Change Management is one of the 11 key principles mandated by the Basel Committee for the sound management of operational risk. The subject is of particular importance now, in the age of regulation, when so much change is driven by the new regulatory requirements. Gail Danvers, Director at PSD and specialist in Risk and Governance executive recruitment, recently hosted a workshop to explore the operational risk management side of change.

Puzzle Pieces reduced V
The aim of the workshop was to educate and debate with other risk professionals on the subject of Operational Risk Assessment of Change.  Helen Pykhova Director of the Op Risk Company, co-hosted the workshop.  Helen, a practitioner with over 20 years' experience in financial services, is well-known in the industry as a respected Operational Risk trainer, as well as being Chair of the Operational Risk Committee of the Association of Foreign Banks (AFB) and Director of the Institute of Operational Risk, responsible for the Institutes Educational portfolio.

Attending the workshop were risk professionals with a wide range of experience, from people at the very start of their careers in risk management, through to senior risk professionals operating at the Head Of and C-Suite level.  The reason for this was to truly utilise the opportunity for shared learning in a comfortable workshop environment and to enable the attendees to learn from one another, but also to encourage new ideas and viewpoints.

The workshop highlighted challenges within change management such as a lack of monitoring of risks following approval and an absence of formal post-implementation reviews. In addition, Second Line of Defence roles are often inadequately structured and there is an absence of a holistic definition of “change” leading to the governance framework not covering all types of change.

In a live poll during the workshop only 19% of the group indicated that their firms do use an Operational Risk system or software that includes a 'Change' module. Only 40% responded that 'significant' change is defined and consistently risk assessed.

As a result of the discussion and debate, the group summarised on the following four points;

  1. How to define the thresholds above which the 'change' must undergo a risk assessment

    There are a number of parameters to define the thresholds such as;

    • Cost
    • Resource (number of people)
    • Criticality of tools / systems involved
    • Regulatory / legal / customer impact
    • Impact on business objectives
    • Is change within risk tolerance / appetite.

  2. What tools are best suited to assess how 'risky' the change is?

    When asked what tools are best suited to assess how “risky” the change is, the group summarised;

    • Specific risk assessment for the change initiative, usually conducted to support the 'Go/No-Go' decision - via RCSA (Risk and Control Self-Assessment) or ORA (Operational Risk Assessment);
    • Alternatively, the change becomes a trigger to revisit existing firm's RCSAs (as an example, for regulatory-driven change);
    • Scenario analysis - to examine what if? extreme but plausible outcomes, change KRIs and analysis of Operational Risk incidents;
    • Central 'Product and Change' office and change risk team (or for agile, embedded risk specialists), stepped governance based on the size and scale of change.

  3. How to Transition Risks and their Ownership upon Completion of the Change Programme into BAU:

    It was discussed amongst these risk professionals that the most effective way to do this is to involve BAU managers from the beginning, communicate effectively and provide training and education on the change with regular frequency. Changed processes need to be documented and validated by sponsors and BAU teams, and there should be defined indicators on performance and risk, transitioning remaining risks at the point of sign off.

    “Understanding the impact of multiple changes and the speed and ability of the firm to implement them is integral.”
  4. Too Much Change Overall? How to assess the aggregate impact of change on the risk profile of the firm:

    Assessing the aggregate impact of change on the risk profile of the firm was also discussed. Understanding the impact of multiple changes and the speed and ability of the firm to implement them is integral. Staff surveys and evaluations on expertise, knowledge and availability will help to determine whether the firm can cope. RCSAs may highlight a lack of resources or lack of process understanding in assessing how change is impacting the risk and control environment.

The workshop was a great success and created a truly engaging environment and generated useful discussion around this subject, which is crucial to ensuring that transition is well-controlled, and that existing processes are not stressed and weakened.
“An excellent workshop which allowed Op Risk professionals from various industries to interact with each other and to gain from each other's own experience.  A very good presentation from Helen Pykhova to introduce the subject. This is a much better way to learn from and interact with people's experiences rather than just listening to presenters for a couple of hours.  Helen is exceptionally experienced and a great presenter and is very good at getting other people involved in the process.”
John Dick - Head of Risk, Bank of Communications

At PSD we have been recruiting Board, Senior Management and Executive Director Level within the Banking & Financial Services sector for a number of years. Our team of highly experienced recruitment consultants have an exceptional knowledge of the Banking & Financial Services sector and a strong network of candidates, with track records of achievement in this and allied sectors.  We recruit across the UK and Europe, and work on both permanent and interim roles and operate in most functional disciplines.

If you are interested in discussing the recruitment of risk management professionals, please contact our Head of Global Banking & Financial Services, and Risk & Governance executive recruitment specialist, Gail Danvers