Why is it important to have a good Operational Risk management?

Because it favors the identification of threats, obstacles and opportunities. It increases the possibility of avoiding, mitigating or assuming potential losses due to exposure to risk.

Who regulates Mexican financial institutions?

The main regulatory entities are: the National Banking and Securities Commission (CNBV), the Ministry of Finance and Public Credit (SHCP), the National Insurance and Bonding Commission (CNSF), the National Commission of the Retirement Savings System (CONSAR), the National Commission for the Protection and Defense of Users of Financial Services (CONDUSEF) and the Institution for the Protection of Bank Savings (IPAB).

What are the Operational Risk factors?

Internal fraud, external fraud, technological failures, process execution and management, labor relations, damage to tangible assets, customers, products and business practices.

How to measure Operational Risk?

The National Banking and Securities Commission (CNBV) establishes 4 methods to measure operational risk for credit institutions: Basic Indicator Method, Standard Method, Alternative Standard Method and Advanced Measurement Approach (AMA).

Operational risks in financial institutions

Q: What is Operational Risk?

Operational Risk is the risk that can cause losses due to human error, inadequate or faulty internal processes, system failures and as a consequence of external events.

Q: How to mitigate Operational Risk?

To reduce subjectivity and to be able to qualify the risks, it is necessary to follow the following steps: 1. Identify the Risks 2. Rating the Risks 3. Rating the Controls 4. Rating the Mitigation Level, for which there are several formal methods depending on the maturity of the methodology and the organization's objectives.

What are operational risks in financial institutions?

In the last decades, the financial industry has been involved in numerous misconduct scandals publicized by different media. Highly damaging to large and small financial groups. As a result of these situations, the improvement of the conduct of financial systems is always under scrutiny by various actors. For this reason, any activity deriving from financial management involves making decisions and performing actions subject to error. As a consequence, generating potential losses for the entity, which may lead to catastrophes or fines by regulatory bodies.

But what is Operational Risk? In the financial system, Operational Risk is understood as the possibility of occurrence of financial losses due to deficiencies or failures in internal processes, which may derive from information technology, deficiencies in operating processes, people or the occurrence of adverse external events.

Business Processes and Risk Management

It is clear that financial institutions focus on implementing systems that allow for proper operational risk management, including internal audits that allow them to verify that Business Processes and Information Processes are being carried out correctly and to identify possible errors that could lead to future problems.

Due to the above, financial institutions established a strategy for the identification, measurement, control, monitoring, and mitigation of operational risk. This strategy has its own approach and methodology of operational risk management for each financial institution. It is based on its corporate purpose, size, nature, and complexity of operations. Therefore, each financial institution must have a system that avoids internal fraud and minimizes operational risks. The latter is difficult to manage and generates a great loss of confidence on the part of its users.

How to mitigate operational risk?

A major step towards this achievement is to improve the quality and reliability of internal data, the greatest value revolves around patterns and correlations in data and predictive intelligence, as well as using cognitive machine learning and analytics tools to identify dangerous accumulations of potential risk. Automation of Banking Processes is very important in this domain, as the infrastructure that a bank must have in place for operational risk management is to leverage automated workflows to continuously monitor emerging issues and ensure that the right people receive the right information in a timely manner, allowing it to respond quickly and effectively to day-to-day or unexpected situations.

In the Mexican banking system, there have been numerous financial fraud scandals in recent decades. Irregular handling has tarnished the prestige of the banking system during the last 20 years. Now it is clear because new and developed methodologies are generated each time, allowing better control. The search for risk reduction is a challenge faced by all financial institutions in the world. As a result, they are supervised by regulatory institutions such as the CNBV (National Banking and Securities Commission), for example for the provisions published on November 19, 2020, for credit institutions, the commission requests them to keep available to the CNBV the evidence of compliance with the minimum general requirements for obtaining the capital requirement for Operational Risk under the Business Indicator Method for Credit Institutions.

Enterprise Architecture and Business Processes

Banking systems demand more robust and reliable methodologies that allow them to continue operating correctly and efficiently. As well as having the following three lines of defense which are suggested when implementing solutions such as ADOGRC from the manufacturer BOC Group:

Documentation, Having up-to-date information on processes, participating roles, inputs, outputs, applications, risks, and controls.
Confirmation: Have clarity of the activities and responsibilities of the human capital and also of the participation of areas such as Risk, Processes, and IT.
Audit: Maintain an audit that is transparent in the measurement of results and operational efficiency.

Furthermore, operational risk management is vital for the survival of financial institutions, and having robust systems that avoid operational risks is nowadays a need of great importance and relevance.

Conclusions

It is necessary to have an adequately documented Enterprise Architecture: Business Processes, Information Processes, and Technological Architecture.
To have a catalog of Risks and Controls that are linked to the business assets, but above all to the business processes, which should also be cataloged as assets.
To have a technological platform that helps risk management, such as:
- ADONIS and ADOGRC from the manufacturer BOC Group.
- HOPEX from the manufacturer Mega International

In Linnoit we have several services and consultants that can help you with the documentation of your processes, the audit of these, or with assistance and licensing solutions such as ADONIS and HOPEX referred to above.

TO CONTINUE READING

Integrated services for process documentation

A true customer focus.

What is a business process map?

Maturity in business processes.

Bibliography:

https://www.mega.com/

https://www.dof.gob.mx/nota_detalle.php?codigo=5605312&fecha=19/11/2020