Operational Risk what is it? How does BCM Fit?

Similar documents
29/11/2017. Risk Management Policy

Role of Operational Risk in the Product Lifecycle Presented By: Chris Nestore, SVP Head of Operational Risk Management, TD Bank

Risk Advisory Services Developing your organisation s governance for competitive advantage

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

Risk and Compliance Services

Risk and Compliance Services

Third Party Risk Management ( TPRM ) Transformation

Banking and Financial Services Engage with the Emerging

Changing Hats: Business Continuity to Operations Risk Manager. Presenter

Corporate Functions & Business Operations

Practices in Enterprise Risk Management

Integrating risk management through data, analytics and infrastructure: Our perspective

Next-generation enterprise risk management

Embedding Operational Risk

Implementing Authentic Enterprise Risk Management

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Is Artificial Intelligence on your Board/Audit Committee s Agenda? Hossam El Shaffei, RSM Egypt

OVERVIEW MAPR: THE CONVERGED DATA PLATFORM FOR FINANCIAL SERVICES

White Paper The Digital CRO

Risk management. Risk management system

Customer Due Diligence A Risk Based Approach. Dr Tony Wicks Director of AML Solutions NICE Actimize

Performance Risk Management Jonathan Blackmore, May 2013

Developing a Payments Market Infrastructure Fit for the 2020s

Financial Discussion. James Kavanaugh Senior Vice President and Chief Financial Officer IBM

Machine Learning and Cognitive Computing: Enhancing Transaction Risk Management

IDC MarketScape: Worldwide Anti Money Laundering Solutions in Financial Services 2018 Vendor Assessment

Risk Management TRAINING AND EVENTS. aba.com/risktraining

Model Risk Management at FinTech organizations Considerations for bank charter applicants

5 ways blockchain is transforming Financial Services

Operational Resilience Measure and Report

Governance, COBIT and the Cloud a match made in the sky! Robert E Stroud CGEIT International Vice President ISACA Treasurer, Director Audit,

Insurance Accounting & Systems Association (IASA): NY/NJ Chapter Spring 2014

Hosted CRM vs. In-House: Which Direction Should Your Company Take? WHITEPAPER

Response to the Basel Committees Sound Practices: Implication of fintech

Risk Management Strategy

Finance disrupted. Future of finance in healthcare: As the industry adjusts to continuous disruption, the finance function has an opportunity to lead

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

WHITE PAPER THE RSA ARCHER BUSINESS RISK MANAGEMENT REFERENCE ARCHITECTURE

Executive Summary. Exhibit 1- Streamlined communication to the Board of Directors

The COSO Approach to Enterprise Risk Management

Welcome. Integrating Strategic Risk into Enterprise Risk Management (ERM) 11/9/2015. Agenda. Evolving enterprise risk management (ERM) Strategic risk

11/9/2015. Welcome. Regulators, governments, analysts, and the street are paying much more attention to this particular management capability

Audit Quality Assurance workshop Audit Planning by: CPA Steve Obock Associate Director- KPMG Kenya March 2017

Next Generation Services for Digital Transformation: An Enterprise Guide for Prioritization

B U S I N E S S R I S K M A N A G E M E N T L T D

MODULE 1: INTRODUCTION TO STRATEGIC MANAGEMENT ACCOUNTING

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Introduction to ERM (Enterprise Risk Management)

Deloitte Governance Framework and Maturity Model

Adoption Trends and Observations

Risk Appetite Statement

The Banking Sector in the Age of Digital Transformation

Agile Risk Assessment Reinventing RCSAs

Problem Statements HR TECH CUSTOMER ENGAGEMENT PORTFOLIO MANAGEMENT

Intelligent Payment Management for Today and Tomorrow Technology Advancement to Navigate the Converging Payments Landscape

Operational Risk Management Excellence Survey (executive report)

EY Center for Board Matters. Leading practices for audit committees

KEY. riskupdate PREDICTIONS FOR Risk Reward. Jan 2011

The Technology Frontier

JAPAN BANKING & CAPITAL MARKETS

Operational Risk. A 3-day course. This course can also be presented in-house for your company or via live on-line webinar

Advisory & Client Services

Our Emerging Offerings Differentiators In-focus

UNITY TRUST BANK PLC ( the Bank ) AUDIT AND RISK COMMITTEE

DIGITAL OUTLOOK BANKING INDUSTRY

2015 SAP SE or an SAP affiliate company. All rights reserved. 1

Internal audit insights High impact areas of focus

IDC MarketScape: Worldwide Anti Money Laundering Solutions in Financial Services 2018 Vendor Assessment

The credit card industry: navigating an evolving environment. EY Advisory Services

Banking Guiding an industry in transition

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

pwc.co.uk Enterprise Risk Management

At the Heart of Enterprise Agility

Stress Testing & Capital Planning: Principles, Program Elements & Common Challenges

Enterprise Risk Management Discussion American Gas Association Risk Management Committee Meeting

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

OPERATIONAL RISK EXAMINATION TECHNIQUES

IBM Watson Financial Services

Third-Party Enterprise Software Support: Key Risks and Questions to Ask

Community Bankers Conference

Asset Acceptance Capital Corp.

API 360: The Complete API Strategy Model for the Enterprise

AI and Ecosystems in Financial Services

Statement on Risk Management and Internal Control

Hybrid Cloud POV Fremtiden ligger i bi-modal IT

Operational Risk. A Three Day course

Boards and internal audit: Working together to strengthen risk management

Generating value within the Risk Ecosystem Risk powers performance

Competition/Collaboration in the Business Value Network

IBM Watson Financial Services

Fujitsu UGN. Keith Moore: Fujitsu Head Of Hybrid IT & Digital. Nadia Bendjedou: Oracle Vice President Product Strategy, Oracle EBS

The Path to Digital Transformation. A Roadmap for Business Success

RBC Capital Markets Financial Institutions Conference 2018

Anti-Money Laundering and Sanctions Compliance. You Can t Afford the Risks

WHAT S DRIVING CAPITAL MARKETS TO CLOUD?

Building the Future Bank by Simplification Retail Banking Innovation Conference, London

Risk Management and Regulatory Examination/Compliance Seminar October 27, Eric Young CCO-Americas and CCO-IHC

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Transcription:

Operational what is it? How does BCM Fit? Karen Kemp, Director Operational Management RBC Technology & Operations

Agenda 1. What is Operational 2. RBC Worldwide 3. Technology and Operations 4. T&O Operational Program 5. Q&A 2

What is Operational? The generic term operations risk was officially coined in 1991 (COSO 1991) but was not widespread until the mid to late 1990s when Basel 2 proposals were developed and published in June 1999 Operational is not a new risk However, the idea that operational risk management is a discipline with its own management structure, tools and processes is new. (British Bankers Associate website, accessed 26.08.02) Three pillars of Basel II Pillar 1 Minimum Capital Requirement TOTAL RISK, Credit, Market & Operational Pillar 2 Supervisory Review Process Pillar 3 Market Discipline So how does this affect me? 3

RBC Strategic Goals In Canada, to be the undisputed leader in financial services. Globally to be a leading provider of capital markets, investor and wealth management solutions. In targeted markets to be the leading provider of select financial services. 5 Business Segments 4 Operates in 44 countries 80,000+ full and part time employees More than 16 million clients worldwide Personal and Commercial Banking Wealth Management Insurance Capital Markets Investor and Treasury Services

Technology is anchored within T&O, which operates a complex technology environment and delivers critical capabilities for the business Complex array of technology assets and physical infrastructure Resilient and secure engine for business activities Culture of performance, delivery excellence, regulatory compliance 2,600 applications 25,000 servers 19 data centres 50,000 devices send security events to the Security Operations Centre $42 trillion payments processed annually 380 million client transactions completed daily 4 million online banking clients 1 million mobile banking clients 1,700 active projects in 2013 3,300 change requests delivered per month 60,000 calls a month into the Enterprise Service Desk 5 All numbers are approximate

A number of forces of change are enabling significant shifts in traditional business models Regulation New regulation Regulator scrutiny Maturing technologies Business Models Mobile Big data and Analytics AI / Cognitive Computing Anywhere / anytime Deep insight, volume and velocity Adaptive, self learning MAJOR BUSINESS SHIFTS Investing heavily Superior client experience Traditional competitors Niche players Cloud Social Media Fast deployment, on demand, lower barriers of entry Instant feedback to millions / constant connectedness Cyber Fraud Speed and agility, continuous relationship Digital giants Security threats 6

With growth and change comes risk.. and T&O is in a constant state of change Project - Where the business wants it now mobile, competition Information Technology - Cloud how do you risk assess something new and leading edge? People supporting legacy systems when the programming language is no longer taught in schools Privacy protecting our customers, employees and company Processing and execution risk executing change management risk the first time. 7

RBCs Operational Management Approach RBC definition of Operational The risk of loss or harm resulting from inadequate or failed internal processes, people and systems or from external events. BASEL definition Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk. 8

Operational Categories Operational : The risk of loss or harm resulting from inadequate or failed internal processes, people and systems or from internal events 2nd LOD Enterprise Operational provides oversight & challenge for all 18 categories 2 nd LOD Centre of Governance provides support, oversight & challenge in their area of expertise Finance Legal/ Fiduciary BCM/ Resilience Safety and Security Project Privacy Money Laundering People Product Third Party Model Info. Mgt. IT Tax Suitability Fraud Regulatory Compliance Processing and Execution 1 st LOD - T&O BUORM Assesses risk for all 18 Operational Categories BUORM takes E2E Horizontal view, while CoGs leverage in depth knowledge for a deep Vertical view resulting in an Integrated Assessment for RBC. 9

Enterprise Op Program Elements 10

Operational Management Processes & Control Assessments Cover many aspects Enterprise, Unit, Process, Trigger are all various types of assessments. All assessments must consider all 18 areas of Operational Findings are treated the same as audit findings and tracked, and reported. Appetite and KRIs appetite is the amount and type of risk one is willing to accept appetite helps protect organization from an unacceptable loss or an undesirable outcome with respect to earning volatitly, capital adequacy or liquidity, while supporting and enabling the overall business strategy. 11

Business Environmental Factors and Internal Control Factors parameters used in the management and measurement of operational risk Reflect the assessment of the Operational Profile, both for a specific business and across RBC Consist of external/market factors and internal/business factors that are considered as part of the Enterprise-Level and Control Self- Assessment Involves a qualitative assessment of the following factors: 6 to 18-month risk outlook assessment determined during and Control Self-Assessments from underlying Business Units and quarterly updates of significant changes to the Operational Profile Input from CoGs for specific Operational Categories Ongoing monitoring of industry or internal developments 12

Internal Events/External Events/Projects Internal Events An operational risk event is a specific incident where operational risk leads to, or could have led to, an unintended, identifiable impact Operational risk events can be further divided into two groups: Internal Events and External Events Internal Events are those that affected RBC, or one or more of its subsidiaries or Business Units External Events are those that affected institutions other than RBC IRP (Integrated Profile) Policy change now requires IRP to be completed for all projects prior to funding approval Project Managers must ensure the IRP is completed. The IRP is to be approved by the Project Sponsor or Sponsor delegate. Furthermore; the Project Manager must ensure that the Business Segment Operational Management Team and relevant Centres of Governance are engaged in its review and provide approval and concurrence respectively. The IRP should be refreshed where there are material changes to the Project during its lifecycle to ensure that new or changed risks are identified and action plans re-evaluated and documented. 13

Scenario Analysis Definition: A structured and disciplined process for making reasonable and plausible assessments of significant operational risk events, including catastrophic risk events; taking into account the expert opinions of business managers, risk managers and subject matter experts in specific areas of risk. A set of circumstances that combine to create infrequent, yet plausible, severe operational risk events (also known as Tail Events ). 14

Comparative Analysis Decision making at various levels of any organization will benefit from more complete and interactive information. Operational risk management frameworks and tools are designed to permit the collection of information in specific areas across business lines on an enterprise wide basis. The & Control Self Assessment (RSCA) already incorporates comparative analysis into its requirements. Any unit that executes the RCSA requirements articulated in our ORM standard would have performed comparative analysis in the process to leverage, where possible, all and any ORM program outputs as illustrated. In this analysis, we have taken these ORM program outputs and associated data, such as loss events, scenarios taken place, audit findings, KRI data points, and trends into consideration to form conclusions and recommendations to improve and enhance our risk management procedures and practices. Integrated Profiles Scenarios Enterprise & Control Self Assessment Key Indicators Internal Controls Audit, Priority 1 Incidents Operational Events (Internal & External) 15

Recap Operational is inherent in everything The goal is to establish a risk aware culture Operational outputs inform business decision making Operational principles can be used in all organizations 16

Questions? 17

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback