The role of operational risk in COVID-19

  • Subscribe to updates

  • Privacy
  • This field is for validation purposes and should be left unchanged.

With the UK government now clearly gearing up for its coronavirus (or COVID-19) response, it’s important for financial services firms to consider what they should be doing as well. Below are some best practices that the team at RiskLogix believe firms – and in particular their operational risk teams – should be engaging in at the moment:

  1. Ensure a COVID-19, or coronavirus, response team is set up – Organizations should have a team coordinating the firm’s response globally, and operational risk should have a seat on this team. Operational risk should also be involved in any regional or business line-based sub-teams that are set up. These teams should be able to use existing business continuity planning resources as a starting point if these have been drawn up correctly. Help the teams to proactively identify and manage operational risks that are emerging – for example, compliance risks that might surface as a result of employees working off-site or from home for an extended period of time.   

  2. Consider the relationship between credit risk, market risk and operational risk – While it is too early to say how big the economic impact of the coronavirus, or COVID-19, will be, it’s becoming increasingly clear that there will be one, and this will have implications for both credit risk and market risk at firms. Experience has shown that operational risk events often surface when the economic cycle turns – for example, with the Financial Crisis of 2008, mortgage fraud conducted months and years earlier accelerated the nature of an economic downturn. Already some operational risk incidents have bubbled to the surface – for example, some retail brokers in the US have experienced technology issues as a result of heavy equity trading volumes, including Robin Hood, Fidelity, TD Ameritrade and Charles Schwab. It could be a good time to proactively re-examine areas of known control weaknesses or underinvestment, or to have discussions with areas of the business that will be impacted about how to manage risks that may emerge.

  3. Revisit results of pandemic scenario exercises – Many organizations will have run pandemic scenarios at some point over the past decade as part of their operational risk scenario analysis programme, because of previous threats such as Ebola and SARS. If the results of these exercises have been documented, it is a good idea to revisit them for fresh insight into risks and controls relevant to the current situation. Share these insights with other members of the COVID-19 response team. If such a scenario exercise has not been run in the past – or even if it has – it could be a good idea to take the time to run one now with the team now, based on the impact of one or two economic scenarios on the organization.  

  4. Ramp up operational resilience – Re-read the UK Financial Conduct Authority (FCA) recent consultation paper on operational resilience in light of the current COVID-19 situation. It can provide an excellent framework for thinking about the current situation. For example, identify important business services, and then map the people, processes, technology, facilities, and information that’s needed to keep them operational. Then identify vulnerabilities and how those could be made safe, including potential issues with third parties. Also consider the communications programmes that might be needed, and extra responsibilities that may rest on individuals as a result of the Senior Managers & Certification Regime, in light of the pressures and risks that COVID-19 could create.

  5. Be ready to learn lessons – Although there have been pandemic threats in the past, this is the first one to fully crystalise in many countries for some time. As a result, there will be lessons for boards, senior managers, and all three lines of defence to learn from the current situation. Consider now how the operational risk team can capture loss events, emerging risks, and control effectiveness information throughout the current crisis and share this information once the crisis is over. Consider now what kind of reports could be produced and the structure of a lessons-learned process.

To steal a phrase from the UK government, it’s important that firms hope for the best but prepare for the worst. Operational risk teams have the opportunity to add significant value to firms’ COVID-19 preparations, helping to improve outcomes for employees, customers, and other stakeholders. 

Related Posts

Actionable Insights: Automating Workflows and Assigning Tasks for Effective Operational Risk Management
In the dynamic financial services landscape, operational risk data has emerged as a strategic asset for organizations seeking to strengthen their resilience and business performance. By harnessing all available data sources, including expert-driven assessments like Risk and Control Self-Assessments (RCSAs), and integrating them into robust technology platforms, firms can gain unparalleled insights into their risk …

Actionable Insights: Automating Workflows and Assigning Tasks for Effective Operational Risk Management Read More »

Data is King: Building a Golden Source of Risk and Control Information for Banks
In the ever-evolving world of financial services, data has emerged as the new ruler, holding the capability to unlock operational proficiency, mitigate dangers, and confirm adherence to regulations. For banks, possessing a centralized, thorough, and easily accessible collection of risk and oversight material is no longer an extravagance; it’s an indispensable necessity for survival and …

Data is King: Building a Golden Source of Risk and Control Information for Banks Read More »

How to Foster a Culture of Risk Awareness in Your Bank: The Role of GRC Technology
The financial industry underpins the entire economic system by fostering trust and stability. Banks, a cornerstone of this ecosystem, play a critical role for individuals and businesses alike. For individuals, they act as trusted custodians, safeguarding hard-earned assets in the form of checking and savings accounts.  On a broader scale, banks facilitate commerce by offering …

How to Foster a Culture of Risk Awareness in Your Bank: The Role of GRC Technology Read More »