Embed Size (px)
DESCRIPTION
Operational Risk. ACSDA Leadership Forum New York City, USA - October 8-10, 2007 Diana Downward, DTCC. Agenda. Background DTCC’s Operational Risk Management Program DTCC Risk Scenarios DTCC Risk Metrics. Why Focus on Operational Risk Management?. - PowerPoint PPT Presentation
Citation preview
Operational Risk
ACSDA Leadership Forum ACSDA Leadership Forum New York City, USA - October 8-10, 2007New York City, USA - October 8-10, 2007
Diana Downward, DTCCDiana Downward, DTCC
2
Agenda
Background DTCC’s Operational Risk Management
Program DTCC Risk Scenarios DTCC Risk Metrics
3
Why Focus onOperational Risk Management?
Largest financial and reputational losses in the financial services industry are attributed to Operational Risk
Good business sense Regulatory Expectations
Sound Risk Management Practices Robust Business Resiliency
4
Examples of Op Risk Events
EnronArthur
Andersen
Timeliness of Rating Agency Downgrades
CMO Pricing Issues
BaringsREFCO
August 2003 Blackout
Tyco
NYSE
Hurricane Katrina!
5
DTCC’s Operational Risk Definition
“The risk of loss, including reputational harm, resulting from inadequate or failed internal processes, people and systems or from external events.”
6
What Operational Risk is Not
Operational Risk is not Credit Risk, Market Risk, Liquidity Risk or Strategic Risk.
However, Operational Risk is NOT LIMITED to the processing type of risks generally associated with a back-office operation.
7
Operational Risks at a CSD
Customer Confidentiality Failure
Incomplete Due Diligence
Computer Hacking
Corporate Actions Losses
External Threats
Missing Certificates
Fraud
Settlement Fails
Data Entry Errors
Governance Issues
System Failures
AML
8
9
DTCCOperational Risk Management Objectives
Establish a common risk language across the organization
Foster a climate where risks are identified and openly discussed by all departments and employees
Inform senior management and Board about Operational Risk across the enterprise
Reinforce transparency and comply with regulatory expectations
10
11
Program Components
Enterprise-wide reporting Risk and Control Self-Assessment Risk Metrics Leveraging off existing risk event
information
12
Status of Effort to Date
Governance Structure in place Corporate Policy and other documents issued Risk & Control Self-Assessment (RCSA)
process formalized-initial and periodic updates System internally built High level reporting developed Risk Metrics in progress Scenario analysis process recently established Risk incident collection in initial stages
13
Governance Structure
Board of DirectorsAudit Committee
Compliance and Operational Risk
Management CommitteeDTCC Management
Committee
DTCC Internal Risk Management
Committee
DTCC Internal Operational Risk
Steering Committee
14
2007 Objectives Develop a plan to collect Risk
incidents Implement a scenario analysis
process Continue to enhance
Management reporting Continue to work with
business units to
identify risk metrics
15
High Level Reporting Enterprise Major Risk Report
39 risk scenarios major to DTCC
Mitigants addressing risks Additional plans to further
mitigate risk Enterprise Risk Metrics
Report Metrics that address the major
risks of DTCC
16
Enterprise Risk Scenario Categories
Liquidity Risk
Market Risk
Concentration Risk
Operational Risk
Reputational Risk
People & Culture Risk
External Risk
Process Risk
Business Continuity Risk
Technology Risk
17
Enterprise Risk Scenario Examples
Liquidity Risk Credit Risk
Insufficient liquidity to
fund settlement
Exposure from
related entities
Not informed timely about major credit
event/ insolvency involving a
member
Inability to access
liquidity to fund
settlement
18
Enterprise Risk Scenario Examples –cont’d
Market RiskConcentration
Risk
Insufficient clearing
fund/ insufficient collateral
Model risk
Multiple forms of
exposure to one
member
19
Enterprise Risk Scenario Examples –cont’d
Operational
Risk
Theft of funds or securities
Corporate Action processing errors
Inability to complete settlement
Disaster eliminates primary operating region capability
Unauthorized access to
company systems
Cyber attack disables key production
systems
Insufficient system
capacity
20
Enterprise Risk Metrics Examples
Adequacy of clearing fund coverage Adequacy of liquidity Settlement timeliness System availability Timely implementation of Internal Audit
recommendations Operations losses >$10,000
