• Executive Management,
• Senior Personnel
• Operational Staff and Line Personnel who are responsible for the operations risk management program in their respective business unit/division/branch or for carrying out the implementation of that program.
• This course also is an ideal introduction for Central Bank staff involved in oversight issues who require a strong Operations Risk foundation.
  

Recent events at France’s Société Générale point clearly to an Operations Risk Management failure of considerable proportions. Just examine some of the comments from the world’s financial press:

•  “The bank said that it tried on several occasions to make Mr. Kerviel take a few weeks off, but that it ultimately went along with his excuses for staying at work” (breakingviews.com)
  
  
• “The prosecutor also said that Mr. Kerviel admits to disregarding Société Générale’s trading rules but says others also flouted limits designed to contain risks to the bank”. (Wall Street Journal – January 29, 2008).
  
  
• “… was the IT drawbridge properly raised when he made his move out of the back-office and onto the trading desk in 2005? Clear segregation of back-office and front-office activities was one of the clearest lessons to emerge from the rogue-trading scandal at Barings Bank in 1995; at SocGen, those lines seem to have blurred.” (Economist.com).
  
  
•  “Eurex, the futures exchange of Deutsche Börse, questioned the trading position of Mr. Kerviel last November.” (Wall Street Journal – January 29, 2008).
  
  
• “Veterans of the futures markets are baffled about how Mr Kerviel got away with building up such a big position unnoticed.” (Economist.com)

Is your bank a sitting duck for a rogue trader, a malicious mischief maker, a thief or worse?

What are the Basel II requirements regarding Operations Risk?

This introduction to Operations Risk management and mitigation, moves the participants beyond Basel II and the various international compliance requirements for operations risk, and into an understanding of operations risk management and mitigation as a value added proposition, increasing the bank’s profitability and structural strength. 

Although financial institutions have been managing risk exposures for years operational risk management as a discipline is relatively new. The change in focus to operational risk management has been driven by a number of factors, led by the compliance requirements of regulators. Other critical factors include the complexity of banking & financial products, advances in technology, rapid expansion of bank operations, and the increasing vulnerability of financial institutions to operational failures & losses. The increased attention to Operational Risk has also been driven by a number of major events attributed directly to operational failures

• Define Operations Risk in terms of the current international best practice.
• Gain a deeper insight into the major causes and consequences of failures in the operational and back office scene.
• Gain a more comprehensive understanding of the magnitude of the operational risk problem.
• Discuss the many challenges facing the bank operations manager.
• Gain a better understanding of how national risk mitigation policies requirements interacts with the operations of financial institutions.
• Gain a greater understanding of the costs of mitigating operations risk and the effects on business revenue streams. What are the real and hidden costs of risk mitigation? Is there a financial payback?
• Appraise how risk assessment and mitigation is "governed" in terms of international standards and guidelines.
• Examine actual case studies of operational failures; the facts, the events, the damage & the consequences
  

Definitions How the operations risk defined, the risk mitigation standards currently in use and current best practice with an emphasis on the Basel II requirements.

Key elements in managing Operations

• Risk
• Developing risk strategies,
• Overseeing these by the banks board of directors,
• Operational risk culture,
• Internal control culture,
• Internal reporting and
• Contingency planning.

Developing an Appropriate Risk Management Environment

Key components include:

• Policy & Structure Board approval;
• Providing guidance to senior management;
• Developing risk management policies;
• Establishing an operational risk management structure;
• Establishing clear lines of management responsibility, accountability and reporting;
• Regular review and internal audit verification.

Implementation

• Transforming operational risk management policies into specific processes and procedures
• Implementation of a risk management process within the banks business units.
• Staff policies to ensure that staff are qualified in operational risk management, are responsible for monitoring and enforcing risk policy compliance and have the appropriate authority.
• Communicating the bank's operational risk management policy to all staff units.
• Ensuring that there is appropriate documentation relating to controls and transaction-handling practices.

Risk management function

Risk mitigation is an ongoing function and should become a central feature of every bank's ongoing risk management activities.

Identifying and assessing the operational risk

Topics to be covered include the following critical issues.

• Identifying most potentially adverse risks, and assessing banks vulnerability to these risks through an "Environmental Survey" and a "Technology Inventory" leading to the completion of a Risk Assessment
• Identifying appropriate indicators that provide early warning of an increased risk of future losses.
• Collection of a bank's historical loss experience data including procedures for monitoring operational loss events.
• Ensuring that all new products, activities, processes and systems are subject to adequate assessment procedures regarding operational risk before they are introduced/ implemented.

Controlling and/or mitigating material operational risks

• Internal practices to control operational risk such as setting & monitoring risk limits;
• Maintaining safeguards for access to, and use of, bank assets and records;
• Ensuring that staff have appropriate expertise and training; identifying business lines or products where returns appear to be out of line with reasonable expectations;
• Regular verification and reconciliation of transactions and accounts.

Contingency and business continuity plans

Expecting the unexpected.

Full-scale contingency and business continuity plans should be in place, tested and ready to use should the need arise. This ties up operations risk requirements and mitigation. Areas covered include:

• Establishing disaster recovery and business continuity plans,
• Identifying critical business processes (including those where there is dependence on external vendors or other third parties),
• Restoring electronic and/or physical records, and the regular testing of these plans.

Dealing with risks in specific operations areas

The course provides a detailed overview of assessing and managing risks in specific bank operations areas. This covers:

• Core & Distributed Operations,
• Standalone microcomputers,
• Environmental & Technology Controls.

Operations Risk

We cover critical issues around security concerns, security controls, secure operations and the key risk areas (reputation, strategic, credit, liquidity, legal & operations) as well as:

Payments Systems RTGS,

• Large Value Transfer Systems,
• Cash management products,
• Securities & Collateral,
• Interbank messaging systems,
• Cheque payments,
• EFTPOS and CLS.

Payment Instruments

• Cheques,
• Electronic Payments,
• Cards,
• ATMs

Internet Case Studies

The course contains a number of case studies including the recent SocGen rogue trader case plus interactive participant sessions.