OpRisk Management and Mitigation - from Assessment to Implementation

Operational Risk Management (ORM) is an effective tool for not only maintaining but increasing, bank profits, shareholder value, public perceptions and goodwill. Executed properly, improvements in ORM can lead to substantial financial, reputational and regulatory benefits – all this adds to increased profitability, greater financial stability and improved customer satisfaction. But to achieve these gains, financial institutions must apply a consistent and comprehensive approach to managing their operational risks. They must also understand that this approach is fundamentally different from the approaches that they use in managing market, credit and liquidity risks.

Bad Operational Risk Management has a severely negative effect on financial institutions in four very clear ways:

Actual operational risk losses are a direct hit to the income statement.

The market punishes companies, via the stock price, for operational risk failures and this loss could well exceed the actual financial loss experienced.

Lowered Credit Ratings, which raises the institutions cost of borrowing money in the marketplace.

Operational risk failures can vastly increase the cost of compliance by raising the level of regulatory scrutiny and complexity not to mention substantial penalties.


The objectives of this training course is to provide all staff, irrespective of whether they work in the front-, middle- or back-office, with a sound foundation in the theory and practice of Operational Risk Management. This training is provided in a practical "hands-on" manner that allows them to implement what they have learned easily and effectively.

What this course covers

This course provides a complete structured package for learning in all main aspects of the subject of Operational Risk. It will enable participants to prepare and manage the planning and implementation of operational risk management processes in their bank/ financial institution or firm.

Key objectives and learning outcomes

The aim of the course is to provide:

Illustrate risk in all its facets

What the Basel Accords say about operational risk and its mitigation

Listing operational risk techniques for assessing, managing and mitigating operational risk

A link between ORM theory and practice

A clear road-map on how to implement an ORM structure in practice in a banking organization

DAY 01 (8:30 AM - 5:30 PM)


What is risk?

Operational Risk – The big picture

A short history of risk

Dimension & drivers of risk management

Business drivers

Regulatory drivers

Rating Agencies & risk

Cross-border implications

What is the value of Operational Risk Management?

Risk Types

How we categorize risks

What is covered under Basel II?

Risk categories

Basel’s risk coverage

Operational risk categorization

The financial risk management environment

The operational risk management environment

The technical Implications of operations risk management

Risk & Capital - An Introduction to Basel I, II and III

What is capital?

Capital in financial institutions

The BIS capital standards

Basel’s three pillars

Basle’s operational risk options

Implementation considerations

Implementation of Basel

The Pillar II maze

Implementation issues

Managing Operations Risk

The governance process

Setting risk management objectives

Building a risk culture

Examples of a staff risk culture

Examples of management risk culture

Why are risk cultures important?

Compliance requirements

Operational risk – definition and examples

Enterprise Risk Management

Key elements in managing operations risk

A selection of case studies to illustrate the material covered

The banking activity framework - the “Top-Down” approach of the BIS

Main areas affected by operational risk

Key Risk Factors

Operational Risk –Practical Examples

Participants are led through a series of operational risk failures in recent years aimed a illustrating the wide variety of operational risks that can be encountered.

Case Study: We take detailed look at the 2007, US$ 7.2 billion loss at SocGen, its causes, the key warning signals that were overlooked, and the consequences for the financial industry.

Key Elements in Managing Operational Risk

The core issues in managing operational risk

Risk Analysis

Determining the “Risk Appetite”

Risk impact/ Event frequency

Impact vs. Probability

A generic case study

Operational Risk Financing

Risk financing

Optimizing risk & reward

The cost of risk

The operational risk financing program

Operational risk financing mechanisms

How financing methods are applied

Methods & Models

Measurement methods

The Loss Modeling Method

Monte Carlo simulations

Operational risk & bank strategy

Quantitative & Qualitative approaches

Key Risk Indicators (KRIs)

Operational risk & the business cycle

Problems in identifying operational risks

COSO ERM Framework

COSO - an integrated risk management framework

The COSO framework

Codification of the 17 COSO Principles

The Black Swan

The challenges of outlier events for contingency planners

Understanding a “Black Swan” event and its principal characteristics.

We examine the nature of a Black Swan event

Challenges for Planners, Strategists and CEOs.

How can you mitigate a Black Swan event?

Case Study: Can recent outlier events, like the eruption of Iceland’s Eyjafjallajökull volcano, the Deepwater Horizon catastrophe and the Japanese Tsunami be seen as black swan events? Gain a deeper insight into some of the subtleties of operational risk in the real world.

Operations Risk & Basel (II and III)

The BIS definition of operational risk

BIS standards for managing operational risk

Basic Indicator Approach (BIA)

Business Lines Approach

Advanced Measurement Approaches (AMA)

Loss event types

Criteria for the Advanced Measurement Approach

All Basel material is current and up-to-date in terms of current BIS developments

Managing Operations Risk under Basel - A “Hands-on” approach

Basel Standards

Basel’s’ three approaches

"Sound Practices for the Management and Supervision of Operational Risk"

Principles for the management of operational risk

Sound operational risk governance

Each of the 11 Principles are examined in terms of their content, meaning and implementation factors


DAY 02(8:30 AM - 5:00 PM)



Developing an appropriate Risk Management Environment

Policy & structure

Developing an appropriate risk management environment


Mapping risks to controls

Understanding risks, goals and priorities

Prioritizing risk based on probability & impact

Establishing responsibilities for risk management

Mapping risk strategies to categories of control

Designing & Documenting specific controls

Implementing risk management controls

Defining the Categories of Operational Risks

We examine the BIS categories of operation risk in terms of specific examples. The categories covered are:

Internal Fraud

External Fraud

Employment Practices and Workplace Safety

Clients, Products & Business Practices

Damage to Physical Assets

Execution, Delivery & Process Management

Business Disruption & System Failures

Products & Operations Risk

Case Study: The US Sub-Prime Mortgage Crisis

The 2008 Global financial crisis was triggered by the Sub-Prime Mortgage problem in the United States. This case study clearly illustrates how insufficient or total lack of attention to Operations Risk in the detail and stress testing of the Mortgage Product, its various derivatives as well as the processes and operations led to financial meltdown in the US and its contagion across the globe.


Causes & Consequences – The Bow Tie

The math of operational risk management

Causes & consequences of loss events and what they tell us

The Bow Tie Diagram – building and using this method to create effective operational risk management controls

Methods for Assessing Operational Risks

Four basic assessment methods

Loss data collection (internal & external)

Using loss data

Internal data

External data

Scenario analysis

Using scenarios

Tabletop/ Desktop exercises

Making tabletop exercise effective

Why exercise? Why use scenarios?

Statistical techniques

Desktop Exercise: Scenarios form the basis for a desktop exercise in which participants use and develop their newfound operational risk management skills to work through the simulation of a real risk event.

A Risk Assessment Model

The process

Environmental survey

Technology inventory

Identifying & assessing the operational risks (including an illustrative operations risk management plan)

Minimum control requirements

Risk identification tools

Current Operations Risk Management Themes in Banking

New technologies and practices are changing the nature of bank operational risk in many dramatic ways. In this section we explore a selection of current “risk themes” and get to grips with how the operations risk profile is changing in the constant struggle between profit and prudence.

This is a fast changing area and this section of the course is being constantly updated.


Kweku Adoboli – from rising star to rogue trader

This case study on a recent event provides an in-depth examination of operational risk management failures resulted in substantial losses to UBS. We look at what went wrong and why and what lessons can be learned from this series of events.

Why and how were the lessons of the 2007 SocGen event ignored?

Included in this case study we have a special section on rogue traders generally in which we deal with issues such as;

The psychology of the rogue trader

Types of traders

The FSA investigation and their findings

Ranking Adoboli in the rogue traders league

4:00 pm -4:30 pm - Course Wrap-up