The role of operational risk in COVID-19

  • Subscribe to updates

  • Privacy
  • This field is for validation purposes and should be left unchanged.

With the UK government now clearly gearing up for its coronavirus (or COVID-19) response, it’s important for financial services firms to consider what they should be doing as well. Below are some best practices that the team at RiskLogix believe firms – and in particular their operational risk teams – should be engaging in at the moment:

  1. Ensure a COVID-19, or coronavirus, response team is set up – Organizations should have a team coordinating the firm’s response globally, and operational risk should have a seat on this team. Operational risk should also be involved in any regional or business line-based sub-teams that are set up. These teams should be able to use existing business continuity planning resources as a starting point if these have been drawn up correctly. Help the teams to proactively identify and manage operational risks that are emerging – for example, compliance risks that might surface as a result of employees working off-site or from home for an extended period of time.   

  2. Consider the relationship between credit risk, market risk and operational risk – While it is too early to say how big the economic impact of the coronavirus, or COVID-19, will be, it’s becoming increasingly clear that there will be one, and this will have implications for both credit risk and market risk at firms. Experience has shown that operational risk events often surface when the economic cycle turns – for example, with the Financial Crisis of 2008, mortgage fraud conducted months and years earlier accelerated the nature of an economic downturn. Already some operational risk incidents have bubbled to the surface – for example, some retail brokers in the US have experienced technology issues as a result of heavy equity trading volumes, including Robin Hood, Fidelity, TD Ameritrade and Charles Schwab. It could be a good time to proactively re-examine areas of known control weaknesses or underinvestment, or to have discussions with areas of the business that will be impacted about how to manage risks that may emerge.

  3. Revisit results of pandemic scenario exercises – Many organizations will have run pandemic scenarios at some point over the past decade as part of their operational risk scenario analysis programme, because of previous threats such as Ebola and SARS. If the results of these exercises have been documented, it is a good idea to revisit them for fresh insight into risks and controls relevant to the current situation. Share these insights with other members of the COVID-19 response team. If such a scenario exercise has not been run in the past – or even if it has – it could be a good idea to take the time to run one now with the team now, based on the impact of one or two economic scenarios on the organization.  

  4. Ramp up operational resilience – Re-read the UK Financial Conduct Authority (FCA) recent consultation paper on operational resilience in light of the current COVID-19 situation. It can provide an excellent framework for thinking about the current situation. For example, identify important business services, and then map the people, processes, technology, facilities, and information that’s needed to keep them operational. Then identify vulnerabilities and how those could be made safe, including potential issues with third parties. Also consider the communications programmes that might be needed, and extra responsibilities that may rest on individuals as a result of the Senior Managers & Certification Regime, in light of the pressures and risks that COVID-19 could create.

  5. Be ready to learn lessons – Although there have been pandemic threats in the past, this is the first one to fully crystalise in many countries for some time. As a result, there will be lessons for boards, senior managers, and all three lines of defence to learn from the current situation. Consider now how the operational risk team can capture loss events, emerging risks, and control effectiveness information throughout the current crisis and share this information once the crisis is over. Consider now what kind of reports could be produced and the structure of a lessons-learned process.

To steal a phrase from the UK government, it’s important that firms hope for the best but prepare for the worst. Operational risk teams have the opportunity to add significant value to firms’ COVID-19 preparations, helping to improve outcomes for employees, customers, and other stakeholders. 

Related Posts

Effective business continuity & operational resilience are both outcomes of good risk management
There has been some debate whether Operational Resilience (OpRes) and Business Continuity Management (BCM) are the same discipline, different disciplines, or similar areas but with differing degrees of granularity. It is arguable that OpRes is customer centric in that it looks at the threats and vulnerabilities to the services provided to the customer, whereas BCM …

Effective business continuity & operational resilience are both outcomes of good risk management Read More »

Digitising Risk Management – Time to ditch the spreadsheet
It is a recognised issue in the industry that the most widely-used risk management software tool is actually provided by Microsoft – and it’s called Excel. And it’s only a partial solution – at best While tier one financial institutions have been early adopters of large, complex risk management software solutions, due to both sophistication …

Digitising Risk Management – Time to ditch the spreadsheet Read More »

Long term value from ESG – the Importance of embedding a true ESG culture in your organisation
ESG, Environment, Social, Governance reporting seems like a good thing!  Being associated with ESG practices has a positive effect on the brand, which helps organisations to sell more products and services. Meta-analysis of over 1,000 studies published between 2015 and 2020 conducted by NYU Stern and Rockefeller Asset Management found a strong correlation between ESG …

Long term value from ESG – the Importance of embedding a true ESG culture in your organisation Read More »