Building an Operational Risk Framework

Operational risk management is at the core of a bank’s operations – integrating risk management practices into processes, systems and culture. As a pro-active partner to senior management, ORM’s value lies in supporting and challenging them to align the business control environment with the bank’s strategy by measuring and mitigating risk exposure, contributing to optimal return for stakeholders. For instance, HSBC3 has invested heavily in understanding customer behavior through new systems initially designed for fraud detection, which is now being leveraged beyond compliance to address more effective customer service.

The ORM group of an organization keeps its people up-to-date on problems that have happened to other financial institutions, allowing it to take a more proactive approach. “Our goal is for employees to look at ORM as a business stakeholder and a shareholder, involving them on all levels and bring stability into their jobs,” said senior vice president of Operational and Compliance Risk Management Group. A noted financial services company, on the other hand, incorporates its ORM approach as an extension of its business line and not a separate entity. The company has implemented an operational risk umbrella that encompasses all aspects of potential risks – bank protection, fraud prevention, key risk indicators, capture of operational loss data, business line risk oversight and new products and initiatives for data security. Its Chief Risk officer quotes, “We utilize our ORM practices to gain respect and appreciation of all our business lines by really understanding their issues, and being part of the overall solution.”