Skip to content

Integrating Compliance Programs into your Operational Risk Management Program

Answered by: 

Question: 
Among credit risk, market risk and operational risk, developing a good operational risk management program seems to be the most challenging. Can't our existing compliance processes (e.g., AML, Red Flags, GLBA, etc.) contribute to operational risk management?
Answer: 

According to the Basel Committee, Operational Risk Management is one third of the standardized capital risk definition process - and it is the most challenging due to its diversity. Operational Risk consists of:

  • Internal fraud. - (e.g., intentional misreporting of positions, employee theft, and insider trading or fraud on an employee’s own account.)
  • External fraud. - (e.g., robbery, forgery, check kiting, identity theft and fraud, e-banking fraud, and damage from computer hacking.)
  • Employment practices and workplace safety. (e.g., workers compensation claims, violation of employee health and safety rules, organized labor activities, discrimination claims, and general liability.)
  • Clients, products and business practices. (e.g., fiduciary breaches, misuse of confidential customer information, improper trading activities on the bank’s account, money laundering, and sale of unauthorized products.)
  • Damage to physical assets. (e.g., terrorism, vandalism, earthquakes, fires and floods.)
  • Business disruption and system failures. (e.g., hardware and software failures, telecommunication problems, and utility outages.)
  • Execution, delivery and process management. ( e.g., data entry errors, collateral management failures, incomplete legal documentation, unapproved access given to client accounts, non-client counterparty mal-performance, and vendor disputes.)

Most banks are already performing some form of compliance and mitigation program in each of these areas, either in response to regulatory demands or best business practices. But an Operational Risk Management program, as invisioned under Basel, would provide some degree of integration for these frequently unconnected efforts.

In particular, BSA/Anti-Money Laundering, ID Theft Red Flags and GLBA already require risk assessment in several of the above areas (e.g., internal/external fraud; clients, products and business practices; and, execution, delivery and process management). Additionally, under the Basel II "Standardized Approach" to calculating operational risk as a component of the capital charge, the business lines identified substantially overlap the enterprise risk categories to be assessed under AML and Red Flags requirements. These requirements should be integrated to reduce cost, improve performance and increase the benefits of composite risk knowledge to the bank.

BANKDetect has developed a Free White Paper covering these issues and outlining several integrated programs that have already been developed. BANKDetect has been supporting risk management policies and programs such as fraud prevention, AML compliance and ID Theft mitigation for over a decade. Our consulting and advanced, integrated analytical solutions offer the full range of risk containment capabilities from account opening to risk assessment and activity monitoring. Contact BANKDetect TODAY.

First published on BankersOnline.com 12/08/08

First published on 12/08/2008

Search Topics