Transcript 2005 Senior Risk Management Workshop

Operational Risk Management at
HSBC
David Breden
HSBC Operational Risk Consultancy
Context - the HSBC Group
• We operate in 76 countries
• Not all are EU or G-10 members
• We have diverse portfolios and operations
2
The HSBC Approach
• Harness the intellectual expertise dispersed
in Group
• Avoid pointless bureaucracy
• Constructive partnership with colleagues
around the world
3
Components of the OpR
framework
• Risk identification and assessment
• Actions/controls
• loss data collection
• KRIs (being developed)
4
Risk self-assessment
• Brainstorming sessions
• What risks keep you awake at night?
• Distinguish between inherent risk and controls
in place
• Express in common risk language
5
HSBC Operational Risk
Matrix
• Impact x Likelihood = Inherent level of Risk
• Exposure = effect of controls/mitigation
R
I
S
K
>10
8-10
5-7
3-4
0-2
EXPO
1
2
C
B
C
C
C
C
D
C
D
D
SURE
3
4
B
A
B
B
C
B
C
C
C
C
5
A
A
B
B
C
6
Action plans and controls
• Assigned to high inherent risks
• Tracked by line management
• May be no action - accept risk
• Record of the risk reward profile judgement
7
Operational Risk Loss
Reporting
• Integral part of Operational Risk Management
process
• Benefits are:
– Improved risk management
– Improved efficiencies
– Improved business decision making
8
Individual incident loss
reporting
• Many issues about quantification of individual
losses
• Boundary issues between credit and OpRisk
• Near misses and potential losses
• Validation (not reconciliation) against the
financial records
• We provide individual guidance, then
standardise
9
How do we record our
Operational Risk framework?
• Group Operational Risk Database Online
Network (GORDON)
• Web-based browser
• Risks input and approved by business line
10
11
12
Governance
• Group manuals structure used
• Approved by Board
• Reporting to committees of Board
• Locally, challenge process by the ORMG
13
ORMG
• Oversees Operational Risk framework in
site/business
• Challenges business Operational Risk
assessments and loss data
• Reviews exposures and mitigation
• Escalates issues to executive management
14
Management - Training
• Local sites implemented training to meet
business needs e.g. case studies, workshops.
• Material live on Group Intranet
People
Process
Systems
External
15
Operational Risk Umbrella
People
Process
System
IT Security
Legal
Money Laundering
Business Recovery
E-Risk
Fraud Risk
External
ORMG
Compliance
Regulatory
16
Role of measurement - HSBC
philosophy (1)
• We plan to adopt the Standardised Approach
for the Group
• But we comply where the local regulator
requires AMA, e.g. in the USA
17
The role of measurement HSBC philosophy (2)
• Measurement adds value only if it contributes
to management
• We have an AMA which directly harnesses
our risk assessments
• The development is being closely monitored
18
Any Questions?
19