India’s banking and financial services (BFS) sector is poised to grow as the economy is expected to reach US $ 5 trillion by 2026. Experts estimate that the asset size of the banking industry grew from Rs. 152 trillion in March 2018 to Rs. 216 trillion by March 2023, with a compounded growth rate of 8.42 percent. With technological advancements, evolving business strategies, and shifting regulatory landscapes, the sector must constantly adapt to a new era.
The Reserve Bank of India (RBI) recently issued an updated guidance note to the banking and financial services sector, underscoring the importance of operational risk management (ORM). The central bank has insisted lenders improve their resilience by following a robust operational risk management program.
The BFS sector worldwide is also on the brink of a transformative phase in operational risk management. The impact of COVID-19 has accelerated this transformation in the industry by revolutionizing enterprise operations. The pandemic also exposed vulnerabilities in risk practices and models. It became clear that these models were technologically outdated, and there was a need for a thorough reassessment of risk practices. This meant that it was imperative now more than ever for banking and financial services companies to modernize their approach towards operational risk management (ORM).
What is Operational Risk?
Operational risk encompasses potential financial losses due to errors, data breaches, disruptions, or damages. Such incidents can result in substantial failures. The cause may be intentional or accidental. Sometimes, internal processes, systems, or external events lead to failures. Asset misappropriation, control failures, system breaches, product failure, and natural disasters also contribute to financial losses.
Risk management teams must reassess their operational risk management (ORM) strategies to ensure their relevance and effectiveness. Reassessment involves adapting approaches to address competing risks and priorities and enhancing organizational readiness for future challenges.
Transitioning from Risk Management to Resilience Building
The landscape remains dynamic as ORM advances, drawing insights from major incidents and lesser-known risks. Businesses constantly face new operational risks that demand continuous management.
A key challenge for ORM is identifying emerging risks within the operational framework. Inconsistent processes across functions and the absence of shared understanding exacerbate this issue. Operational risks, often intangible, pose difficulties in quantifying their impact. Think about this: how would it be possible to measure the reputation damage caused by a data breach? Doing that without the right processes and technology would be highly challenging.
Now, how can an organization cultivate resilience? From a practical perspective, risk management teams don’t need to overhaul their strategy entirely. Instead, they can enhance their current ORM approach.
Establishing an operational resilience framework begins with identifying, assessing, and prioritizing risks. Subsequently, organizations can formulate strategies to mitigate and address these risks. Following this, they must implement controls, accompanied by ongoing assessments of their effectiveness, to ensure they fulfill their intended purpose.
The next step involves identifying critical operations and setting impact tolerances to mitigate disruptions. Simultaneously, robust business continuity programs and response strategies are necessary for prompt recovery during adversity.
Ensuring compliance with operational risk capital requirements comes next. Finally, it is crucial to recognize that the process is ongoing, which requires continuous assessment and refinement of the entire program to align with evolving threats and dynamic business environments.
Rethinking Operational Resilience
As per the PwC Global Risk Survey, 62% of Indian organizations actively embrace risks to seize opportunities, surpassing the global average of 57%. While this is an encouraging statistic, there is still a need for risk management teams to better adjust their risk and resilience strategies as per changing market trends. This calls for a reassessment of the ORM program.
Here are some key factors to consider when updating the ORM approach:
Expanding Risk Categories: Moving beyond conventional risk categories and integrating contemporary and emerging risks is essential. This includes economic fluctuations, digital vulnerabilities, human-related factors, environmental issues, geopolitical instability, and liquidity constraints. Understanding the interconnectedness of these risks is paramount.
Leveraging Predictive Analytics: Chief Risk Officers (CROs) need to utilize AI, machine learning, and advanced analytics to access predictive insights into risks. These data-driven observations facilitate the rapid detection of trends, patterns, and correlations, empowering organizations to mitigate risks and minimize operational losses proactively. Indian organizations increasingly recognize this need, with as many as 55% saying they will invest in cybersecurity tools and technologies within the next 1–3 years.
Using Risk Quantification: Employing risk quantification, where risks are assessed in monetary terms, allows for a comprehensive evaluation of risk exposure and impact. This enables effective risk prioritization and allows CROs to communicate the organization’s risk profile to executive management.
Sustaining Incident Response Protocol: It helps to establish an incident response playbook detailing a strategy for different risk scenarios, which is essential. With predefined roles, responsibilities, and corrective measures, organizations are better prepared to respond to high-risk events, enhancing overall readiness and resilience.
Deploying Tech-Enabled Solutions: With the dynamic nature of modern risks, an adaptable risk and resilience approach is crucial. Software solutions driven by technology can enable CROs to lead such initiatives by automating risk management procedures. These platforms enhance risk reporting through advanced analytics, integrate autonomous assessments considering asset value and business repercussions, and provide timely actionable insights. Moreover, they also reduce the burden on risk teams, allowing them to concentrate on higher-priority assignments.
Operational resilience technology streamlines risk management by consolidating all aspects of an operational resilience framework into a unified platform. This helps seamlessly track risks while promoting data harmonization across teams and functions. It also offers automation features for various processes like risk assessments, control testing, ongoing monitoring, and third-party due diligence.
Wrapping Up
CROs and risk management teams must evolve strategies to meet constant challenges and prioritize readiness for business continuity. By leveraging appropriate technology, CROs can transition from managing risk to fostering resilience.
This operational strategy integrates regulatory requirements with risk management practices, covering compliance, cybersecurity, vendor risk management, third-party risk management, and business continuity plans.
