Enterprise risk management
Creation of an impression of the relevance of the development of a risk appetite framework for a firm for purposes of operational risks as a section of the enterprise risk management through the fintech organizations and the impact that the structure imposes to the operations of the organization.
Evaluation of the risk appetite and concept that are related to the later. Which will help the organization in the understanding of the risk capacity, tolerance, desire and limits in comparison to the operational risk.
The strategic importance of the research is a derivation of the impact that the research project has towards the realization of the benefits of the RAF in the accomplishment of the objective of the fintech institutions.
Operational risks
Since the project is broadly focused on the effectiveness of the operational risk and evaluating how they can be minimized in the realization of smooth operations of the fintech institutions and the realization of their goals and objectives efficiently
Risk analysis
Classification of risks that are affecting the business operations and hierarchy of the dangers and their urgency in affecting the Performance of the functioning of the organization.
Risk mapping
Analysis tool where risk exposures are intertwined to relative parts of the organization processes.
The research question that is used to determine the objectives of the fintech organizations
- Evaluation of whether the risk appetite framework for operational risk management helping fintech organizations in the increment of its value in its operations.
- Description of whether the risk appetite framework for operational risk management can guide the institution in making the decision.
- They are evaluating whether the investment tools and resources can change after the adoption of the risk appetite framework.
- Establishment of whether the operational risk will be deemed to reduce if the risk appetite framework is applied
- Expounding on what extent will the operational risk reduction if the risk appetite framework is applicable
- The processes that will be impacted by the application of the risk appetite framework
- Applications of the risk appetite framework among various operational groups
- Establishment of the business processes that may fail to leverage the risk appetite framework
- The time factor for the creation and adoption of the risk appetite framework for operational risk management
- Alignment of the risk appetite framework to the strategic business objectives
The design used to conduct the research; data analysis for the regression and correlation analysis for the conduction of analysis
Creation of hypothesis expounding on the dependency between the operation risks with profitability.
Conclusion
References
To improve the value of the financial institution, executive management must conduct and develop enterprise risk management. The enterprise risk management parts like finance regulatory and others have strict industry as well as regulator frameworks. Which are same in various cases even for non-financial institutions .operational risks form a critical part on overall risk mitigation as each firm may have multiple products or services with clients delivery mechanisms requiring strategies that are certain to fintech and also particular to the product or service
The word fintech is a form of abbreviation referring to financial technology where it stands for a financial industry that is composed of companies that embrace technology in making their financial services more effective and efficient. Where computer programs with other technologies are used or enhance financial and banking services.
Risk appetite framework
In the previous decade, the most crisis faced at the financial institutions is due to the failure of risk management that has been encompassed with an irrelevant funding model and insufficiency of capital. Raising a question as to whether the organizations that have been involved in the crisis have made any consideration of whether the adopted strategy was relevant and most effective concerning its risk capacity. Did the case of tactical and strategic planning in the enterprise happen without a meaningful evaluation of the risk appetite? A fundamental principle encompassing both strategy formulation and risk management is that the board should know the peril in which the entity is exposed and develop a risk appetite framework for the organization.
Although it is easy to concentrate on the quantifiable issues the funding deficit or capital is correctly posing a challenge to the institution in accessing what is the current culture or if the culture is consistent with the entity’s risk appetite. Evidence confirms that lack of alignment within risk appetite and strategic goals exists in the absence of concrete transparent risk culture.
An organization risk appetite should address its risk appetite with the institution strategies encompassing both the desirable and the undesirable risk exposures. The risk appetite and strategy are intertwined, where the risk appetite relies more on enhancing the organization make calculations of risk in pursuit of the long term policies as it is about instilling constraints on performances.
Understanding risk appetite
When doing business, exposure to risk is unavoidable. Differentiation of the successful and struggling business is established by the capability to tackle on calculated risks to realize the strategic objectives. The achieved goals and the uncertainties underwent to accomplish them should be illustratable to stakeholders. The RAF enhances the institution to demonstrate that the achievement of its strategic objectives hasn’t been the result of luck.
Development of the risk appetite does not encompass the elimination of all the possible risks. Still, it is about accepting the risks within the areas that the management has the suitable skills, experience and knowledge of taking advantage of the chances presented while posing limitations in other parts. When consideration is made with the strategy, it explains the reason as to why an institution has or hasn’t done what they usually do.
A well-defined risk appetite gives the board of directors, staff and management with a framework that facilitates the identification and address of control of both the risks and chances. Transparent and concise strategic goals should underpin the RAF. Despite it implying on the risk appetite and strategy being intertwined it is with no doubt that one does one doesn’t lead the other; both the risk appetite and the strategy do evolve in a parallel state. An efficient risk appetite address is empowering in that it ensures decisive accumulation of risk in conjunction with strategic goals of the business entity thus giving the directors and the management confidence of avoiding risks that are not in keeping the strategic objectives.
After evaluation of the concept of the risk appetite, the management is obliged to understand the operation of the risk capacity and the effect that poses to the conduction of the strategic goals of the organization. Where it is defined as the maximum amount of risk that the business entity can assume before it breaches either one or variety of its capital base borrowing rate, liquidity regulatory and reputational constraints. If the organization thinks setting up the risk appetite without consideration of the effects of the risk capacity poses a critical consequence. Both the management and the board should ensure that they evaluate and understand the impact that risk capacity raise to the business entity. The risk capacity happens to be easier to quantify in terms of capital or expected funding. At the same time, there is a more significant challenge of considering the point where the entity’s reputation is past repair. Therefore the board has the obligation and the urge to understand the risk capacity of the organization anterior to framing generalship and setting risk appetite. Risk capacity is represented by the upper limit beyond where there is a possibility of breach will fail. The organization is bound to practice sound practices by setting a series of buffers around the risk appetite where the violation of the risk appetite doesn’t necessitate the failure of an organization. The barriers become an essential management information tool as they assist in the identification or communication of adherence to and breaching of the stated risk appetite which has taken in aggregate may result in a breach of the risk capacity.
A research that was conducted by the central bank illustrated that the risk appetite, risk tolerance and the risk limits are the expressions that are mostly interchangeably used by the business entities for the reasons of establishing their own RAF. Despite them having the same meaning, the concepts express distinct dimensions of the overall risk framework. Thus a clear separation has to be drawn for the exact context of each of these dimensions.
The risk limits are to set out the quantitative and the distinguishing qualitative features that are used in the assessment of a specific category of burden and also a measure of the aggregate amount of such risk. Therefore the risk limits are bound to be measurable and precise.
Risk tolerance defines the acceptable variability within the risk limit. There are some variety of reasons evaluating why some patience around the limits is appropriate. Based on all the cases the board and management of the organizations should be able to understand and determine how much risk it is willing to tolerate in contrast to the risk levels which it is ready to admit. The management may consider developing both the upper and the lower tolerance bands within the risks limits. Thus ensuring that the business is taking an adequate risk to achieve strategic objectives.
Importance of risk limits
Business entities require a suitable system of information ready to have preferable and timely data showing how much risk is taken by the institution. The use of the data is not only to monitor the risks limits but also ensuring that the entity has taken enough amount of desirable peril for the achievement of its strategic goals.
A break of a risk limit will ordinarily act as a device for corrective action. Business enterprises, therefore, need to be aware of the availability of risk limits as well as the consequences of breaking the boundaries. On the breaking of the risk, limit evokes a series of actions which are developed a way of correcting the breach. The aspect is the provision of the business institution management with the decision point on whether to continue or stop pursuing a specific course of action.
Breaking the risk tolerance bond should serve as an alarm to the management resulting in actions to be taken to reduce the risk position. With a transparent escalation procedure put in place for the reduction of the risk position, well-defined escalation procedures have to be put into place and allow such acts to be done. In a manner that is timely inclusive of the notification of the relevant authorities that a break has occurred and immediate execution of the steps to solve the situation. Management has to acquire a clear understanding of the effects that led to the break and later from that evidence adopt necessary corrective measures.
In both cases, promotion, disciplinary structures and remuneration serve as a reinforcement of risk culture, for risk appetite to be presented within the culture of an organization it has to be supported by the incentive features of that business entity.
It is breaking of the risk raising a yellow alert for the management while the breakage of the risk tolerance serving as a red alert to the administration. With the risk position expected to be brought back along with the limits that are outlined in the risk appetite appendix where such breaches may cause other implications inclusive of the eruption of the necessity of notifying the central bank about the breach.
The usage of risk tolerance
It has to set in a way that it will remain along with the risk appetite despite them exceeding may have the flexibility that is enough to allow increased risk-taking in one or various areas on the organization without the requirement of equal offset of risk from others.
From the understanding of the above terminologies and their concepts concerning the risk appetite preference the management is left with the room of making effective decisions from the following rhetoric questions
- Risk capacities is a statement that evaluates whether the organization’s management has a clear mindset on the availability of the limits of the current relating to its risk capacity and the available preparedness towards the tackling of such events.
- Desirable risks –the kind of risks that the business unit is prepared actively to incorporate in their operations. With the intuition that this is the primary objective as to why the organization is existing .evaluation of the level of preparedness is the organization in ensuring they optimize the risk that prevails in the generation of the positive return in the long run and short run in line with the mission and vision statement of the business entity.
- Undesirable risks-this incorporates the risks that the organization is aware of and is willing to avoid them. What are the measures that the organization has put into place in ensuring that they can prevent such risks? And to what extent is the avoidance of such burdens will affect the profitability as well as the relevance of business operations. Posing a question to the management on what they are expected to do.
- Unavoidable risks-in the daily performances of the business activities. Some risks prevail and happen to be inevitable in the operations of the firm. Understanding of the above contexts enables the organization to determine the most beneficial and convenient way of handling such risks.
- Interlinkages-some risks happen to create influence to other threats to occur thus posing to the management the obligation of ensuring that they are conversant with the linkages of the risks and their effects towards the operations of the activities of the institution. Therefore the selection of involvement of threats in the execution of the firm’s productivity goal is vital and sensitive since it is linked with a variety of circumstances.
- Risk timelines-through the evaluation of the risk appetite and its equivalents the users of the risk frequencies are obliged to be conversant with the time preferences that the risk will be prevalent in the execution of the
- Compensation and incentives-this define how the strategic choices and handling risks are linked with incentives and compensation. Evaluation of how culturally the organization has planned itself in rewarding the attainment of risk-adjusted returns and simple returns.
- Escalation and mitigation-describes the actions taken by the organization towards handling the risks that are outside the risk appetite. How they are identified, communicated or mitigated.
- Brevity and clarity-this states how well and possible for the organization to communicate the appetite conveniently in an understandable form.
Broad awareness and evaluation of the point on the appetite for risk is classified to be the first step that is of high necessity when managing risk. Where there is no presence of simple models, it becomes a bit hard for the decision-makers to make a description or even derive explanation that is adequate of facts as to why some of the risks are acceptable with some of the changes facing rejection. For the assessment of the potential events of risk Performance, one needs to be explicit specific and provide a reference. Which also offers a more extensive understanding of the actions that have been incorporated in mitigating risks and realization of the potential.
From the above diagram, illustrations show the obvious risks as discussed earlier risks concepts are considered. With the example of helping create as well as adopting a risk appetite framework, which links to the broader enterprise risk management. Risk appetite, also known as risk level or risk propensity exhibits the types and to what extent in terms of risk, is the organization ready and willing to adapt to achieve its strategic goals.
With the reduction of the risks, levels enhance reduced earnings volatility a well as increasing the value of the business enterprise.
How is the research relevant in the derivation of strategy?
Through the research project findings, evaluations, conclusions and suggestions help in empowering the operations teams in the assessment of the consistent basis of events. That is supported by illustrations rather than the reliance on the unscientific methods that are composed of assumptions and unrealistic estimations which results to the organization making their conclusion and illustration with vague figures of events that gives misleading information to the users of the data in the activities provided. This affects the operations of the institutions as the decision they make are contrary to what is expected in the real process of the events, thus unyielding unrealistic and undesired returns to the enterprise which realizes losses to the institution due to the adoption of unscientific methods. Adoption of the RAF will make the operation team aware of the desire and the likes that are acceptable for the organization related business units as well as the products and services.
From the gross losses that are shown in the seven operational risk events categories, which was evaluation made by Basel II and reported by ORX2 within 2008 and 2012 are shown below.
The figure above well captures the aspect of operational risk appetite and the extent in which the organization is prepared towards the toleration of risk in the course of action in the Performance of the business core which is profitability. This is evidenced by the series of the events shown the figure above was during the period there was three most sever events types of activities that affected and projected to impact the operations of the organization. Which were inclusive of the; clients, products, and business practices which was the riskiest and severe risk that the organization had risked itself against followed by the execution, delivery, and process management. Which was the next dangerous operation that the organization had considered risky in conducting its business aspects followed closely by external and internal fraud which were also hazardous events that were to be evaluated when focusing on delivering the objective function of the business unit.
Due to well-publicized losses and the urge to match reward concerning risk, and with the increment in the operational risk the executive the regulators, as well as the management, have made conclusions that they need to be a developed approach to the handling and management of the operational risk. The guidelines provided by the corporate governance addresses the operation risk involved, as well as the establishment of the operational controls or measurement of the operational risk. The guidelines outlined by the corporate governance provides the institution with policies and goals that are related to the operational risks which can be used for the establishment of risk management steps through the firm. Their inclusion serves as the first step of identifying assessing risks to the organization’s goals. Most unlikely, the majority of the organization’s governance guidelines and rules for financial institutions happens to be based on subjective criteria to identify, assess and monitor risks.
Operational risk
It is inclusive of the perils and uncertainties experienced by a company when carrying out the daily business activities along a specific field or industry.it is one of the business risks that can lead to the failure of intimate performances, workforce even the systems. Unlike the problems that are faced in the external forces, for instance, economic or political events referred to as systematic risk. The risk can fall in the class of various unsystematic risk that is unique to a given industry and company. Operational risk evaluates how things are carried out within an enterprise with not necessarily focusing on the production or what is inherent in a trade. Such risks broadly focused on concrete decisions that relate to the functioning of the organization or priorities it has set. However, the perils are not certain to erupt to higher overall costs lower productivity, or even failure .they are considered higher or lower depending on the variety of the internal management decisions.
Since it is composed of human developed procedures and thoughts operation perils can be equated to social risk; the uncertainty of business operations failure prevailed to human error. This is effected to changes from industry to the other and is a critical evaluation to conduct at times of selection of fruitful investment decisions, with the that low involvement with human interaction having the likelihood of having lower risks in their operations. Operation risk performs a significant role in the development of the overarching risk managing programs that are inclusive of the planning for the organization continuity. As well as recovering from disasters compliance measures and the information security.in the development of the management strategy of the risk strategy the first step is the establishment of a plan that has the ability of identification, assessment communicating as well as mitigation of the risk.
Analysis of risk
Is defined as the process that is used for the identification and the assessment of factors that are likely to threaten the achievement of success of a project and the realization of the project’s objectives. The defined technique is also helpful in the definition of the preventive measures, reduction of the probability of such factors from occurrence and identification of the countermeasures to successfully handle these constraints as they develop to counter the possibility of negative effects on the competitiveness status of the organization. In the financial technology development on the Performance of the risk analysis uses the risk analysis process; where FRAP analyzes a single system segment or business processes application at a time. The process assumes that any additional efforts on developing precisely quantified risks may not be cost-effective since;
- Documentation of risks happens to be too voluminous for the practical application
- The estimates may be time-consuming
- Certain loss assumptions are not usually required to determine to incase controls are expected
- Lack of assumptions there will be little analysis of risk
When risk has been identified and categorized, a team establishes the designs with the potential of mitigating the risk. The design on what measures are required relies on the business manager. Conclusions of the team on the dangers that exist and the control measures required are documented in line with a relative action plan for control requirements. Some of the risks that are related to the financial technology are inclusive of; unexpected changes in return, unexpected modification of the costs from those projected. The risks affecting the returns of the organization can be due to unanticipated competition unit sales, privacy, intellectual property rights mishaps which are less than forecast. Unexpected establishment costs as well as create a risk that is in the form of more rework than expected privacy invasions or security holes.
Risk framework
All organizations are faced with risk, hence no results to no reward. Although the risk is in line with the Performance appraisal of the company, too much risk may result in business failure. Risk management creates a balance that has to be weighted lying within embracing risks and their reduction. Effective management of risk guarantees the organization by adding value. Specifically, the organizations that operate in the investment industry heavily depend on risk management as the cornerstone that allows them to withstand the market crashes.
An efficient risk management framework attempts to protect the company’s capital base and revenue without obstructing growth. Moreover, most of the investors have the will of investing in organizations that have developed and good management practices. Which is an assurance of profitability from the invested funds. This widely arises in reduced borrowing costs, relaxed accessibility for capital for the organization as well as long term Performance.
An organization that is obliged to create a relevant risk management framework should ensure the embracement of the following five basic components
- Risk identification
The first stage on the identification of risk which a company is faced with is the definition of risk universe. Where the risk universe is listed with all the possible risks thought of. The risks are inclusive of informational technology risk legal risk, operational risk, credit risk, strategic risk and political risk. Following the establishments and listing all the possible risks, the organization can then make a selection of the risks that it mainly exposed to and then categorize them as either core or non-core risks. With the core risks defining the risks, the organization has to take to drive its Performance objective and the long-term growth vision statement. An example of a core risk is the operational risk. Non-core risks may not be necessary and may have the room for minimization of complete elimination.
- Risk measurement
Measurement of risk stipulates information on the quantity of particular risk exposure or a cluster risk exposure as well as the probability of a loss that may occur due to the exposures. On the measurement of the specific risk exposures, it is critical to factor the impact of that peril on the overall risk shape of the organization.
The various risk may provide diversification of advantages while others may not. Something else that is important to consider is the ability of measurement of an exposure, where some risks may be easy to measure in comparisons to others. For instance, market risk can be evaluated and measurable using observable market prices. In contrast, measurement of the operational risk involves the consideration of both an art and a science.
The specific risk measurements frequently give the profit and loss influence that is expected if there is a slight change in such risk. They may also provide information on how volatile the profit and loss can be.
- Risk mitigation
After the categorization and measurement of the risks, a firm, therefore, can make a decision on the risks to be eliminated or minimized and evaluation of the amount of risk core to retain. Mitigation of risks is achievable using the outright sale of assets and liabilities diversification, buying of insurance or hedging with derivatives
- Monitoring and reporting risk
It is crucial to report steadily on certain and aggregate risk measurement to ensure that risk levels endure at an optimal level. Financial entities trading daily are likely to generate their risk reports daily, with other firms requiring less frequent reporting based on the frequency of their reports generation. The risk reports are expected to be submitted to the risk personnel who have the authority and knowledge to make adjustments or instruct for adjustments on the risk exposures.
- Risk governance
It defines the process which ensures that all the company employees conduct their duties in liaison with the risk management framework. Governance of risk deals with the involvement of definition of the roles of all the employees, the delegation of responsibilities, as well as the assignment of authority to individuals committees or the management board for the approval of the core risks, exceptions of limits, risk reporting, risk limitations besides for the general over sighting.
Efficient risk management performs a critical role in any of the organization’s pursuit of financial equilibrium and superior achievement. The embracement of a risk management framework that colludes with the best practices of the organization risk culture can act as the pillar of a business entity’s financial future.
Risk mapping
Risk mapping represents analysis equipment in which the risk exposures are connected to the relevant components in the business process. Development of such material needs the event of a methodology of identifying and coverage of all the prevalent risks. From where the mapping will grant the firm a go on for an analysis of the causes of operational failures and the connection with the consequent financial drains to the part of the institution at the origin of the difficulty. In return, this will provide a critical step for precise measurement and reporting of the equivalent operational risk exposure and foreseeing and stating upon, i.e. within the internal controls and the management equipment. Such disclosures which are not in line with the firm’s risk appetite. Risk mapping is the core for the operational risk, unlike the credit and market risks which is not product particular.
Mapping of risk is cumbersome for various reasons, within which all can be put in a summary by reminding ourselves “the map does not define the territory”. Despite the much accurate measures we put in our analysis, it is not precisely what is going to be written in the manual. Some of the most relevant dimensions are inclusive of;
- People: processes are frequently affected by the people despite formal inputs that are formalized in the process are adaption, interpretation, and improvising of the response to the prevailing circumstances.
- Specialization: a small section of people have the insight and the understanding of the specific business processes and their interactions with other environments such as people and systems within the bank. If one of the people is absent or leaves for a moment, there appears a potential for an operation failure
- Processes: processes are after changes that arise indefinitely and at undefined time preference this subjecting the mapping to obsoleteness in almost an overnight affair after it has been completed.
Risk Appetite Framework (RAF) for Operational Risk management help on Fintech organization increasing its value
The financial technology is continuously investing in the innovations that have created exciting new products receiving support from customer preferences. Additionally, most fintech have found themselves optimizing their business model by developing new products as related to the customer preferences and needs and in their partnerships with firms that are more regulated such as banks. Evolving fintech risk management functions is tasked with an address to the potential exposures that are created by their innovations, partnerships also the developing financial and regulatory market developments. Concerning this aspect, there is a pressure that is amounting to the fintech firms on the elevation of their risk management abilities, inclusive of the establishment of a responsive operation risk as well as a responsive program. A case of pressure is regulator expectations which enforce the traditional financial firms on considering risk assessment and management of the effects of fintech’ in their institutions. Where many fintech find themselves working towards the achievement of robust risk and compliance abilities. Similar to the other investments, efficient risk and compliance management spend involving the cost-benefit analysis. It is, however hard sometimes to measure not until the noncompliance is apparent to the public regulators. The more the fintech are gaining momentum and attention from the regulators, they are expected to have a compliance and risk abilities weighting their strategy and operations
Elements for a risk management approach
Fintechs with the urge of becoming a bank or else expanding their portfolio of the bank like products and servicing and partnership with other traditional financial services organizations are expected by the regulators to have a risk. As well as compliance framework sufficiently addressing the inherent, that is in line with their operations in the business. Effective adoption of the risk and compliance aspects by the fintech firms places them in an advantageous rank for collaboration with other banks and financial service institutions who have the requirements of having robust risk management executions in place. Fintech is deemed to get it right and gain the potential of saving costs by embracing the advantage of synergies within and among risk domains and designing their ability to cut across the as shown
Risk and compliance program framework
The framework is developed from the regulatory requirements and expectations consisting of the capabilities responding to the inherent risk of the operating business.
People and culture
The program of risk and compliance management is in line with the company’s culture and can be operationalized to ensure it meets the regulatory and industry requirements. The company culture is empowerment to its people for effective management and achievement of the business goals.
Business risk strategy
The risk and compliance strategy is about the organization’s strategy, where the risk management has a share on the table. Risk management contains a view and advises the management committee about its strategy.
Governance and policy
Transparent and well-established responsibilities, roles and decision rights are supportive of the risk culture and strategy.development committees with well-defined roles of advising or decision making on their remittance are understood. The policy framework is in place, and implementation is effected in line with the culture and strategy or the regulatory expectations and the soundness in the risk management practitioner.
Risk assessment and regulatory change
Implementation and control evaluation, together with the understanding of the regulatory expectations, do exist through a successful customer journey. With associations of controlled vulnerabilities in conjunction with applicable regulatory restrictions known controllable and adoption of an established change process.
Monitoring and testing
A control test and monitoring assessment where high risky activities and their applicable report on issues are established in addition to the establishment and implementing of the leading performance indicators, and the key risk indicators face monitoring thresholds.
Data capture
Consistent capture, measurement and data reporting informing the management and its board on the decisions that have been put in place.
Issue management
Decisions on issues at the various levels inclusive of the business risk management, executive management or the board are identifiable and escalated. With focus majoring on the identification of the systemic issue and resolution on the issues arising.
Risk appetite framework for the risk management program
Definition of the roles and responsibilities within the governance model
- A well-defined risk and compliance governing program can establish the lowest standards or guidelines for the committee activities, inclusive of the development of the committee charters or templates to ensure they meet the list of the minutes in their meeting. Such consistency in the construct will enhance the support of the committee designing and aligning following the firm’s efficiency on risks such as the establishment and monitoring of the firm’s risk appetite. The risk framework model empowers the organization and its management on determining the risk weight that the fintech is willing onboard for cases such as fraud risk.
- Understanding the risks applicable and ranking them
Fintechs institutions are subjective to multiple risks models inclusive of the compliance, credit, reputation operation and liquidity risks. Therefore attention has to be developed on identifying and placing a scorecard about the certainty of activities that are undertaken. Managers of business organizations can outline the risks related to the activities of the firm. A critical example is the mapping and creation of the business processes at the same time noting out the vulnerabilities and the regulatory specifications. Moreover, the nature of business concerning its operations will provide a highlight on the specific risks which are more critical than others. The ranking will help in the derivation of priorities and adoption of the suitable risk treatment solutions with the help of cooperative management where an action is taken on the prioritized risks.
Evaluation of the control environment
Once the risks that are facing the execution of the duties and functioning of the organization, i.e. production risk through the methodology of ranking risk and its framework, with the following step being the determination of creating the controls to the risks and exposures and identification of the gaps. Where the most common methodology of the financial services industry is the completion of risk and conduction of the control self-assessment that allows the business in determining the current state of its control environment through the evaluation of the existing documentation controlling the design and operational efficiency. The process is vital as it helps identification of control for the vulnerabilities and controls that are missing and provision of the opportunity for the organization in evaluating whether control is necessary for the residual risk mitigated by the other existing controls.
Evaluation of risk and response option
After the risk assessment has been conducted professionals on the matters of risk can evaluate the results of consistency and accuracy of the ratings and the scope of coverage of the controls identified through the understanding of the greater firms. After the commonalty issue has been identified, the results can, therefore, be aggregated by theme where the overtime trending analyses can be performed for identification of instances of both the increasing and decreasing risks. Thus creating information on the trends and contemporary issues, the testing plans, resource management as well as deployment
Engagement of the control an effective communication and reporting
With the risk and compliance framework, the managing team can begin formalizing on the metrics in which they measure their risk management practices. The leading functional units, therefore, can then seek to strike a balance between the comprehensive value of the firm and the fiduciary duties under the relevant regulatory obligations
Through the process of growth, the fintech organizations are faced with the challenge of keeping the current risk compliance abilities commensurations with the organization operations and strategy. Limitations of the operational risks is a significant challenge that the institutions are going through which they are handling by the creation of a risk framework that helps them counter the functional problem. The suggested risk and compliance framework provide the firms with the expected structure that allows cost decision and structure efficiency, therefore, helping them carry on with market operations and increasing their expectations of risk management accountability and compliance.
Risk Appetite Framework for Operational Risk management guiding on decision making
The following are some of the challenges that financial institutions are facing the operational risk appetite
Expression of the operational risk appetite at the top of the house where the given multiple facets or subtypes of operational risks, with the absence of an underlying functional risk currency or the fact that the operation is managed in a decentralized way within the organization
Linking of the operational risk appetite to the operational risk capital was given the shortcomings of the commonly applicable measures approaches which can result to capital levels from the basis of historical losses which far exceeds the current prevailing appetite for operational risk
Allocation of the operational risk appetite all over the organization mostly in the scenario of qualitative expressions of the operational risks and the quantitative emotions that are subjective to the diversification of capital
Integration operational risk about risk appetite into decision making where requirement linkage of high-level statements to more significant granular risks and Performance indicators which are of meaning in the business level. Institutions now more than ever before need the establishment of risk appetite framework in the conduction of the development of the risk management program. Where management of the operational risk is consciously within the context of the amount of risk that the organization is willing to accept in conjunction with their strategic goals where the operational risk appetite is essential in enabling the realization of the concept. Where a strong and well defined operational risk management framework with the support of the risk and Performance indicators are the compulsory requirements for the efficient of the risk appetite framework in making of decisions along with the firm. In turn, the risk appetite framework is the pillar element for any strong operational risk management planning as it provides the context or calibration which allows the management in the placement of the operational risk decisions towards their strategic aspect.
Evaluation of change in investments on tools and resources after adopting the Risk Appetite Framework
Inclusion of an effective risk appetite framework strategy in an organization will have added the following specifications in the operations of the entity
- A transparent articulation of the business activities that the firm is willing and able to engage in operation based on the levels of risks that the company is capable and willing to assume in conduction of its activities
- An understanding of all the material risks that the firm has adopted both at the organization unit levels as well as in the aggregate
- An elaborated foundation of communication within the internal and external stakeholders of the firm where the usage of the firm-specific language that is understandable by the players of the firm through the terminologies used will enhance the risk culture preservation.
- Development of a framework that formulates the strategic and tactical business decisions and engagements that guarantees the firm profitability with minimum exposure to risk.
- Provision of a means of engagement with the management board towards the improvement of risk governance and the discussion and execution of risk from a strategic point of reference.
- Provision of the ability of measurement monitoring and adjustment where necessary. The real risks positions in comparison to the expressed risk appetite and facilitation of communication along with the key stakeholders.
The risk appetite framework is also expected to address the alignment of strategy and consideration of a forward-looking view of a firm desired risk shape in various aspects. Executive and senior management obliged to be actively involved with stable accountability structures, and well-set incentives and constraints should be put in place also the risk appetite statements. Require operationalization by the adoption of the right level of and information type enhancing strong internal relationships with the establishments of risk limits that have actionable input for the risk and firms managers. With the inclusion of the elements of conservancy and alertness in the mode of business operation, the investment on the tools and resources is subjected to change. Since there is a guarantee of operational effectiveness within the firm operations. Which assures the investors’ availability of positive returns from their investments. Due to the presence of sound management that has considered the management approaches that are sensitive to the effects of risks to the organization, such as the risk appetite framework.
Operational risk reduction if the RAF is applied
The risk appetite framework is a major and vital tool for the efficiency of the operational risk governance, by the creation of strategies, methods, as well as the behavioural context. The core component of reference in the risk appetite framework is the risk appetite statement.it is inclusive of written statement about the importance of risk tolerance for the achievement of the overall organization objectives. Where it includes the number of key figures and the qualitative aspects.
The opinions of the risk appetite framework are evaluated on the strong statements of the risk strategies-operational risk, that are broadly specified by the aid of relevant metrics and expectations from where they are consistently operationalized using the respective limits. Using the framework, a tone is set from the top going along with the top management organs defining operational institution associated with risk culture. After which the risk appetite framework creates the ability to harmonize the necessary elements for governing risks such as organization, behaviour, strategy or methods.
For the firm to realize the reduction of the operation risk, it is of great importance that the risk appetite framework be included in the following operational areas
- The interlocking of the firm with the risk strategies
In most cases, the business strategy of most firms defines the productivity of their operations or business parts that do not meet the standards of risk-bearing capacity and the expected regulatory ratios. However, through the adoption of the framework, which will ensure that the objectives of the risk strategy are met.
The framework is mostly focused on the ability to raise out awareness for tackling and handling the risks within the risk capacity. Concerning the organization strategy considering the derived risk appetite with drafted risk appetite statement, there is a definition of a scale to plan that it has to be compiled with. The process appears to be repeated in practice as the firms planning is related to risk appetite. Such process aids the framework to ensure there consistent in the organization and risk strategies. Thus prevention of the risks that may be taken without intent and mostly those that don’t fit the organization risk profile.
- Reporting
There is the necessity of aligning the reporting procedures together with the risk appetite statement, as it creates a clear information basis for the organization’s decisions. The formats have to ensure they broadly define the basic figures of the risk appetite statement attesting the limitations bound to the decision-makers. The reason being that the risk appetite has finally been operationalized employing limits to the decision-makers.
- Harmonization with stress testing
The framework is defined in two major interfaces to stress testing. Where stress testing and simulation ability is necessary for the efficiency of the risk appetite framework. This ability makes it easier to review the statement of the significant figures based on initial organization planning. Therefore the risk appetite can be evaluated in various cases to ensure that the organization meets the risks bearing capacity despite the stress case that is equal to the risk appetite. Well defined and specified case limits and targets are helpful to the management in the generation of the stimuli mostly by the ongoing stress tests.
- Staff communication
A different communication process has to be developed for the risk appetite framework, where the pronouncement within the fintech institution is of great importance for the efficiency and critical for the improvement of the risk governance. With a recommendation for the separation of the internal and external communication and not to simply provide the communication through the intranet portals. Development of the risk appetite within the business segments has the potential of supporting the intended group-certain communication.
How much of Operational Risk will reduce if the RAF is applied?
In operational risk where is the one under consideration in the RAF purposes, .it has a probable stricter relationship between the losses and returns or the business size than in other scenes. Generally, the fintech institutions have to change their processes, controls systems and evaluation of performances to manage the operational risk issues. Therefore, the top management has to make decisions if and how to make investments to mitigate operational risks. Thus meaning that in some context, operational risks is one of the significant drivers of changing how they conduct their business.so based on this concept, each organization requires a simple framework for supporting a business decision with detailed cost-benefit analysis.
Operational risk appetite framework that is integrated with banks stated business strategy and embedded along the critical decision-making process, therefore reducing the operational losses, risk-weighted assets, should efficiently control operational risks as well as monitoring the returns profile which requires in specific an integrated risk approach
In the most sensitive risk appetite frameworks, the operational risks included arising from a risk identification task which is carried out regularly by the institution mostly on an annual basis. The risks aspects that are covered by the risk appetite framework reflects the material risks of the organization business model. Therefore in this aspect financial intermediary can be applied;
- Capital absorption capacity where is the definition of a risk indicator that describes the level of capital allocated due to operational risk aspects that are defined in terms of: operation capital requirementtotal regulatory capital.
- Loss absorption capacity
Describes a risk indicator defining, for instance, the effect of operational losses on the financial statements and therefore on the gross income:
Operational lossesgross income.
RAF be application or implementation for various operational groups
Development of a basic and common understanding or language for the discussion of risk at the board level, management and also at business levels.
Promotion of risk awareness and enforcement of the desired risk culture within the fintech institutions.
Alignment of the business strategy together with risk management for the provision of equity within the financial operations and the risk control expectations
Quantification monitoring and reporting of risks for assurance that they lie within the acceptable and levels that are manageable
Accomplishing the needs of external stakeholders, for instance, the regulators, business partners and regulators. For the safety and soundness social and environmental sustainability.
Duration required to create and adopt the RAF for Operational risk management
There is no specific time duration that is specified for the organization in the development and adoption of a risk appetite framework for operational risk management. Moreover, the decision-makers are expected to take up the most appropriate time in testing out the effects of Performance and solutions of the risks exposures and how they will impact the operations of the firm in the long run. Therefore the executive is allowed the time preference of their suggestion which they feel is comfortable for them to make the best resolutions that are deemed to benefit the firm’s stakeholders from the pumping of the effects risk appetite framework to the organization’s operations.
RAF alignment to Business strategic goals
Protection and creation of value for the organization. The risk appetite defines out the quantitative measures and facilitation of analysis of the risk. Which helps the management in the development of informed decisions for the maximization of the risk-adjusted benefits for the shareholder.
Assurance of consistency within the risk appetite and the risk limits. Where both the financial institution’s agencies and investors are focused on if risk appetite is well projected with the risk limits that are set for the business performance. Economic menace shows out that some firms fail to do so.
Integration into business strategies and corporate culture. The risk appetite acts as a guideline for risk-taking actions. Putting the risk appetite narrative in mind for business decisions and Performance endures risk identification and monitoring.
Research design
Risk analysis is part and parcel of each decision that is made by fintech institutions. With experiences faced with uncertainty variability and ambiguity. Even though there is the availability of unprecedented access to information, there is no accuracy in predicting future occurrences. Application of the Monte Carlo simulation will enhance the institutions figuring out the possible outcomes of the decisions and access the impact of the risk, thus allowing for a more significant decision making through uncertainty.
Monte Carlo simulation
Describes a computerized mathematical technique allowing people and users to account for risk in terms of quantitative analysis as well as decision making. It furnishes the decision-maker with a broader range of expected outcomes with the probabilities due to occur for any choice of action selected, by showing the extreme occurrences, i.e. the consequences of adopting for broke or for the most conservative decision taken.inline with all possible results for the middle of the road decisions.
The technique conducts the risk analysis by developing models of possible results by substituting a range of values – a probability distribution for any factor that has inherent uncertainty. Afterwards, it calculates results over and over every time using a separate set of random values from the probability functions(in the research project, the bank data will involve the estimates made from two probability distributions. One being the severities with a single event effect and the other one being the period event frequency data). Depending on the number of uncertainties as well as the ranges specified for them. Monte Carlo simulation is involved in thousands of calculations recalculations before it is done. Through the application of probability distributions variables can have separate probabilities or separate outcomes that are occurring.
Within the Monte Carlo simulation values are sampled out randomly from the input probability distributions. Every set of the samples is known as iteration, while the resultant outcome generated from the samples is recorded. The technique of Monte Carlo simulation does this in a hundred and thousand times with results being a probability distribution on possible outcomes.in such a way the simulation technique can provide a more comprehensive perception of what is expected to happen
Monte Carlo simulation raises a variety of advantages to the organization that embraces its use in the development of their future outcomes through;
- Probabilistic results. The results drawn do not only show what could happen but also how likely is each issue.
- Sensitivity analysis.in the deterministic model, where there are few cases under considerations.it is challenging to establish how the variables impact the outcome. Whereas in the Monte Carlo simulation, it is easier to determine the effects of the inputs.
- Graphical results. Through the data that Monte Carlo simulation generates makes it easier for the creation of graphs of separate outcomes and their probabilities of happening. This is significant for communicating findings to other stakeholders
- Correlation of inputs. Through the Monte Carlo simulation the possibility of modelling interdependent comparisons between input variables.it is substantial for accuracy to represent how in a real situation
Correlation and regression analysis
Regression defines a statistical procedure allowing a researcher to conduct estimation on a linear or straight line and relationship relating to two or a variety of variables. This method is used in the finance sector investment and other fields that try to establish the strength of the comparison within one dependent variable (denoted as Y) and a series other variables that are classified as independent variables.
Regressions analysis is of importance to the investment and financial management in the valuation of assets and understanding how related variables are. For instance, the relation of the operational risk with profitability. Which is generated from the study of the data that is available on the operational risk data exchange association, which gives an insight to the financial institutions on the Performance of the related variables in conjunction with the organization realizing its objectives. Simple linear regression is the type of regression that is best suitable for the operation of the project since it uses one independent variable in the explanation or prediction of the outcome of another dependent variable. While other cases using the multiple linear regression that uses two or more variables that are independent for the prediction of the result.
The regressions can be expressed in the following forms;
Simple linear regression: Y =a+bX +u
Multiple linear regression: Y=a+b1X1+ b2X2…….bzXz+u
Where:
Y –is the variable being predicted on (profitability)
X-is the variable used to predict Y (operational risk)
a-represents the intercept
b-represents the slope
U-shows the regression residual
Correlation
Defines a statistical tool that shows if and to what extent strongly pairs of variables are related. For instance, operational risks and profitability. The higher the operational risks are, the lower the profitability of the firm due to the fear of investing in such projects by the investors due to the fear of losing their capital easily in case of failure which highly predictable.
Creation of hypothesis
Establishment of the dependency within the operation risk and profitability. Where the evaluation of other financial intermediaries derived concrete evidence supporting the relationships between the two phenomenons;
Capital absorption capacity: which is one of the risk indicators that derive the level of capital that has been allocated to the operational risks aspects and is expressible in terms of total regulatory capital and operation capital requirement (AMA and other internal approaches)
Absorption of loss capacity: defines a risk indicator that describes, for instance, the effect of the operational loses on the financial statements and therefore on the gross income; operational losses and total revenue.
The main focus of conducting out the hypothesis is for the creation of an insight that helps the executive management in relating the variables and the inputs and how they are related. After evaluation of their relationship, the administration is capable of creating a conducive environment for making reliable decisions that are critical in steering the objectives model of the organization.
Through the conduction of the above-expounded activities in the project provides the users of the captured information, with the essence of the information in the execution of the organization duties with diligence and assurance to the stakeholders that the firm has taken stern measures. When it comes to the handling of risk that the company may be exposed to and countermeasures to handle such cases if they prevail, thus assuring the stakeholders and investors that their investments decisions are within the safest business units.
References
- Goldstein, R. – McElligot, J. (2014): Risk Appetite. A Discussion Paper. Central Bank of Ireland
- Ed O’Donnell (2005): Enterprise risk management: A systems-thinking framework for the event identification phase.
- Jallow, A.K., Majeed, B., Vergidis, K. et al. BT Technol J (2007) 25: 168. Operational risk analysis in business processes.
- Sergio Scandizzo (2005): Risk Mapping and Key Risk Indicators in Operational Risk Management
- Feng Cheng, David Gamarnik, Nitin Jengte, Wanli Min, Bala Ramachandran (2005): Modelling Operational Risks in Business Processes. IBM.
- Azvine, B., Cui, Z., Majeed, B. et al. BT Technol J (2007) 25: 154 Operational risk management with real-time business intelligence.
- Yuqian Xu, Michael Pinedo, Mei Xue (2016): Operational risk in financial services: A review and new research opportunities.
- Karam and F. Planchet (2012): Operational Risks in Financial Sectors.
- Yuqian Xu, Jiawei Zhang and Michael Pinedo (2018): Budget allocations in operational risk management operations in financial services: processes, technologies, and risks
- Stanisław Strzelczak, (2007): Operational Risk Management.
- Sparrow, Adrian (2000): A Theoretical Framework for Operational Risk Management and Opportunity Realisation.
- Markus Leippold (2003): The Quantification of Operational Risk
- Jane Sarah Kam Yan Hui (2019): Market Risk and Operational Risk Towards Company’s Profitability.
- Paola Leone, Pasqualina Porretta, Mario Vellella (2018): Measuring and managing operational risk, An integrated approach.
- Lamanda, G., & Võneki, Z. T. (2015): Hungry for Risk. A risk appetite framework for operational risks. Public Finance Quarterly, 60(2), pp. 212–225.
- Financial Stability Board, FSB. (2013): Principles for an Effective Risk Appetite Framework. Consultation Paper.
- Brian W. Nocco and René M. Stulz (2006): Enterprise Risk Management: Theory and Practice.
- I.Vasiliev, P.A. Smelov, N.V. Klimovskih, M.G. Shevashkevich, E.N. Donskaya (2018): Operational Risk Management in A Commercial Bank.
- Karwaski and U. Grzybowska (2017): Modeling Correlations in Operational Risk.
- Baldan, C., Geretto, E., Zen, F. (2014). Managing Banking Risk with the Risk Appetite Framework: A Quantitative Model for the Italian Banking System. MPRA paper.
- Assem Tharwat1, Ramadan A. ZeinEldin2, Hamiden Abd El-Wahid Khalifa and Ahmed M. Saleim (2018): Fuzzy Risk Measure for Operational Risk.
- Committee of Sponsoring Organizations (COSO) and ISO 31000 publications.
- Frost C, Allen D, Porter J and Bloodworth P: ‘Operational risk and resilience: understanding and minimizing operational risk to secure shareholder value’, Price Water House Coopers (2001)