Day 1

Importance of Operational Risk

• What constitute operational risk?
• Definition of operational risks per Basel II/III/IV
• Characteristics and types of operational risks per Basel II/III/IV

Interface of Operational Risk with overall Enterprise Risk Management

• Relationship between Operational Risks with Market, Liquidity, Credit and Compliance Risks
• Interface of operational risks with overall Enterprise Risk management framework
• Drivers to Operation Risk Events

REAL LIFE CASE STUDY

Participants will identify how the interface of events and happenings resulting in market, liquidity and credit risks with operational risks exposures in a given real life case study with trainer sharing best practice.

Operational Risk Trends and Developments Post Covid-19 Pandemic Crisis

• The latest top 10 Operational Risks by RiskNet survey 2020
• Emergence of New Operational Risks Post Pandemic Crisis
  • Health and safety risk
  • Fraud risk
  • 3^rd party risk
  • Cyber risk
  • Conduct risk
  • Work-From-Home

Setup Operational Risk Management (ORM) Framework as part of Overall ERM Framework

• Integrate Operational Risk to ERM Framework
• Alignment of ORM to strategic plan
• Importance of Strategic objectives
• Identify key operational risks in the process of implementing the strategic objectives
• Establish the Risk Appetite statement and risk capacity limits
• Setup Operational Risk Management (ORM) Framework

REAL LIFE CASE STUDY

Using real life case study, participants will learn to identify the misalignment of strategic objectives and risk appetite using varied operational risk techniques with trainer sharing best practice.

Day 2

Update and review of  International Regulation governing operational risk

• Latest updates in both Basel II, Basel III and Basel IV for banks
• Update from COSO ERM in June 2017 on operational risks
• Latest from ISO 31000 Risk Management in February 2018 on operational risks
• Derive implications to operational risk practitioners

Establish the Enterprise Risk Governance Structure with Impact on Operational Risk

• Setup ERM Framework for the 3 Lines of Defence
• Allocate risk management responsibilities to the 3 Lines of Defence
• Institute ORM policy from ORM Framework
• Establish the Committee Charter with roles and reporting structure
• Emergence of Conduct risk and its impact on organisation culture
• Institute best practice reporting structure for effective enterprise-wide risk culture

REAL LIFE CASE STUDY

Participants will analyse a classical case study on how the risk governance structure was instituted inadequately and failed to support the implementation of strategic plan resulting in operational lapses and subjected to regulatory fines with guidance from trainer to form best practice.

Operational Risk Management (ORM) Process

• Establish the Operational Risk Management Process – 5 key steps
  • Identify the key operational risks
  • Measure the operational risk
  • Monitor the operational risk
  • Control the operational risk
  • Mitigate the Operational risk

ORM Process – Identify the Root Causes to Key Operational Risks

• How to identify key operational risks and its respective root causes?
• Importance of in-depth knowledge of the firm’s strategy and operations
• Map the end-to-end processes
• Types of techniques used to identify the root causes to key risks
• Top down and bottom up techniques – challenges and strength
• Defined the varied types of operational risks and categorised them
• Sharing of Best practice

REAL LIFE CASE STUDY

Participants are given a real life case to firstly analyse and use different operational risk techniques to identify the root causes to key operational risks.  Next, they will learn to use different approaches and identify the challenges involved in the process of using varied operational risk techniques.

Day 3

ORM Process – Measurement of Key Operational Risks

• What and how to measure or asses key operational risks?
• Types of challenges faced in the measurement of operational risks
• Calculate Operational Risk Regulatory Capital per Basel
• Importance of establishing Key Risk Areas (KRAs) and Key Risk Indicators (KRIs)

Types of Operational Risk Assessment techniques

• Setup an Operational Risk Measurement framework
• Establish Stress Testing and Scenario Analysis (STSA) capability
• Use Stress Testing on potential Low Probability and High Impact (LPHI) scenarios
• Create Scenario analysis to stress test new and existing products and services
• Institute early warning indicators for potential LPHI events
• Basel regulation on computing loss distribution approach (LDA)
• Sharing of best practices

REAL LIFE CASE STUDY

Participants are given a real life case where they are required to establish a scenario analysis and further stress test the outcome, assess areas of potential low probability and high impact (LPHI) events and set early warning indicators for effective operational risk assessments

Build an operational risk scoring system

• Review of the existing key types of operational risks
• Prioritise key risk drivers that impact on key operational risks
• Establish Key Risk Areas (KRAs) and Key Risk Indicators (KRIs)
• Setup operational risk dashboard for KRIs
• Align operational risk KRIs to strategic objectives
• How to delegate KRIs targets to division, departments, sections within an organisation?

Setting up Risk & Control Self Assessments (RCSA)

• Identify the potential key risk drivers impacting key operational risks
• Align RCSA monitoring indicators with KRIs for effective enterprise risk governance
• Delegate RCSA responsibilities to all division and department heads and subordinates
• Setup RCSA dashboard to track financial and non-financial results impacting strategic plan
• Obtain feedback on events’ magnitude and effectiveness of measurements for improvements

REAL LIFE CASE STUDY

Participants will be given a real life case where breaking into groups will learn to setup KRIs and KRAs, as well as create RCSA dashboard and learn how to detect potential misalignment of KRIs to strategic objectives.

Day 4

ORM Process – Monitor and Control the Key Operational Risks

• What and How to monitor and control key operational risks?
• Importance of loss reporting and regulatory requirements
• Sources for Incident Data Collection – loss of data base, KRIs and RCSA reports
• Institute Incident Data collection policy within overall ORM policy

Operational Risk Monitoring & Control Techniques to Loss and Incident Data

• The fallacy of non-financial impacts on losses vs incidents
• Incident Data collection process – importance of data fields
• Incentivise timely self-reporting to instil the right risk culture
• Review and validate the accuracy of data
• Share best practices

REAL LIFE CASE STUDY

This case study exercise takes the participants on a step-by-step journey through each stage of the process on a real life situation of problems, risks controls and solutions. Participants are required to identify the monitoring and controlling of operational risks lapses, determine the root causes and recommend improvements to correct it with trainer sharing best practice.

Institute a systematic operational risk monitoring and control process

Analyse the existing operational risk process – start to end with detailed examination of:

• Pre-dealing controls
• Dealing controls
• Middle office functionality
• Processing controls
• Payment
• Position
• Reconciliation
• Accounting
• Documentation
• Reporting
• Compliance

REAL LIFE CASE STUDY

Participants are given a real life case study to analyse the implementation issues resulting in Operational risks lapses and loss of data. Next, break into groups, they will identify the key lapses in the operational risk monitoring and control processes and suggest improvements steps to mitigate future occurrences.

Day 5

ORM Process – Mitigate and Report the Key Operational Risks

• Types of heat maps/ scorecards/ dashboard and its purpose
• Handle resistance to reporting losses and incidents
• Scope of operational risks event to report to BoDs and top management
• Incentivise the right behaviour to submit timely reports on losses and incidents
• Review and validate the operational risk reports
• Share best practice

Importance of Business continuity management (BCM) and Crisis Management

• Identification and prioritisation of key risk factors
• Prioritising of operational risk drivers
• Establishing a risk hierarchy
• Event magnitude and frequency measurements

Emergence of Information Security Risk

• How to handle data breaches and headline news?
• Determine the information breaches and its impact on firm’s financial losses
• Best practices from international Information Security Standards
• Identify the types of information security incidents – what is key to the firm?
• Establish the key information security risks
• Determine the level of confidentiality of the identify key information security risks
• Types of Assessments – Surveys, RCSA and scenario analysis
• Types of Controls – issues of behavioural bias, KRIs and early warning indicators

REAL LIFE CASE STUDY

Participants will get to practice using the ORM framework and apply onto this final case study using all the ORM processes and techniques to identify, measure, monitor and control operational risks arises from this case study.

Every participants will either use their own company or an approved case study by SIMI on special reason and attempt to apply all the knowledge that they had acquired over the 5-day. This including setting up the ORM Framework, KRIs, RCSAs, identify the root causes to key operational risks,  setup operational risks measurements, monitoring and controls plus reporting structure.

Dr. Christopher Goh

Dr. Christopher is a professional, with some 25 years with extensive experience in, risk management, design thinking, compliance, anti-money laundering, strategic planning, exotic options, behavioural finance, and structuring products using derivatives and in particular to enterprise risk management where he spent some 15 years in this area, where he was the pioneer in risk management, since 1989.

He holds the title of chief risk officer for Asia Pacific having established holistic enterprise risk management and compliance framework, which includes anti-money laundering, sanctions, compliance and governance, spearheaded the implementation enterprise risk management process for some 3 international banks in Asia Pacific.

He had implemented enterprise risk management and compliance framework through practical experience gained through various diverse economic cycles. He had worked for 6 different banks over a period of some 25 years across 6 different cultures, business practices and management styles. This had given him a very deep knowledge in handling clients and managed staff from diverse cultural background.

Dr Christopher had conducted many in-house corporate seminars for the past 15 years training international and central bankers, senior management from government bodies from Asia region like Malaysia, Indonesia, Taiwan, China, Singapore, South Korea, Thailand, Hong Kong, Vietnam, Myanmar, Philippines, and to as far as London, Vienna, Jeddah, Riyadh, Kuwait, Johannesburg, Lagos (Nigeria), Accra (Ghana), Nairobi (Kenya), Dubai, Zimbabwe, Zambia, Lesotho, Moscow and Ulaanbaatar (Mongolia). He had since travelled to some 38 international cities to conduct international workshops and consultancies.

His current seminars and consultancy works are mainly focused on Governance, Risk and Compliance, Design Thinking for Bankers and Non-bankers, Enterprise Risk Management, Setting KPIs with Enterprise Balanced Scorecard, Organisational Development Audit/Assessment, Compliance Risk Management, Operational Risk and Compliance Management, Transforming Strategy into Business Results.

He had published over 20 Risk Management, Strategy and Technopreneurship articles. He had co-authored 2 books published in 2017:

1. Design Thinking for Management, Leadership and Technopreneurship, TWAN Pte Ltd, 1^st Edition, ISBN: 978-981-11-4217-8, published in December 2017
2. Technopreneurship: in Industry 4.0, TWAN Pte Ltd, 1st Edition, ISBN: 978-981-11-3875-1 published in December 2017

Dr Christopher has most recently been appointed as Dean for School of Finance and Banking with Swiss Institute of Management and Innovation based in Zug, Switzerland. He is also an Adjunct Visiting Faculty to some foreign universities namely: Shanghai JiaoTong University, Central University of Finance and Economics (Beijing), Harbin Institute of Technology (Harbin), S.P. Jain (Singapore and Dubai campus) on a yearly basis on banking certification courses and/or EMBA courses.

The Certified Operational Risk Officer (CORO) is the unique programs from the Swiss Institute of Management and Innovation (SIMI)’s School of Finance & Banking. This program is also accredited as the other accredited programs from SIMI.

Accreditation & Recognized of the Swiss Institute of Management and Innovation (SIMI)