Professional Documents
Culture Documents
Abstract
Risk management has always been a complex function for banks. Today the scope
of regulatory compliance and risk management has become much broader, and
the potential impact of noncompliance is significantly high. The risk function at
banks is evolving from being a number-crunching function to a more dynamic
business enabler, focusing on risks arising from complex products, diversified
operations, diverse workforce, multiple channels, and regulatory compliance at
regional and global levels. The intent being on proactive risk management and
mitigation rather than event-based response.
Operational risk has come to the fore since 2001 when it was recognized as a
distinct class of risk outside credit and market risk, by Basel II. Though the Basel
committee proposed some approaches to measure operational risk, their level
of sophistication varies across banks. This is also because operational risk is the
most complicated risk type, when it comes to risk quantification, identification,
and mitigation. Operational risk is highly dynamic in nature and is impacted
by numerous factors such as internal business processes, regulatory landscape,
business growth, customer preferences, and even factors external to
the organization.
Introduction
Risk management has always been a regionally and globally. The underlying because operational risk is the most
complex function for banks. Today, the intent is proactive risk management complicated risk type when it comes
scope of regulatory compliance and and mitigation rather than event- to risk quantification, identification,
risk management has expanded and based response. and mitigation. In fact, operational
the potential impact of noncompliance risk is highly dynamic in nature and
has significantly risen. As a result, the Operational risk came to the forefront impacted by numerous factors such
risk function at banks is evolving from in 2001 when it was recognized as as the internal business process,
being a number cruncher to a more a distinct class of risk outside credit regulatory landscape, business growth,
dynamic business enabler focusing on and market risk, by Basel II. Though customer preferences, and even
risks arising from complex products, the Basel committee proposed some factors external to the organization.
diversified operations, diverse approaches to measure operational Some factors are:
workforce, multiple channels, and risk, their level of sophistication
stricter regulatory compliance both varies across banks. This is mainly
Internal Business
process growth
• Economic outlook
• Tighter regulatory requirements Bank’s • Natural calamity
operations
• Increased number of regulations Regulatory • Financial instability
• Complex regulatory requirements landscape External `Malfunctioning of ATM , due to
factors
`Unable to meet regulatory guidelines outage in the city’
due to disparate systems’
Customer
preferences
granular level to help identify and control profile and risk appetite to minimize
The key objective here is to move beyond
potential defaults in future
operational risk incidents. The target the traditional risk types and focus on all
framework should include the following • Inclusion of non-customer-facing business processes and interactions to
risk sources, which in our experience, is functions / processes under the purview ensure they are well covered.
lacking in most banks today: of the first line of defense
Integration of operational risk • Integrated risk management regulations such as BCBS239, and to
platform: We propose integration of send all risk-related regulatory reports
Each risk classification – credit risk, market
these independent risk management to regulators from a single source.
risk, and operational risk – differs widely in
systems under a composite umbrella • Enterprise case management for
its assessment, on-ground execution, and
for a more effective risk management risk: A `case’ typically is an instance
quantification. It is highly recommended
strategy. This integrated risk platform of operational risk. We propose an
to have a holistic view of all of these
created on top of a data lake can be enterprise case management system
risk classifications. Basel III reporting
requirements need capital reporting further leveraged for a one–stop shop to manage alerts across different risk
for each risk classification to be done of all data requirements for trend types. This will help to create a common
separately. The approach to address this analysis, scenario analysis, and to risk catalog within the enterprise.
in most banks today is to have disjointed enable an equally powerful dashboard Further, it will reduce operational and
systems which work like watertight and on-demand analysis. This would technology costs of managing such
compartments that result in duplication of help reduce the costs of platform systems separately.
costs as well as effort. maintenance, faster compliance with
Relevant data Centralized risk Risk analysis based Regulatory Enterprise-wide risk
aggregation from quantification, on Basel compliance analytics, reporting, and
all lines of business monitoring, and framework framework governance strategy /
and functions control decision support
Venkatesha N. Vysya
Sr. Industry Principal, Risk and Compliance Practice, Financial Services Domain Consulting Group, Infosys
Venkatesha has over 20 years of industry experience leading several large and complex IT consulting, process
re-engineering, system integration, and business transformation programs across marquee clients globally. Over
the years he has built teams and multiple COEs to address business needs across industry domains.
Navdeep Gill
Lead Consultant, Risk and Compliance Practice, Financial Services Domain Consulting Group, Infosys
Navdeep has nearly nine years of experience. She has worked on large transformational programs in risk areas,
for leading financial service providers, and has extensive experience in defining the strategy and roadmap of
such programs. She has an MBA degree with a specialization in finance. Her areas of interest include liquidity risk
and regulatory reporting.
© 2016 Infosys Limited, Bengaluru, India. All Rights Reserved. Infosys believes the information in this document is accurate as of its publication date; such information is subject to change without notice. Infosys
acknowledges the proprietary rights of other companies to the trademarks, product names, and such other intellectual property rights mentioned in this document. Except as expressly permitted, neither this
documentation nor any part of it may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, printing, photocopying, recording, or otherwise, without the
prior permission of Infosys Limited and/or any named intellectual property rights holders under this document.
Stay Connected