Operational Risk Report Insight

18 April 2017

By, Bachir El Nakib, Senior Consultant, Compliance Alert (LLC) 

This Operational Risk Management Report is prepared and issued by Risk Management Department (“RMD”) as assisted by Compliance Department, describing operations risk profiles and control and management practice in the “Bank” for the Q1 (0000)  (“Covered Period”).

1. Operational Risk: Definition, Risk Events and Management

Operational Risk is the risk of direct or indirect losses resulting from human factors, external events, and inadequate or failed internal processes and systems. Operational risk is inherent and relevant to every aspect of the Bank’s businesses and covers a wide spectrum of issues. Losses arising from fraud, unauthorised activities, errors, omission, inefficiency, systems failures or from external events all fall within the definition of the operational risk.

The objective of the Bank’s operational risk management is to manage and control operational risk in a cost effective manner within targeted levels consistent with the Bank’s appetite.

As reported by business lines and to our knowledge, there were no operational risk events taking place during the Covered Period.

 

Risk Events

For Q1 (0000)

Events

Value (‘000 USD)

Number

%

Amount

%

1

Internal Fraud

0

0

0

0

2

External Fraud

0

0

0

0

3

Employment Practices and Workplace Safety

0

0

0

0

4

Client, Products & Business Practices

0

0

0

0

5

Damage to Physical Assets

0

0

0

0

6

Business Disruption and system failure

0

0

0

0

7

Execution, Delivery & Process Management

0

0

0

0

Total

 

0

0

0

0

Compared with last period, inherent operational risk is rising but remain low and stable on the whole. Awareness of operational risk was persistently raised as a result of strict implementation of service management and strengthened supervision. 

2. Operational Risk Regulations and Policies 

No change in regulations regarding Operational Risk Management or Internal Operational Risk Policies and Procedures. 

3. Operational Risk Environment

Successful operational risk management is based on structured and effective control environment. The Bank maintained and strengthened the control environment during the Covered Period, as depicted below. 

Management Oversight and Segregation of Duties

A formal Governance structure provides oversight over the management of Operational Risk. The Risk Committee within the Bank meets at least quarterly to discuss key risk issues and review the effective implementation if the Bank’s operational risk management framework.

In each department of the Bank, business head are responsible for maintaining an acceptable level of internal control, commensurate with the scale and nature of operations. They are responsible for identifying and assessing risks, designing controls and monitoring the effectiveness of these controls such as measures featured by segregation of duties, dual work and checks and balance to help ensure prevention and detection of operational risks such errors and frauds. The operational risk management framework helps managers to fulfill these responsibilities by defining a standard risk assessment methodology and providing a tool for the systemic reporting of operational loss data and events.

Internal Policies and Manuals System.

The Bank established formal policies and manuals to ensure control environment is formal and documented. Each policy and manual has its owner and is approved and documented.

The following policies and manuals are constantly being reviewed: 

Policies & Procedures

Owner

ToR of Risk Management Committee

ToR of ALM Committee

Risk Officer

Treasury Officer

Provisioning Policy

FAD

Connected and Internal Transactions

COM

AML/CFT Manual

MLRO

Legal Risk Policy

COM

Sharing Information / Documents on Group Mutual Customers

MLRO

Know Your Employee Policy

Human Resources

 

All personnel are responsible for managing risks in their area of control in accordance with documented procedures. Risk Management Department as assisted by Compliance Department coordinate to facilitate the process and provide assistance and guidance, but responsibility resides with the personnel in each area concerned. Compliance Department is responsible for the communication of all operational risk policies and procedures and for the independent monitoring and reporting of operational risk activities and profiles. 

The Compliance Department leads the Bank’s compliance efforts in accordance with the established Compliance Manual. Compliance Officer promotes compliance culture, to minimise the compliance risk, advises management in line with Head Office requirements , assists in designing internal controls, monitors compliances with laws and regulations, liaises with solicitors, communicates with the regulator, and provides training to all staff in operational risk management, all of which helps raise staff awareness and enhance compliance controls.

As an important tool, each staff member upon joining the signed off Compliance and AML/CFT Undertaking evidencing understanding and well receipt of governing manuals, and subject to the Know Your Employee Policy, and subject to Induction on regulatory compliance and AML/CFTR training session to build compliance culture. All staff were subject to a comprehensive training session on regulatory rules requirements and FATCA implication during the covered period. 

4. Monitoring

Ongoing monitoring is built into recurring day to day operating activities, which is more effective and efficient than separate evaluations because they are real time. Those ongoing monitoring procedures include: 

a. Reconciliations for operating and financial reports

b. Regular communication with internal and external parties. 

All business functions have also developed and regularly maintain operating guidelines and procedures and individual staff must comply with these documented policies and procedures. Each business unit must complete an operational risk and control self-assessment at least on an annual basis to coincide with the annual strategic and business planning process. 

This process will allow the Bank to: 

·Identify the key operational risks which may prevent each business function from meeting its business objectives

·Measure risk through an assessment of the probability and impact of each identified risk

·Consider the controls in place or new controls required to mitigate each risk

·Develop action plans for the management of identified risks

·Understand the current risk profile

·Maintain the Branch Risk Register

Independent monitoring has also been performed by internal audit whose regular reviews and recommendations are valuable in fraud prevention and detection. 

5. New Product / Activities Development

To identify and mitigate operational risk brought about by new products, the Bank has established a new product procedure, which strictly requires pre-launch analysis of risks including compliance risk and other operational risks, and post-implementation review.

6. Legal Risk

No litigation initiated or imposed during the covered period imposed by any third party. 

External and Internal Audit, Regulatory and HO Inspection 

Regulatory Assessments

During the covered period, no regulatory risk assessment has been conducted. 

Internal & External Audit

Internal audit department carried out up to Q1 (0000) was finished during the covered period but findings were not reported till date. 

External audit was finished for the year 0000; the branch is awaiting findings from external auditor.   

Head Office inspection

During the Covered Period, inspection carried out by the Bank’s Head Office Accounting, Internal Control and Compliance Department in Q1 0000, the branch is awaiting findings from Head Office. 

Conclusions

As analysed above, we conclude the overall operational risk management system and controls have been established and functioning effectively for the covered period Q1 (0000).

 

- End of Report -

 

 

Download File