The role of operational risk in COVID-19

  • Subscribe to updates

  • Privacy
  • This field is for validation purposes and should be left unchanged.

With the UK government now clearly gearing up for its coronavirus (or COVID-19) response, it’s important for financial services firms to consider what they should be doing as well. Below are some best practices that the team at RiskLogix believe firms – and in particular their operational risk teams – should be engaging in at the moment:

  1. Ensure a COVID-19, or coronavirus, response team is set up – Organizations should have a team coordinating the firm’s response globally, and operational risk should have a seat on this team. Operational risk should also be involved in any regional or business line-based sub-teams that are set up. These teams should be able to use existing business continuity planning resources as a starting point if these have been drawn up correctly. Help the teams to proactively identify and manage operational risks that are emerging – for example, compliance risks that might surface as a result of employees working off-site or from home for an extended period of time.   

  2. Consider the relationship between credit risk, market risk and operational risk – While it is too early to say how big the economic impact of the coronavirus, or COVID-19, will be, it’s becoming increasingly clear that there will be one, and this will have implications for both credit risk and market risk at firms. Experience has shown that operational risk events often surface when the economic cycle turns – for example, with the Financial Crisis of 2008, mortgage fraud conducted months and years earlier accelerated the nature of an economic downturn. Already some operational risk incidents have bubbled to the surface – for example, some retail brokers in the US have experienced technology issues as a result of heavy equity trading volumes, including Robin Hood, Fidelity, TD Ameritrade and Charles Schwab. It could be a good time to proactively re-examine areas of known control weaknesses or underinvestment, or to have discussions with areas of the business that will be impacted about how to manage risks that may emerge.

  3. Revisit results of pandemic scenario exercises – Many organizations will have run pandemic scenarios at some point over the past decade as part of their operational risk scenario analysis programme, because of previous threats such as Ebola and SARS. If the results of these exercises have been documented, it is a good idea to revisit them for fresh insight into risks and controls relevant to the current situation. Share these insights with other members of the COVID-19 response team. If such a scenario exercise has not been run in the past – or even if it has – it could be a good idea to take the time to run one now with the team now, based on the impact of one or two economic scenarios on the organization.  

  4. Ramp up operational resilience – Re-read the UK Financial Conduct Authority (FCA) recent consultation paper on operational resilience in light of the current COVID-19 situation. It can provide an excellent framework for thinking about the current situation. For example, identify important business services, and then map the people, processes, technology, facilities, and information that’s needed to keep them operational. Then identify vulnerabilities and how those could be made safe, including potential issues with third parties. Also consider the communications programmes that might be needed, and extra responsibilities that may rest on individuals as a result of the Senior Managers & Certification Regime, in light of the pressures and risks that COVID-19 could create.

  5. Be ready to learn lessons – Although there have been pandemic threats in the past, this is the first one to fully crystalise in many countries for some time. As a result, there will be lessons for boards, senior managers, and all three lines of defence to learn from the current situation. Consider now how the operational risk team can capture loss events, emerging risks, and control effectiveness information throughout the current crisis and share this information once the crisis is over. Consider now what kind of reports could be produced and the structure of a lessons-learned process.

To steal a phrase from the UK government, it’s important that firms hope for the best but prepare for the worst. Operational risk teams have the opportunity to add significant value to firms’ COVID-19 preparations, helping to improve outcomes for employees, customers, and other stakeholders. 

Related Posts

When managing People Risk, what are the key indicators?
In this, our final blog on the topic, we discuss the Key People Indicators for risk management. Operational Risk Software can be key to supporting this discipline.    Taken from: Mastering Risk Management  If people are, as a category, a firm’s biggest potential risk, it’s fair to ask what indicators are available to monitor that risk, …

When managing People Risk, what are the key indicators? Read More »

How do you mitigate People Risk?
In this blog we talk about key strategies for mitigating people risk and present a table to demonstrate context. Operational Risk Software can be key to supporting this discipline.    Taken from: Mastering Risk Management  Creating the right risk culture will do much to reduce people risks. After that, the fundamental way of mitigating those risks …

How do you mitigate People Risk? Read More »

What does your bonus system say about your risk culture? And how does that affect People Risk?
In this blog we talk about pay, reward and bonuses and their effect on managing people risk. Operational Risk Software can be key to supporting this discipline.    Taken from: Mastering Risk Management  Reward Rewards are a key lever to drive employee performance, engagement and retention, as well as hiring. But reward is not just about …

What does your bonus system say about your risk culture? And how does that affect People Risk? Read More »