Operational risk management
Operational risk is defined as losses due to process, system or human failures, unexpected events or unenforceability of contracts. This class of risks has unlimited downside and can expose an institution to serious financial and reputational losses, as evidenced in recent well-publicized large corporate failures around the world. Similar to other financial institutions, the Bank is exposed to various types of operational risk, including the potential losses arising from internal activities or external events caused by breakdowns in information, communication, physical safeguards, business continuity, supervision, transaction processing, settlement systems and procedures and the execution of legal fiduciary and agency responsibilities.
The Bank Group’s operational risk activities
The Bank Group’s operational risk activities currently comprise improvements in the systems environment and process changes and are expected to also include the implementation of an integrated control framework. Over the last several years, the Bank Group has implemented wide-ranging reforms intended not only to improve the efficiency with which the Bank Group executes its mandate, but also to strengthen the overall internal control environment. Such reforms have included the following:
- The recruitment of new staff with the competencies required to remedy identified skills gaps;
- Increased attention to training, to equip staff with the skills necessary to perform effectively;
- The recently introduced mobility program to ensure staff rotation, thereby renewing motivation and avoiding risks associated with monotony of activities.
Process related reforms
- The update/formulation and dissemination of various rules and regulations, including the staff rules and the code of conduct/ethics;
- Business process reengineering across the entire Bank;
- Organizational changes and realignments;
- The elaboration of a Delegation of Authority matrix;
- The development of a 5-year strategic plan to align the allocation of resources to organizational priorities.
There has been a significant renewal of the information technology environment of the Bank Group, including the following:
- The consolidation of most of the transaction processing activities under a single integrated enterprise-wide software (i.e. SAP);
- The management of the Bank’s treasury activities in a state-of-the art software environment (i.e. SUMMIT/Numerix);
- The implementation of a major document archiving and retrieval system (i.e. the DARMS project), thereby permitting most important Bank documents to be electronically stored and retrievable, and accordingly facilitating the preservation of institutional memory.
External Events-induced changes
The Bank has a proven business continuity and disaster preparedness plan, to assure the immediate continuity of all essential operations in the aftermath of a disaster and the eventual continuity of all other operations. This plan is continuously updated and tested to assure ongoing readiness.
Each of the reform measures described above has contributed towards improving the overall operational risk profile of the Bank Group.