GMFI Conference (3)
Download as PPTX, PDF
0 likes218 views
This document discusses operational risk and challenges in Latin America. It begins by defining operational risk and Enterprise Risk Management (ERM). It then discusses some of the main challenges, including cost pressures leading firms to cut control functions, fraud and insider risk especially from rogue traders, and growing cyber risks as the leading cause of incidents shifts from human error to phishing, hacking and malware. The document provides frameworks for improving cyber risk management and best practices such as creating frameworks involving senior management, identifying and prioritizing threats, protecting data, implementing incident response procedures, and periodically reviewing cybersecurity coverage.
Convert to study guideBETA
Transform any presentation into a summarized study guide, highlighting the most important points and key insights.
GMFI Conference (3)
- 1. Daniel Paula VP, Risk Management Executive
- 2. 2 OpRisk is an evolving discipline Principles/Sound Practices CCAR Basel III Vendor Management Enhanced Expectations for Risk Governance Today It is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events Basel II Its everything that is not market risk or credit risk Early days How well is operational risk understood in LATAM?
- 3. 3 Enterprise Risk Management (ERM) is a risk-based approach to managing an enterprise, integrating concepts of internal control, the SarbanesOxley Act, and strategic planning. ERM addresses the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. It includes the management of Operational Risks, Liquidity Risks, Credit Risks, Market Risks, Regulatory & Compliance Risks, Reputational Risks, Cyber Risk and others. Operational risk is "the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses". ERM and ORM
- 4. 4 Driven by internal factors Creating an operational risk culture Accountability and transparency Risk technology infrastructure and data analytics Big Risk Data Driven by major external factors The future of AMA? Regulatory demands (FACTA, DFA, AML, just to name a few) Increasingly sophisticated cyber security threats Political instability (Middle East, Brazil, Venezuela) What are the main industry OpRisk challenges today?
- 5. 5 Political Instability in Latin America 2013-2016
- 6. 6 US economy growing modestly. EU stagnated. FIs under pressure to reduce costs Pressure should continue (expected GDP growth < 3%) Focus on: Resolving performance issues Reducing downtime Simplifying infrastructure (de-risking) Fraud tends to rise in economic downturns Earnings pressure Rogue trader cases in volatile markets Watch for cutting cost in non-revenue generating control functions #1 Cost pressures: the pursuit of efficiency
- 7. 7
- 8. 8 Notorious rogue trader cases: Bruno Iksil (JPMC-2012) USD 5.8B Kweku Adoboli (UBS-2011) USD 2.3B Jerome Kerviel (SG-2008) 4.9B Brian Hunter (Amarath Advisors-2006) USD 6.5B Nick Leeson (Barings Bank-1994) 827M Typical environment: Aggressive culture Compensation tied to short-term performance Routine control breaches Insufficient challenges from control functions High volume of trades supported by fragmented IT systems Complex products poorly understood by Senior Management #2 Fraud and Insider Risk
- 9. 9
- 10. 10 Human error is no longer the leading cause of cyber incidents, the number one spot has been taken by Phishing, Hacking, and Malware in 2016 Source: 2016 BakerHostetler Data Security Incident Response Report 3 Cyber Risk
- 11. 11 Board Engagement and Oversight Model Six Components Source: KPMG Cyber Maturity Framework 3 Cyber Risk
- 12. 12 Leadership, Governance and Human Factors: * Source: KPMG Cyber Maturity Framework 3 Cyber Risk
- 13. 13 Information Risk Management and Business Continuity * Source: KPMG Cyber Maturity Framework 3 Cyber Risk
- 14. 14 Operations and Technology, Legal and Compliance * Source: KPMG Cyber Maturity Framework 3 Cyber Risk
- 15. 15 Where do we start? 1. Create frameworks that involve senior management, incorporate the organizations risk tolerance, and allow for risk assessments that help improve the framework over time. 2. Identify the sources of potential cybersecurity threats and prioritize the areas in most need of improvement given the organizations risk tolerance. 3. Take specific actions to protect software and hardware that contain data, especially data subject to cybersecurity threats. 4. Implement procedures for responding to cybersecurity incidents and define roles for individuals in charge of incident response. 5. Take a risk-based approach to selecting, engaging, and monitoring third party service providers. 6. Provide employees and other authorized users of the organizations systems with training appropriate to their specific responsibilities and the types of data they may access. 7. Create and deploy an effective cyber intelligence program using all resources available to the organization. 8. Periodically review the adequacy of an organizations cybersecurity coverage to determine if the policy aligns with threats identified by the organizations risk assessment(s) and ability to bear losses. Organizations that do not have cyber insurance should evaluate the cyber insurance market to determine if coverage is available that would enhance the organizations ability to manage the financial impact of a cybersecurity event. Best Practices