The banking and securities industries are ill-prepared for fresh terrorist attacks, and for Basle II. Or so says a survey commissioned by IBM from the Institute of Financial Services One in three senior executives interviewed by researchers argued that the operational resilience programmes within the industry are ineffective. Another third of those interviewed were unaware of the capital allocation requirements of the Basle II Accord.
Interviews with 115 senior executives in both retail and institutional finance companies revealed that only 51 per cent of the organisations represented could definitely measure their operational risk exposure. A mere 46 per cent have near real time operational risk detection systems in place and of the operational risk and compliance executives spoken to, only 69 per cent claim to have access to reliable data. It is therefore scarcely surprising that well over half of all executives interviewed would be willing to join an industry wide data sharing consortia to improve their understanding of operational risk and resilience.
Levels of awareness of operational risk are certainly up. “The terrorist attacks of last year have focused minds on risk resilience and could explain the unprecedented response we received for the survey,” says Eric Dobby, the Director of the Institute of Financial Services. “Results show that 95 percent of the people interviewed believe that the financial services industry is now taking operational risk more seriously; 55 per cent plan to increase their expenditure in this area. Whether the current financial services industry tactics will necessarily result in more robust operational resilience programmes remains to be seen. As well as helping to minimise the effect of crises, 83% believe that in the future, the strength of an organisation’s operational resilience programme will be recognised in its valuation. Similarly, 70% expect rating agencies to start referring to a company’s data in this area.”
However, despite the growing focus on operational resilience, IBM stresses that there are many obstacles to developing robust and effective programmes.
“Operational resilience best practice means adopting an integrated, cross-company approach,” explains .Pierre Pourquery, Principal Head of Risk Management at IBM Financial Services. “Whilst businesses tend to work in silos, this must not be a barrier to adopting a company wide operational resilience strategy. Indeed, the research shows that in 20 percent of respondents believed that operational resilience is not integrated across the company and in only 86 per cent and 61 per cent of cases is operational risk management and IT respectively represented on risk committees. These inter-departmental barriers must be removed if you are to be able to first understand and quantify the risks involved and then reduce them. They can also prevent effective monitoring and measurement techniques and limit the flexibility required to make changes as and when they are needed. There is little doubt that greater focus is being placed on operational resilience within the financial services sector. However, question marks remain as to how effective programmes are and whether organisations truly have a clear picture of the risks they face. It is only once they have this that they can start addressing them.”
115 senior executives from 61 financial services companies were interviewed between 22 April to 3 May. 43 per cent were from financial markets and infrastructure organisations and 57per cent were insurers and retail commercial banks.39per cent were risk or compliance executives, 27per cent worked in operations and IT and 34 per cent were from business management.