Operational Risk Management is one of the fundamental components of a bank’s risk management program. Developments in the last four decades, specifically globalization, complex financial products and digitalization have increased the importance of operational risk management. A growing number of high-profile operational loss events worldwide has prompted regulators to define regulations in the require banks to set aside risk capital to cover operational risk losses.
The Basel Committee on Banking Supervision (BCBS) has been defining and refining the Basel regulations to strengthen the stability of the international banking system. There has been a significant emphasis on operational risk management in Basel II and Basel III frameworks. The Basel Committee defines operational risk in Basel II and Basel III as the’ risk of loss’ that results from insufficient or failed internal processes, people and systems or from external events.
In Comparison to financial risk, operational risk tends to be more complex and challenging to handle. Understanding, measuring and managing interconnected factors including human behaviour, organizational processes and the underlying technology is a huge challenge for banks. It is a daunting task for banks to create cultural governance and management structures that can systematically control these risks.
Banks should access their existing risk factors and create a database with all risk events mapped to form effective ORM capabilities. Key Risk Indicators (KRIs) gives out early warning signs of any forthcoming problems. Banks must then clearly communicate their risk appetite. These are the steps to establish a bank’s cultural and governance priorities. Thus, the banks will be able to set a grade for a risk aware culture with its behaviour and decisions. Also, the management can create an observant work culture to predict and report any potential risk events by training people to find out the possibility of instances that can go wrong. This ensures that communication in risk happen top-down, bottom-up and across various departments.
Banks can leverage technology for continuous risk surveillance with the amount of data that is digitally available. You can define KRIs using the available data to flag risks of high criticality which can be seen from a dashboard for various levels in an organization to act upon. Channels for reporting risk events can be enabled through applications with user-friendly interfaces.
ServiceNow’s Integrated Risk Management (IRM) solution comes with many features for operational risk management which enables in
- Evaluating risks using manual and automated risk assessments
- Evaluating operational effectiveness of associated controls
- Defining KRIs to highlight risks when the risk rating becomes unacceptable
- Reporting and managing risk events to track identified risks and risks that are not present in the risk register
- Aggregating risk reports for understanding losses at a higher level using risk rollup
- Analyzing risks across departments using Common language as a consistent method
- Creating issues automatically and mitigating tasks to track to completion
ServiceNow’s out-of-the box solutions for IRM ensure a faster implementation timeline allowing banks to focus more on managing operational risks. With complete focus on the IRM product suite, ServiceNow is churning out new features frequently and updating them as store release opposed to the general release cycles that they have every six months. Hence customers of ServiceNow IRM solution can definitely expect features which will enable them to manage operational risks more efficiently.