Women in Financial Services
E2W Member, Natalie Murray: An ORM Case Study
Katie.Dix / 17 Dec 2019
E2W Member, Natalie Murray shares another article for E2W.
I am a seasoned banking professional with experience in Operational Risk Management, Internal Audit and project management, acquired from roles at top tier banks in London, New York and most recently, Singapore. This experience is augmented by successful academics - I am an award-winning MSc in Banking graduate and Chartered Fellow of the London Institute of Banking and Finance. I believe that banks need to think differently about ORM, beyond an overly theoretical framework that prioritises calculating capital and compliance-based activities, focusing instead on a positive risk management cultural ethos that is embedded across an organisation, which is why it emerged as a leading idea for a research topic.
An ORM Case Study.
The suspension of several traders by Morgan Stanley earlier this month, over alleged mismarking of securities that concealed multi-million dollar losses (FT.com, 2019), is indicative of a sector that continues to be rocked by failures associated with costly and high-profile operational risk incidents. According to the FT, it remains unclear whether the so-called mismarking of the contracts represents faulty pricing models, or the deliberate actions of traders seeking to conceal losses. Either way, it offers a useful insight into operational risk failings, how they can occur and the pressing need to view the discipline through an alternative lens, beyond the mathematical concepts of calculating capital and recognise more consciously that losses, as a result of operational risks materialising, are often affected by behavioural and cultural factors rather than technical ones.
OpRisk Capital: The Basics
In line with the sub-categories defined by the Basel Committee that can result in losses due to exposure to operational risks, the incident at Morgan Stanley would likely be classed as ‘Internal Fraud’ in the form of unauthorised trading activity if the traders were found to have deliberately concealed the losses. It will be reported as an ex post event, captured and reported as an actual loss, ultimately increasing the operational risk capital charge that Morgan Stanley will be required to set aside.
The challenge of human behaviour in ORM
A significant challenge of ORM is the large number of risks and eventualities it covers, its universal nature and the fact it overlaps several other risks instead of being a discrete risk. The existing Basel II OpRisk classification[1] embraces both Human Risk and HR Risk and requires for the identification, assessment, mitigation and monitoring of people risks to be undertaken as part of ORM. Over a decade ago, the global financial crisis highlighted the vulnerability of the global financial system to moral hazard and shone a light on the importance of business ethics and good conduct (Feria-Dominguez, 2017), giving rise to a new category of risk – behavioural risk.
The Morgan Stanley incident draws attention to the ongoing challenges around the identification and management of risks associated with behaviour and conduct, specifically in respect of understanding the rationale of the choices made by decision makers and risk takers, and the asymmetric issues that can arise as a result (Bott, 2017). It is reported that the Morgan Stanley business at the centre of the story was 'highly speculative, rather than focused on fulfilling client needs, and that it valued aggressive risk-taking by staff’ (FT.com, 2019). These are alarming similarities to the behaviour and risk culture that was symptomatic of many institutions leading up to the GFC that were found to have “weaknesses in overarching governance and management, inappropriate risk culture governance and conduct leading to acts of excessive risk taking and poor methods of risk identification and communication” (Ashby, 2011). The very culture of an organisation can influence employees’ behaviour by encouraging them to act in accordance with their perception of what behaviours are rewarded and which ones are penalized by the organization (St-Onge et al, 2019).
At its core, ORM is a behavioural discipline that demands a response rooted in behavioural dynamics to determine causation before an event occurs, that results in measurable, unintended impacts. It is impossible, without further information to analyse the Morgan Stanley incident in any further detail and it poses more questions than answers at this point. If these traders are found to have concealed their losses deliberately, questions will need to be answered about the strength of the internal control framework, particularly in an era of such heightened scrutiny around culture and conduct. It serves as a healthy reminder that several interrelated components of ORM continue to pose innumerable challenges to practitioners in their quest for the effective identification and management of operational risks, particularly where people are involved.
If you would like to discuss ORM in further detail and how the detailed research findings may help your organisation evolve your ORM approaches, please get in touch.
References
Ashby, S. (2011) Picking up the pieces – risk management in a post crisis world: recommendations for financial institutions and their regulators. Nottingham: Financial Services Research Forum, University of Nottingham and Financial Services Knowledge Transfer Network [pdf] [ONLINE]
Bott, J and Milka, M (2017) Management of behavioural risk in the first line of defence. Journal of Operational Risk 12(3), 65–77 [ONLINE]
Feria-Dominguez, J.M. and Jimenez-Rodriguez, E (2017) Toward an efficient people-risk capital allocation for financial firms: evidence from US banks. Journal of Operational Risk 12(4), 71–94 DOI:10.21314/JOP.2017.198 [ONLINE]
St-Onge, E; Belov, E; Gürdeniz, E and Siddique, M (2019) Measuring conduct and culture: From metrics to meaningful insights. Oliver Wyman [ONLINE]
[1] “The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events” (BCBS, 2002)
Back to blog