The Volkswagen case shows us a contemporary case of what can go dramatically wrong when an enterprise does not focus on its operational risk. Worse, it shows what happens when a lack of leadership and presence of cheating overtake the virtues and values of the firm. Operational risk is a major concern for many firms and in particular for financial service firms.
It is important for risk leaders to focus on operational risk for many reasons. Let’s examine some reasons:
- Operational Risk is not tied to an investment with a direct upside. Unlike credit and market risk, where the downside exposure is known (or mostly known) at the time of investment, and an upside is projected, setting up an operation or taking on a new vendor introduces operational risk of an unknown and unforeseen nature. There is no upside, generally. Therefore, reducing operational risk is a direct monetary benefit to the enterprise. Removing operational risk requires knowing how and why it occurs, in the first place.
- Measuring Operational Risk requires acknowledging it. I once met with a CEO at a bank that told me, “We don’t have operational risk.” I remember telling him in response that until you recognize it as operational risk, you will see operational risk only as unexpected costs via project overrides, unexpected credit losses, and even lawsuits from customers. He informed me, “We have lots of that.” It is not about semantics. Operational risk is an error and unless you are looking for errors, it will simply look like your business, process, or systems have deviated from plan. Removing the error will be impossible from the investment decision to operate. If a loan process has missing data (a common operational risk) and the loans under-perform, the decision might be to shutdown the loan business entirely (not to invest) but the correct action is to fix the operational risk and process for collection of data. Not understanding and measuring operational risk will mean that business decisions are sub-optimal. Operational risk management is about removing the errors and making the business investment more precise going forward.
- Critical operations introduce the biggest operational risk. As in all industries, the desire to reduce costs and develop new products is with us constantly in financial services. Outsourcing and new business models have also brought new risks as costs have been removed. The pressure to move into new banking products, such as online, mobile, and RFID payments have introduced operational risks too. It is little surprise that Apple Pay experienced a fraud rate of over 6%, which is more than 60 times that of normal credit cards. Today, every bank and insurance executive fears that day they see customer data breached and shared online. A repeat of the Target case is nightmare for any business leader. Storing, accessing, and transmitting critical data are now some of the most critical decisions facing a financial institution.
- Operational Risk is at the root of reputational harm and regulatory risk. When asked, a risk leader, CEO, or board member will report that their greatest concern is harm to the reputation and customer. Next, it is a great concern that a regulatory body might target the firm for behaviors (real or implied) and penalize the firm accordingly, often in response to how a customer has been harmed. The way a business operates is tied to how it treats a customer and how it fails in providing the customer what he or she expected or was promised. Customers sue banks and insurers for their practices and enforcement when something goes wrong. That is operational risk. If you want to get a head of reputational harm and regulatory risk, focus on operational risk detection and prevention. Develop a plan to measure, manage, and lead operational risk.
How a firm operates and makes decisions is tied to how it manages internal decision-making processes. The management of such risk falls under Operational Risk Management. Operational Risk and self-inflicted damages are the cause of the greatest reputational harm. Through cases and simulations, we will explore all of these topics in the upcoming course Operational Risk Master Class: Measurement, Management, and Leadership.
About Russell Walker, Ph.D.
Professor Russell Walker helps companies develop strategies to manage risk and harness value through analytics and Big Data. He is Clinical Associate Professor of Managerial Economics and Decision Sciences at the Kellogg School of Management of Northwestern University.
His most recent book, From Big Data to Big Profits: Success with Data and Analytics is published by Oxford University Press (2015), which explores how firms can best monetize Big Data. He is the author of the text Winning with Risk Management (World Scientific Publishing, 2013), which examines the principles and practice of risk management through business case studies.
He has advised many leading institutions on Operational and Reputational Risk Management, including: The World Bank, SEC, Genworth, Capital One Financial, Discover Financial, PNC, The Bank of England, and the US State Department, among others.
You can find him at @RussWalker1492 and russellwalkerphd.com
 Deloitte, Global Risk Survey of CROs.
 Economist Intelligence Unit, survey of CROs.
Big Data Risks, Crisis Management, Cyber Risk, Data Breaches, Enterprise Risk Management, ERM, Operational Risk, Reputation, Risk, Risk Class, Risk Management, Risk Management Training, Risk Strategy, Social Media Risks, Winning with Risk, Winning with Risk Management