Risky Business: Managing Profits by Managing OpRisk

Financial institutions were created because not everybody is going to pay you back—if they did, you wouldn’t need them and we’d all just lend money to each other.




One origin of the word “risk” is the French risqué, "tending toward impropriety." On the other hand, “bank”—when used as a verb—means "to put confidence in." Maybe that’s why “bank risk” sounds to the layman like an oxymoron, akin to “working vacation” or “government efficiency.” But we know that risk is an integral part of our business: if not for risk, there wouldn’t be financial institutions.

Financial institutions generate profits by accepting risk when they lend money, sell fee-based services, trade securities, or the like. For financial institutions, risk is profitable. Financial institutions that embrace risks no one else is willing to embrace get profits no one else is earning, as well as differentiate themselves in the marketplace.

Risk is taking a high profile today, as corporate governance is under the microscope and the financial services world is undergoing a transformation. As financial service providers move into new business lines, as they strive to keep ahead of the curve of technological change, as they increasingly depend on multiple vendors, their risks multiply. Risk position based on regulatory compliance is getting bigger, and penalties for noncompliance are getting steeper. The key is reward.

Financial service providers have become increasingly expert at managing certain types of risk, most notably credit risk and market risk. Nevertheless, there is continuing opportunity to focus on—and differentiate around—operational risk (OpRisk), a not-so-new field that’s growing in importance since Basel II. As a supplier of transaction processing services to banks and credit unions, Open Solutions believes it has a singular degree of knowledge and expertise related to OpRisk.

Risky Business: Managing Profits by Managing OpRisk
To put OpRisk into context, we need to examine the five major risk areas financial institutions are required to manage in the course of operations:

  1. Credit risk – risk due to uncertainty that a borrower or counterparty to a transaction will fail to perform on an obligation. It’s making sure your lending policies and practices match back to the pricing you’re taking on that risk.
  2. Rate risk – risk due to uncertain future interest rates. This whole topic is usually referred to as an Asset and Liability Committee issue. Rate risk is expressed in financial statements as a negative gap and a positive gap.
  3. Operational risk – risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external events.
  4. Regulatory compliance risk – risk of noncompliance with legislative mandates. And as every new regulation is promulgated, the penalties for noncompliance increase.
  5. Reputational risk – is the potential that negative publicity regarding a credit union’s business practices, whether true or not, will cause a decline in the member base, costly litigation or revenue reductions.

There are additional areas of risk such as legal, strategic, price, foreign currency translation, transaction,and liquidity, but the five areas above are considered the major ones. A credit union’s risk management policies should ideally cover these five areas.

Phases of OpRisk Management
I have identified four distinct phases in OpRisk management: Discovery and Measurement, Business Evaluation, Remediation and Feedback, as shownbelow.

4 Phases of OpRisk Management

In Phase I of OpRisk management, Discovery and Measurement, the credit union must figure out which risks to look at and quantify them in terms of number of occurrences/units and dollar value each loss might represent.

The second phase of OpRisk management is a business evaluation of the appropriate level of risk return for your credit union. This is an evaluation of your risk return formula, and the probability that you’re going to have a loss.

In Phase 3, Remediation, there are a limited number of things you can do. You can eliminate the point of risk, reduce it by capping it, or shift it to the customer or a third party.

The fourth phase of effective OpRisk management involves putting a measurement, in the form of metrics feedback, into the process.

If you’ve followed our OpRisk process, you’ve measured the risks, performed your business evaluations, accepted the risks that you think you’re fairly paid for, and deferred risks that you don’t think you’re fairly paid for to others. Now you just have to make sure that this OpRisk management process is a living, breathing entity.

For a copy of the complete white paper on Managing Profits by Managing OpRisk, go to . Be sure to put OpRisk White Paper in the subject line.




June 25, 2007



No comments have been posted yet. Be the first one.