Managing the Operational Risks
This report basically highlights the flaws that exist in AlphaDelt Bank’s operational framework going by the case study that was presented. It begins by giving the reason as to why this report was prepared and for whose benefit. It goes on to define operational risk and of what importance it is to any financial institution. It then goes on to point out the potential financial threat that these flaws can have on the bank.
The information in the case study concerning AlphaDelt is riddled with a lot of information that is not relevant to operational risk management. This report sets out to pick the necessary information, ascertain the missing information through inferences and finally associate the evidence obtained from the different parts of the case and put it together with the conclusion.
The report enumerates the various failures within the operational framework of AlphaDelt. First of all, the policy that is in place regarding operational risks is sloppy. Then there is the issue of governance structures which facilitate the occurrence of operational risks rather than reduce the likelihood of their occurrence. The bank lacks tools for operational risk management such as self assessment, risk mapping, risk indicators, escalation triggers and loss event model (Kimber 2000, 10; Kessler & Co, 2000).
AlphaDelt appears to have no measures in place that can mitigate losses resulting from operational risks. The management structure also does not favor efforts by concerned colleagues who want to raise an issue about certain malpractices that they may have witnessed (Lopez & Saidenberg 2000, 155). There is a breakdown of communication hence working as different units towards achieving the objective of reducing the chances of operational risk occurring becomes increasingly difficult.
It is apparent from the AlphaDelt case study that major flaws exist within the bank’s operational risk structures that give rise to losses that had not been foreseen.
The purpose of this report is to filter out all the irrelevant information. There is a lot of information that is false, biased and impertinent. This report will establish information that is missing through inferences so that an accurate reflection of what exactly took place can be obtained. Finally, all the evidence that is scattered all over the case will be identified and integrated to the conclusion.
Operational risk refers to the exposure to losses of any financial institution that are brought about by mistakes such as computer failures, conspiracies such as fraudulent activities by staff and its effects on the day to day running of the institution.
Operational risk is also associated with error on the part of the human resource, systems failure and insufficient controls and procedures in information systems or internal control that would lead to losses that were not expected (Cruz 2004, 59; Jobst 2007, 63; Sahay, Wan & Keller 2007, 39).
According to the AlphaDelt’s case study, it is apparent that there are a lot of loopholes in the bank’s system that some unscrupulous staff members exploit for their own benefit. These glaring inadequacies that riddle the bank’s system should be dealt with by the bank as matter of urgency so as to cut back on the losses that it incurs as a result of those loopholes (NetRisk 2000).
Some of the inadequacies that come out of AlphaDelt’s case concern competence. The people who have been charged with running the operational risk department give the impression that they are clueless as to what operations in that department entail. This blatant display of incompetence especially in such a sensitive department such as the operational risk department leaves a lot to be desired about that organization. What is worse is fact that the institution in question is a financial institution. It is expected that such institutions should be conversant with such matters because they fall under their domain (King, 2001; Young, 2000).
The apparent weak structures that have been put in place to curb losses that may arise as a result of operational risks speak volumes about the organization as well as its policies towards operational risk management. One can deduce that the senior managers of AlphaDelt have done very little with regard to raising the awareness of their staff with regards to the importance of operational risk management. It is also likely from the look of things that the senior management itself attaches little value to operational risk management (Shih, & Samad-Khan, 2000).
Failures within the operational framework of AlphaDelta group
The incident that took place in AlphaDelta Bank was an eye opener to the management of the bank. It revealed a myriad of loopholes that insidious staff members exploited for their own benefit at the bank’s expense and got away with them undetected (Avery and Milton 2000, 66; Kimball, 2000).
For starters, to say the bank has got a very sloppy policy with regards to whistle blowing is an understatement of magnanimous proportion. When Helen found out that Mark was engaged in some unscrupulous activities and wanted to raise a concern about it, she was shell-shocked to find out that the bank’s policies with regards to whistle blowing were overly simplistic and ambiguous. In addition to that, they were not employee friendly in that they did not offer any incentives to those staff members who were willing to come forward with information implicating his/her colleagues who are involved in unbecoming activities for their own benefit at the banks expense (Alexander 2003, 130).
The fact that the bank did not have the best policy with regard to whistle blowing is an open secret. Of much importance is the fact that Mark, director of sales and marketing, had noted this and had gone ahead to formulate a very elaborate plan on how he was going to use this to his advantage. His preconceived plan of embezzling funds from the AlphaDelt had been hatched for a long time. The fact that a person of his caliber could devise such a plot to fleece the bank was an indicator that something was awfully wrong about the bank’s operational risk management structures if there were any.
For starters, he bullied his subordinates around and managed to instill fear in them. This way, no one would dare cross his path, let alone question him about anything concerning how he ran the department he was in charge of. Everyone Helen approached with issues that concerned Mark’s malpractices preferred to keep a wide berth. This was proof enough that Mark’s tactics had been effective thus far.
Mark had managed to earn the trust and friendship of his peers as well as his seniors. He had unduly earned the unenviable reputation of someone who solved problems and got things done when it came to work related issues. Therefore, anyone who wanted to portray Mark in bad light in the eyes of senior management had his or her work cut out for them. Case in point is when Kelly Feingold tried to persuade her friend Helen to let the matter slide as her immediate boss were buddies with Helen’s and her concerns would at best be shrugged off by Steve.
Mark had the reputation of turning up with the freebies. Treats such as a box at the FA cup final, front row tickets for concerts and cases of vintage wine bought him the admiration of every employee in AlphaDelt. It would be hard to associate such a person with untoward behavior and not meet any resistance from his colleagues who saw him as the coolest boss ever.
The issue of incompetence also arises when one critically analyses AlphaDelt’s case. Kelly Feingold, Helen’s friend works in the operational risk department. As such, she ought to know everything there is to know with regards to any issues that concerns her department. Her work involved helping firms to identify, assess and manage risks. Apparently, this is not the case. When Helen seeks her audience in relation to issues that touch on her domain, she is absolutely clueless as to how to go about the whole matter. She does not know if she can investigate the director, her boss, nor whether she is allowed to do so. She instead halfheartedly tries to dissuade Helen from pursuing the matter further. She was of the view that such issues were normal in upper echelons of management of any company (Jobst, 2010).
From AlphaDelt’s case study, one can tell that few if any operational risk management measures have been put in place. The structures that have been established to curb losses that come about as result of operational risks are at best weak and would be of little use in the effort of mitigating losses that arise out of operational risks. After it had become apparent that something was amiss in the marketing department as e result of Helen’s concerns, nothing concrete was reported to have been done to contain the situation. In fact, instead of alarm bells ringing all over the place, some senior managers had the audacity to come to Mark’s defense.
The action of senior managers defending one of their own instead of being concerned about the alleged losses the institution incurred as a result of his actions was a clear indicator that they were colluding with Mark to embezzle funds from the institution. It makes no sense at all for a person charged with looking after the interest of an organization showing no interest at all when the organization is exposed to the danger of losing money (Jewell, 2000).
The attitude of the senior managers towards operational risk management is a very poor one given the positions they hold within the organization. This can only mean that one expects their subordinates to mirror the same kind of attitude or even worse.
Finally, there had to be people within AlphaDelt who were accomplices of Mark if the information from the case is anything to go by. Some senior level managers put up a strong resistance to the investigation that had been launched against the misdeeds that had been perpetrated by Mark. When Helen went to see chief internal auditor, Keith Garret, about the grievances she had concerning Mark, he was quick to pour cold water on her quest trying his best to portray Helen’s as a lost cause. This could only mean that he was in on the deal considering that he did not even attempt to verify Helen’s claims against Mark.
Operational risks can be the cause of substantial unexpected losses for any financial institution. It is therefore imperative for any financial institution that wants to reduce or mitigate operational risks to put relevant preventive measures in place that will achieve that objective.
In order for AlphaDelta to remedy its situation, it has to realign its structures and adopt certain practices that will facilitate the management of operational risks within the bank. For starters, the authorities within the bank need oversee the development and implementation of comprehensive policies with regard to whistle blowing. The policies should spell out clearly the steps one should take when they want to raise an issue about any malpractices that they may have witnessed. The policies should offer protection to whistle blowers and assure them they are not going to be victimized for their action. The authorities should reward anyone who comes out with information that will save the company from incurring losses (Chofaras 2004, 159).
The governance structures in AlphaDelt Bank should be altered in such a way that there is no room for the big man syndrome. All staff members should interact in a way that does not make one feel inferior or intimidated, regardless of seniority. This will foster a harmonious working environment hence productivity is enhanced. All decisions on behalf of the bank should be arrived at consultatively (Hans-Ulrich 2003). The culture of consensus building should be promoted to reduce the chances of some people being tempted to exploit the bank.
The authorities should consider developing a formal operational risk management structure that clarifies the relevant competencies and responsibilities of the various business areas and the hierarchical levels in the bank. The first step towards this direction is ensuring that there is a systematic reporting of operational risk up through the hierarchy to the top level (Gordy 2000, 121).
The issue of competence should be looked into with earnest in all departments in the bank. For any individual to be given the authority to run any department within the organization, he should demonstrate that he or she has a commanding knowledge of every aspect in that department. This ought to be done more rigorously in the operational risk department because the operations on this department directly touch profits, the lifeblood of any organization (FSA, 2000).
The bank should formulate policies that allow the recruitment of senior managers who demonstrate that they attach much value to operational risk management. This is very important to any organization because the management ultimately influences the attitudes of their subordinates. If the management places high value on operational risk management the views as well as the attitudes of their subordinates will reflect those of their seniors.
AlphaDelt Bank should develop and implement tools for operational risk management. Tools such as self assessment, risk mapping, risk indicators, escalation triggers and loss event models. These facilitate the reduction and mitigation of operational risk. Adoption of good practices such as taking insurance cover against operational risk will go a long way towards mitigating losses that accrue as result of operational risk (British Bankers’ Association, 2000).
The poster presentation below briefly highlights some of the concerns that AlphaDelt had to deal with regarding operational risk management. First there are the causes of operational risk followed by the practices that AlphaDelt needed to approach to contain the losses that resulted from those causes.
Organizations should ensure that issues regarding competency are vigilantly addressed. Every employee of any organization should be assigned duties based solely on merit. Only employees with the relevant skills, expertise and commanding knowledge of their subject matter should work in any department within the organization. This way, organizations will be sure to mitigate the risks and the resultant losses occasioned by operational risk.
Managers wield immense influence on their subordinates. Their viewpoints, mindsets, as well as attitudes will have an impact, no matter how little, to their subordinates. Institutions should therefore ensure that before recruiting any senior management staff, their priorities as well as attitudes should be scrutinized rigorously.
Operational risk management entails identifying the root cause of operational risks. In our case we can cite incompetence on the part of staff members with regard to operational risk management, weak organizational structures and complacence on the part of management.
The above causes were largely responsible for the loss that AlphaDelt incurred as a result of Mark’s malpractices. The bank had an operational management department although it was woefully deficient hence it could not deal with issues of operational management that had arisen in the institution.
The bank’s lines of defense include a very flimsy whistle blowing policy that could not help the institution mitigate the risks that arose. The institution can implement various types of controls. They include preventive, detective, corrective as well as directive. Preventive lines of defense include employing people who are competent in the operational risk department, taking insurance cover against losses that arise out of operational risk management. Detective controls include finding out what is the cause of operational management policies and coming up with effective solutions.
Operational risk strategy
Operational risk strategy is informed by the objectives of the organization. The risk management process comprises steps. These steps are 1) determining the objectives of the organization, 2) identifying the risk or exposures to loss, 3) Risk assessment and measuring, 4) Devise measures to control and mitigate risks, 5) implementing risk mitigation and control measures, and 6) monitoring the results. The fundamental objective of any organization—growth, for example—will inform its strategy for managing risks. Identification and measurement of risks are relatively straightforward concepts.
Risk identification entails finding out what was the cause that resulted to AlphaDelt incurring losses. The bank’s senior management is obligated to establish what occasioned the losses they suffered before deciding on what to do about it.
Risk assessment and measurement
At this stage of operational risk management, quantitative and qualitative measures should be applied by the bank to help determine the exact scale of the losses that were incurred by the bank as a result of operational risks. Risk assessment also sets out to ascertain the likelihood of the risk occurring again and the potential losses that will come with it.
Risk mitigation and control
At this stage the senior management are supposed to determine the specific strategies and tools that will effectively mitigate or eliminate the risks that they would have identified. All risks have three components in common; the likelihood of occurrence, severity of the resultant loss and the exposure of people and institutions to risks. The management should then analyze and decide on the most effective strategy or combination of strategy that will reduce or eliminate the risks inherent in their institution. This analysis must take into account overall costs and benefits of the actions that they are about to take and should also provide alternative options if possible. The most effective tools or strategies should then be implemented based on a plan.
Once the strategies and tools are in place, the whole process of risk management should be monitored on a regular basis to ensure that they remain effective. Managers as well as workers at all levels are obliged to fulfill their respective duties to ensure that the measures and controls are maintained in the long run.
Records depicting the effectiveness of the risk control measures with respect to reducing or eliminating the risks faced by the bank should be made and reviewed as often as possible. These records are crucial because they give an indication of whether the bank’s objectives with regard to controlling risk have been met or not.
Operational risk management is imperative for any organization in its efforts to mitigate the risks that it is exposed to while undertaking its operations. The senior management in any institution should make it a priority to impress upon their subordinates the importance of operational risk management. Any organizations ultimate objective is growth. This objective should inform the operational risk strategies that are vital for any organization to devise in its quest to reduce or eliminate operational risks inherent in the organization. The formulated strategies will be instrumental in assisting organizations to identify risks, measure and assess them, control the risks and constantly monitoring the strategies to ascertain whether they are still effective. In order for the implemented strategies to be efficient in mitigating and eliminating risks, all the employees of an organization regardless of their seniority level should apply themselves wholeheartedly in the effort of risk reduction and eradication.
Alexander, C., 2003. “Statistical Models of Operational Loss.” In: Operational Risk. Regulation, Analysis and Management. Ft Prentice Hall Financial Times, pp. 129-170.
Avery, R. and Milton, P., 2000. Insurers to the Rescue? Operational Risk, Special Edition of Risk Professional, 61 – 69.
British Bankers’ Association, International Swaps and Derivatives Association and Robert Morris Associates, 2000. Operational Risk Management – The Next Frontier. The Journal of Lending & Risk Management, 38 -44.
Chofaras, D., 2004. Operational Risk Control with Basel II. Oxford: Elsevier Finance.
Cruz, M., 2004. Operational Risk Modelling and Analysis: Theory and Practice. London: Risk Waters Group.
FSA, 2000. Money Laundering: the FSA’s new role. FSA Consultation Paper 46.
Gordy, M., 2000. A Comparative Anatomy of Credit Risk Models. Journal of Banking and Finance 24, 119-149.
Hans-Ulrich, D., 2003. Operational risks in financial services an old challenge in a new environment. Credit Suisse group. Web.
Jewell, C., 2000. Lies, Damned Lies and Usable Statistics. Operational Risk Manager, pp.7-8.
Jobst, A., 2007. Constraints of Consistent Operational Risk Measurement and Regulation: Data Collection and Loss Reporting. Journal of Financial Regulation and Compliance, 23.
Jobst, A., 2010. The Credit Crisis and Operational Risk – Implications for Practitioners and Regulators. Journal of Operational Risk, Vol. 5, No. 2, 63.
Kessler & Co., 2000. Protecting Your Information Assets and e-Business Activities. Zurich: Net SecureTM.
Kimball, R., 2000. Failures in Risk Management. New England Economic Review, pp. 3 -12.
Kimber, M., 2000. Finding Value in a Collection of Losses. Operational Risk Manager, pp.11-13.
King, J. L., 2001. Operational Risk. New York: Wiley Finance.
Lopez, J. A. & Saidenberg, M. R., 2000. Evaluating Credit Risk Models. Journal of Banking and Finance 24, 151-165.
NetRisk, 2000. Methodology for the Classification of Operational Losses. NetRisk. Retrieved from www.netrisk.com
Sahay, A., Wan, Z. & Keller, B., 2007. Operational Risk Capital: Asymptotics in the case of Heavy-Tailed Severity. Journal of Operational Risk, Vol. 2 No.2.
Shih, J., A. & Samad-Khan, P., 2000. Is the Size of an Operational Loss Related to Firm Size? Operational Risk, 20.
Young, B., 2000. Quantification of Operational Risk. New York: Centre for Operational Risk Research & Education.