Sound Practice Guidance update Glasgow, 7 th November 2014 IOR Scottish Chapter The Institute of...

17
Sound Practice Guidance update Glasgow, 7 th November 2014 IOR Scottish Chapter The Institute of Operational Risk Brian Rowlands FIOR ©

Transcript of Sound Practice Guidance update Glasgow, 7 th November 2014 IOR Scottish Chapter The Institute of...

Sound Practice Guidance update

Glasgow, 7th November 2014

IOR Scottish Chapter

The Institute of Operational Risk

Brian Rowlands FIOR

©

©

Overview 2

• Introduction to Sound Practice Guidance

• Summary of current SPG papers

• Recently published – and planned

• Discussion

• Summary and conclusion

©

• Written by practitioners for practitioners• Reflects current “sound” practice• Built around the main elements of an operational risk

framework• Only available (in full) to IOR members

Introduction to Sound Practice Guidance 3

©

Summary of current SPG papers 4

Internal and external environment

Drivers: Business strategy/objectives

Governance

CategorisationAppetite Culture

KRIsLosses Ext RCSA ScenariosLosses Int

Past Present FuturePast Present Future

Infrastructure

Toolkit

©

Since last year’s Scottish Chapter conference we have published:

•A new paper on Risk Culture (November 2013)•A new paper on Scenario Analysis (December 2013) and•An updated Risk Control Self Assessment paper (May 2014)

Recently published… 5

©

• Recognised as a key topic by financial institutions, professional institutes and regulators

• But little clarity/guidance over what it is, how it it can be assessed / managed

The structure of the SPG paper is• Defining risk culture• The significance of risk culture• Internal and external factors that can affect risk culture• Managing risk culture (including monitoring and assessment)• Implementing an effective risk culture change process

Risk Culture 6

©

The outline of this paper is:•Introduction: Objectives; Definitions, Examples of use, Advantages and disadvantages•Regulatory guidance – European and UK sources of reference•Development methodology: Preparation; Assessment; Validation; Reporting•Sources of information: Expert judgement; RCSA; Internal loss data; External loss data; Key Risk Indicators•Embedding within a risk management framework: Interface with risk appetite/tolerance; Risk mitigation; New business and new products, Strategic planning

Scenario Analysis 7

©

Work in progress includes:

•An updated Key Risk Indicators paper, and;•A new paper on Conduct.

Beyond that we expect to be addressing a new paper on Internal Loss Events and are considering the subject of Risk Management Effectiveness.

Planned… 8

©

Progress to date – a technical author has been identified who will be guided by:

•A recent article published in the Operational Risk & Regulation magazine, and; •A draft outline, building on presentations delivered by the FCA.

Conduct 9

©

• Perhaps one of the most important components of the Operational Risk Framework?

• Elements of loss events• Uses of loss data• Practical challenges associated with implementation

Internal Loss Events? 10

©

• Encompassing:• The Use Test and• “Comparative Analysis” (BCBS195 and BCBS292)

• Integration of framework components• Why integration is important• Integration of information: outputs = inputs• Integration of function- how each framework component

contributes to “IMMR”• Assessing “effectiveness” - development, implementation,

embedding - so what?

Risk Management Effectiveness? 11

©

Any questions? 12

©

Exercise 1:

Suggestions for new SPG papers?

©

Exercise 2:

Which are the most important / urgent topics for development?

©

• What we have achieved in this session• Next steps

Summary 15

©

• The IOR in Scotland has been very well represented in supporting the SPG papers published to date.

• But we are always looking for extra volunteers to assist in the drafting of new papers.

• If you would like to make a contribution please contact the SPG Lead Ariane Chapelle: [email protected]

Conclusion 16

The content of this document is the property of the Institute of Operational Risk (IOR). It is made available on the understanding that no part of it shall be modified, copied, stored in a retrieval system, or transmitted in any form, by any means or supplied to a third party without prior written consent of the IOR. Care and attention has been taken in the preparation of this document but the IOR shall not accept any responsibility for any errors or omissions herein. Any advice given or statements or recommendations made shall not in any circumstances constitute or be deemed to constitute a warranty by the IOR as to the accuracy of such advice, statements or recommendations. The IOR shall not be liable for any loss, expense, damage or claim arising out of the advice given or not given or statements made or omitted to be made in connection with this document. The IOR recognises copyright, trade marks, registrations and intellectual property rights of certain third parties whose work is included or may be referred to in this document. The content of this document does not constitute a contractual agreement with the IOR. The IOR accepts no obligations associated with this document except as expressly agreed in writing. The information contained in this document is subject to change. All rights reserved.

Disclaimer

©