Integrated Operational Risk Management

A hands-on and tech-aware exploration of operational risk management

In Integrated Operational Risk Management: Tools, Techniques and Meeting Regulatory Expectations, distinguished risk and compliance practitioners Jimi Hinchliffe and Andrew Sheen deliver a practical discussion of operational risk management (ORM) with a pronounced focus on operational resilience and regulatory context, history, and expectations. The book offers a comprehensive explanation of how to create a holistic framework for ORM that breaks down the silos in non-financial risk management, improves efficiency, avoids duplication, and adds value to the business.

The authors examine ORM's place within enterprise risk management and describes the origins and evolution of ORM as a discipline. It considers the roles of the BCBS, UK FSA and the Institute of Operational Risk. You'll also find:

• A variety of ORM tools and frameworks you can implement immediately to incorporate best practices on governance, risk assessment, and other areas
• Strategies for risk identification and controls management and balancing
• Up-to-date discussions of the latest and best practices in operational risk management

Perfect for risk and compliance professionals at financial and non-financial firms, Integrated Operational Risk Management is a must-read resource for everyone interested in a forward-looking and contemporary examination of best practices in ORM.

About the Authors ix

Preface xi

Chapter 1 Introduction 1

Part One Background and Regulatory Context 5

Chapter 2 Enterprise Risk Management 7

Chapter 3 The Origins and Evolution of ORM 17

Chapter 4 Regulatory Approaches and Expectations 33

Part Two Operational Risk Management Tools and Frameworks 41

Chapter 5 Operational Risk Management – Building Blocks 43

Chapter 6 Risk Identification and Assessment – RCSA and Other Tools 61

Chapter 7 Controls 85

Part Three Antifragility, Resilience and When Things Go Wrong 93

Chapter 8 Operational Resilience – The Outcome of Effective ORM 95

Chapter 9 Risk Incidents 121

Chapter 10 Third-Party Risk Management – The Elephant in the Room 131

Part Four Monitoring, Reporting and Taking Action 149

Chapter 11 Monitoring Risks and Controls – The Holy Grail of ORM 151

Chapter 12 Mitigating and Managing Operational Risks 161

Chapter 13 Reporting Risks 169

Part Five Hot Topics and the Future 181

Chapter 14 The Art of Regulatory Relations 183

Chapter 15 The Rise and Fall of AMA and the Modelling Controversy 199

Chapter 16 Selecting and Using a GRC 207

Chapter 17 GenAI – Uses and Risks 215

Chapter 18 Esg 225

Chapter 19 The Future Challenges and Opportunities 239

Notes 245

Index 255

DR JIMI HINCHLIFFE has over 25 years experience in operational risk and regulation, including almost a decade at the UK regulator as an operational risk policy SME, Basel 2 Technical Specialist, manager of the Basel 2 Implementation team, and a supervisor of Japanese and American GSIFIs. He then joined GSIFI MUFG as a Director and then Executive Director in the regional compliance division and Global Regulatory Affairs Office. Since 2016, he has been a consultant specialising in operational risk, resilience and regulatory affairs. Jimi is a former Chairman of the IOR in England and Wales and is a regular speaker at operational risk and regulation events.

ANDREW SHEEN spent eight years at the UK regulator, firstly in the UK Financial Services Authority and subsequently at the Prudential Regulation Authority, a role which involved assessing Operational Risk frameworks in a wide variety of financial institutions. Andrew also represented the UK on the Basel Committee for Banking Supervision’s Operational Risk Working Group and the European Banking Authority’s Operational Risk Working Group. Andrew is a regular speaker and panellist at Operational Risk conferences globally and provides consulting and training to financial institutions.

In Integrated Operational Risk Management: Tools, Techniques and Meeting Regulatory Expectations, distinguished risk and compliance practitioners Jimi Hinchliffe and Andrew Sheen deliver an incisive and comprehensive discussion of operational risk management (ORM) with a special focus on the regulatory context and expectations, the historic background and the new kids on the block, operational resilience, ESG and third-party risk management. The authors explain how to create a holistic framework for ORM that breaks down the silos in non-financial risk management, avoids duplication, improves efficiency, and adds value to the enterprise.

This book examines ORM’s place within the broader enterprise risk management (ERM) space, explains the origins and evolution of ORM as a discipline, considers the roles of the BCBS, UK FCA and PRA, and the Institute of Operational Risk, and explores a variety of ORM tools and frameworks you can implement immediately to incorporate best practices on governance, risk identification and assessment, and controls management and assessment.

Perfect for risk and compliance professionals at financial and non-financial firms, Integrated Operational Risk Management is a must-read resource for anyone interested in a forward-looking and up-to-date discussion of the latest and best practices in operational risk management.

Praise for INTEGRATED OPERATIONAL RISK MANAGEMENT

“A practical guide to building and enhancing operational risk frameworks while considering regulatory requirements, which have significantly evolved over the last few years. The authors draw on their lived experience to provide best practices suited to both new and more experienced practitioners; as well as those interested in the field.”
—ARMEL MASSIMINA, Operational Risk Lead

“An insightful read for Chief Risk Officers and all risk professionals working in regulated environments. Andrew and Jimi, as former regulators themselves and risk experts, clearly explain how working positively with regulators can improve your risk framework. Such an accessible and enjoyable book, for all risk teams to read and discuss together.”
—CATHY HAMPSON, Author of An Introduction to Behavioural Risk and Fundamentals of Operational Risk for Insurers

“An indispensable guide to Operational risk management, masterfully bringing the framework to life while providing much needed and often misunderstood regulatory context. I recommend this book wholeheartedly.”
—ELENA PYKHOVA, Director and Founder, The OpRisk Company

“I highly recommend this book to anyone with an interest in operational risk, which is ever more important as challenges such as AI and cyber risk grow. It sets out the unique perspectives of two ex-regulators with many years’ experience as practitioners and consultants on how to achieve operational resilience and meet regulatory expectations by implementing a robust and adaptable operational risk framework.”
—SEAN TITLEY, Independent Risk Consultant at Practical OpRisk Solutions Ltd

“Adopting the unique perspective of regulatory experts active in the field since day one, this book provides a much-needed umbrella approach to risk management in an era of increasing fragmentation in the management of non-financial risks. Pragmatic and actionable, it is an essential read for every risk professional.”
—ARIANE CHAPELLE, Author of Operational Risk Management