During the COVID-19 pandemic, in addition to dealing with financial challenges such as drop in assets or liquidity, organisations were faced with issues that go to the core of operational risk management - people, systems, processes and external environment.
Operational risk, defined by the Basel framework as arising from failures of processes, people, systems or external events, concerns itself with a broad range of threats, such as fraud, deliberate or accidental actions of employees, malfunctions of technological systems and broken processes. Put simply, it encompasses damages and losses that organisations could sustain due to risks other than credit and market risks. Consequently, financial services firms are required to not only hold capital aside to guard against such operational risk losses, but most importantly, manage this wide-ranging risk effectively.
This is particularly important during the pandemic, where at times of multiple lockdowns, staff moved to working from home (WFH) environment, and many of the day-to-day processes and controls have undoubtedly changed. The primary mechanism for understanding the change in the risk and control landscape of the firm is reliance on each and every employee to recognize, report and manage operational risks.
So what is risk and how can we help our employees to think about it? Without oversimplifying, risk is an intuitive concept, and we are taking risk-based decisions daily, perhaps without always realizing it. Our internal compass guides us; risk takers welcome thrilling situations and engage in bungee jumping, mountain biking and skydiving. Risk-averse, conservative individuals stay as far away as possible from anything remotely threatening, take precautions and buy insurance.
Similarly, within a corporate environment, it is essential to find ways of inspiring employees to think and talk about risk, in as many ways as possible.
- Encourage staff members to proactively consider risks within their daily processes and activities. This can be achieved by exploring simple open questions, such as what could go wrong, or what might prevent you from achieving your objectives, or if you were building this process from scratch, what would you be concerned about. The intention is to talk about risk in language the employees can easily understand, even better without using the actual word risk itself.
- Instil and promote a no-blame culture, supporting employees to raise their hand and speak up when things go wrong. This will enable the firm to quickly resolve the issues and prevent recurrence, and maintain a healthy, ‘no surprises’ environment.
- Examine failures and conduct lessons learned. Inevitably, mistakes will happen. It is vital to constructively focus on lessons learned, bringing the attention to celebrating improvements made as a result of the error rather than pointing fingers. Right attitude creates a positive risk management brand, a cornerstone of robust risk management culture, which is even more important during the pandemic times.
- Provide training and education. A combination of face-to-face and online modules with relevant examples that resonate with employees help to develop the right thinking.
- Establish accountability. Risk management is the duty of each and every employee, and not just the Risk Department. Incorporating risk management into employee goals and performance objectives goes a long way to instilling the right risk culture of the organisation.
Organizations where employees practice risk thinking and take ownership of operational risk management are less likely to suffer damaging incidents. They also stand a better chance of dealing with them effectively if they do occur.This article was written by Elena Pykhova and published on the Sunday Times of Malta on the 13th June 2021. Elena Pykhova is Executive Operational Risk at
Bank of Valletta.
Any views, assumptions or opinions expressed in this
article are those of the author. Issued by Bank of Valletta p.l.c., 58, Triq
San Żakkarija, il-Belt Valletta VLT 1130.
Bank of Valletta p.l.c. is a public limited company regulated by the
MFSA, licensed to carry out the business of banking and investment services in
terms of the Banking and Investment Services Acts (Cap.370, 371 of the Laws of