial crisis was a costly mistake for the banking industry. Just as credit and market issues were found to impact liquidity, operational risk failures were severe enough to damage reputations and trigger concerns about credit and liquidity risk.
Those stark lessons have broadened the scope and stature of operational risk, says Dan McKinney, New York-based operational risk lead partner at consultancy EY. This has occurred alongside a more gradual transformation in how banks manage their non-financial risks, which has been driven by increased regulatory and public scrutiny. "If you look back 15 years, you would see a very different profile of operational risk management leaders and size of their teams," he says. "I don't think people truly appreciate how much the discipline has changed, but that's because it has happened slowly over time."
EY's financial risk practice – a 3,500-strong team boasting backgrounds across risk, business, regulatory, technology and data analytics – has kept pace with the trajectory of the operational risk discipline, an achievement that has helped it win Operational Risk's award for consultancy of the year. The consultancy takes an enterprise-wide approach to support firms as they enhance their systems and control frameworks or carry out regulatory remediation programmes, in order to better cover sub-categories of op risk including cyber security, vendor risk, corporate governance, conduct risk, GRC (governance, risk and compliance), and risk culture.
McKinney says that while sub-topics such as cyber risk may have been owned in the past by other areas of the firm, such as IT, chief risk officers are now also sizing them up, alongside the work of their firm's chief information security officers. "There probably isn't a single risk committee not asking questions about cyber right now," he says. "Firms are realising that it's not just the size of the fine or how much money you could lose due to a control failure; it's the reputational damage that can have a significant and lasting impact. And so it's these events that impact the public perception of the institution that are really getting the board's attention."
The breadth and size of EY's team allows it to tackle projects that require multiple skill-sets from different disciplines. "It's something we've worked hard at," says McKinney. "We make sure we look broadly across our skill-sets to ensure we have the right skills, no matter what team our consultants may technically come from. If we approached our clients with our blinders on – that the client is the head of operational risk and this is therefore an operational risk issue – we would not be doing our best for our clients. We really look at how the problem extends to other risk types and try to make sure we bring the right skills to bear."
The approach extends to setting risk appetite, too, with EY working with clients to assess how their unique operational risk, market risk and credit risk exposures and appetites tie together as part of a consistent and comprehensive risk appetite framework. That means team members dedicated to operational risk management often work closely with those more focused on enterprise risk management, and can cross into both disciplines when called upon. They could also find themselves working alongside the portion of the EY credit risk team predominantly focused on the annual stress tests carried out by the US Federal Reserve – formally known as the Comprehensive Capital Analysis and Review – because of the operational risk element now included in this.
As they work closely with all levels of an organisation, EY consultants are able to keep an eagle-eye on risk management trends as they develop, many of which are occurring in the operational risk space, McKinney says. For instance, while op risk managers have long used scenario analysis and market simulations for capital modelling purposes, managers are realising that more qualitative risk management frameworks can also benefit from the same form of review, and are asking consultants for advice on how they should tackle such an opportunity.
Another new tool can be found in advanced data analytics. The continual flow of real data points stemming from a bank's processes, indicators, metrics and loss data can be used to help clients to unearth trends and patterns in a firm's risk and control self-assessment, for instance, which helps to nurture an enterprise-wide view.
McKinney says that a growing number of firms are also realising they can leverage their operational risk programmes to identify and define processes for regulatory pressure points such as recovery and resolution planning and risk programmes for cyber security or outsourcing services to third parties.
"Operational risk can add value by looking across the firm, front-to-back, to identify hand-off points and dependencies and potential weaknesses," he says. "You're not just simply rolling out a framework any more. You're actually using the framework, the data, to drive risk management decisions."
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Awards
Environmental products house of the year: ENGIE
ENGIE is driving change in energy transition, with a strong focus on renewable energy and the liberalisation of power markets in Apac, which presents significant long-term growth opportunities. In recognition of its efforts, ENGIE GEMS has been named…
Natural gas/LNG house of the year: ENGIE
ENGIE continues to expand its services to better serve firms in Apac dealing with the challenges of energy risk management and supply
FRTB management solution of the year: Bloomberg
Amid the diverging timeframes and complex requirements of FRTB, Bloomberg offers a consistent, comprehensive and customisable solution for Apac banks preparing for implementation
Newcomer of the year: Topaz Technology
Jon Fox and former colleagues formed Topaz Technology in 2015. Having seen many different systems and, in some cases, written and built a few themselves, there was always something missing, leading them to build a system that unifies risk reporting and…
Technology vendor of the year: Murex
As a technology vendor, Murex places adaptability front and centre of everything it does, constantly enriching its MX.3 platform to ensure institutions can respond to new market opportunities as soon as they spot them
Currency derivatives house of the year: Deutsche Bank
Asia Risk Awards 2024
Interest rate derivatives house of the year: Standard Chartered Bank
Asia Risk Awards 2024
Derivatives house of the year, Taiwan: CTBC Bank
Asia Risk Awards 2024