Nsight Blog | Ncontracts

Operational Risk Management

Written by Ncontracts | Oct 31, 2018 5:04:00 AM

Operational risk management is a continuous process by which a financial institution manages risks within its business functions. The risks addressed by operational risk management may come from faulty internal processes, human error or fraud, systems that do not work as they should, or events from outside the FI.

A bank or credit union may suffer loss due to an operational risk like catastrophic weather events, a cyberattack, fraud from internal or external sources, or a human error related to not following internal policies. Each of these risks is addressed through the operational risk management system.

Vendors contribute to operational risks because they take over some of the functions of the company. Their people interact with the company’s employees and possibly their customers. The company’s computer systems use data from the vendor as well.

Managing third-party service providers is an essential part of operational risk management, so there is some overlap with vendor risk management. When a vendor contracts out some of the work they are assigned by a bank to a fourth-party vendor, these risks also become a part of the overall operational risk.

The first step in operational risk management is to identify the risks using key risk indicators (KRIs). Once the risks are known, they need to be analyzed and assessed. With a full understanding of the current and long-term operational risks, high-level decision-makers must choose how to respond to those risks.

The risk control options chosen by the decision-makers are put into place. This can be done through changes in the systems and processes used in the financial institution. Training is another factor that can reduce operational risk. The final step in operational risk management is to evaluate the effectiveness of the changes. This cycle of management continues perpetually, starting over with identifying risks each time.

 

Related: Creating Reliable Risk Assessments