Operational Risk

Segments of the investment industry have been attempting to address the issue of operational risk for over a decade, but the topic did not really come to the fore until the publication of the New Basel Accord, which requires banks to set aside reserves to cover potential losses due to operational risk. While, strictly speaking, the Basel Accord affects only banks, other regulators have been quick to review the topic, with the FSA, SEC and EU regulators stating that they expect to focus on operational risk in the near future.

Operational Risk is defined by the Basel Committee as "the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events." In simple terms, something goes wrong and it costs you money. Investment managers have been facing operational risk for as long as they have had operations, and many firms even budget for losses due to operational risks - the cost of breaking trades, the cost of fails, etc.

At the request of the members of The Technology Council, Cutter researched the issues concerning operational risk and the systems which purport to assist investment firms manage and quantify operational risk. The following presents a few of our findings.

  • Few firms are addressing operational risk outside of audit-related issues.
  • The few firms that are addressing operational risk are trying to do so at an enterprise level but, with few exceptions, still have a lot of work remaining.
  • Implementing operational risk management requires substantial investments in staff, systems and organizational change.
  • While many vendors are starting to address operational risk, there are no established vendors with established products in this market space.
  • We identified four types of operational risk systems:
    • Self-Assessment Systems- Audit-oriented, on-line questionnaires.
    • Quantitative Systems - Maintain a database of operational losses and provide quantitative analyses of this data to establish expected losses.
    • Monitoring Systems - Monitor current production systems, provide "red light/green light" status based on user-defined rules, track exceptions, and assist in processing exceptions.
    • Enterprise - "All singing, all dancing" systems that include self-assessment, quantitative and monitoring functionality.
  • Within each of these types, our assessment of the functionality of the systems had a much greater spread than we have seen in other types of system we have reviewed. This is also true of our assessment of the vendor and product risk involved in selecting a system. This means that vendors of operational risk products are in an industry in turmoil.
  • Selection of a specific product is made difficult because no system meets all requirements, so part of the selection process includes an evaluation of each vendor's product plan and of the probability that the vendor will deliver on the product plan.
In the next few years, we expect that most investment managers will be required to choose an operational risk system. However, if this field remains in turmoil, as we expect it will, then selecting an operational risk system will remain a risky process.


2003 Research Meetings

September
The Technology Alliance!"
Boston
Topic: Trading Effectiveness

October
Update Service!"
Webcast
Topic: Middleware

November
 IT Budget Survey Report

Portfolio Management Systems Study

The Technology Roundtable !"
New York

December
The Technology Council !"
New York and London
Topics: Client Reporting and FIX and XML Standards Now and in the Future

The Technology Forum !"
London

For information about Cutter Associates, Inc. visit www.cutterassociates.com

Please click here to provide comments.
Please click here to unsubscribe.



Copyright 2003 Cutter Associates, Inc.
All rights reserved.