OpRisk Europe's Regulatory Keynote: Lyndon Nelson
Deputy CEO & Executive Director,
Regulatory Operations and Supervisory Risk Specialist,
PRUDENTIAL REGULATION AUTHORITY (PRA)
Mr. Nelson will be presenting his keynote address at 9:30 am on Day Two, 13 June.
1. This year's conference theme is 'next generation operational risk management'. In your opinion, how will the industry move forward?
It is an exciting time for those involved in operational risk management and the right moment to look forward. The Basel Committee has made changes to the way Operational Risk is treated for capital purposes by banks and regulators and are also moving forward in their thinking on Operational Resilience. A number of risk surveys indicate that operational risk and cyber are now some of the very highest risks with which boards and management are dealing. It is important that regulators begin to set out their expectations on operational resilience and cyber and we, in the UK, expect to be doing that shortly.
What is the one thing that might help the industry move forward? An acceptance that it is impossible to predict and then mitigate every possible operational risk. That means we need a mindset that pre-supposes that disruption can occur across any part of the infrastructure. This requires testing resilience and the ability to recover from a variety of severe but plausible scenarios. We expect firms to attach the highest priority to maintaining delivery of essential services regardless of the cause of the disruption.
2. What are you most excited about for the future and what can the next generation of op risk managers look forward to?
The next generation of operational risk managers will be pioneers and what can be more exciting than that? Operational resilience will be seen to be on a par with financial resilience and a key part of a firm's risk profile. This will be transformational for many organisations and should over time be a key differentiator. The next generation of operational risk managers will be pioneers and what can be more exciting than that? Operational resilience will be seen to be on a par with financial resilience and a key part of a firm's risk profile. This will be transformational for many organisations and should over time be a key differentiator. Might I also flag that we will be publishing our thinking around operational resilience around summer time? I'm certainly looking forward to it! I hope that it will provide an opportunity to increase understanding, collaboration and the development of the sector's approach to operational resilience. Equally important is that it will be an opportunity to hear from industry and help us to learn and then adapt our approach.
3. What in your opinion is going to be the biggest challenge for the operational risk industry as we move forward?
The modern financial system is clearly a complex system with multiple components and an exponential number of dependencies that ceased to be fully transparent to users or regulators a long time ago. In the financial space, we are already well aware of the increasing challenges of measuring risks in such a system. The impact of any given shock is hard to predict if multiple transmission channels are in play and losses in one part of the system can trigger losses in another part. Those interested in operational resilience face no less of a challenge. It is also a complex system and it too becomes difficult to predict the impact of an operational disruption and consequently difficult to judge where to allocate scarce resources to build resilience.
4. Please can you give us a glimpse into your keynote speech at the upcoming 20th annual OpRisk Europe conference?
I have four key messages:
- The great importance the financial authorities attach to operational resilience. We recognise that financial stability depends on the financial sector being able to provide key services to the real economy.
- Firms need to focus on those business services that they provide to the real economy. They need to consider and determine their own tolerance for operational (and cyber) disruption and test against those tolerances;
- The UK supervisory authorities view operational resilience as a key pillar of their regime - for the PRA that means it sits alongside financial resilience and governance; and
- Firms' boards are accountable for their firms' operational resilience.
5. Speaking of sessions, which of the other sessions at OpRisk Europe are you looking forward to?
I'm particularly interested in the War Games session. I've run a number of War Games myself so know their importance in framing an approach. A good War Game should leave you with more questions than answers and the value is then answering those questions so that you are better prepared should you have to play for real. We see a scenario-based assessment of firms' resilience as a key element of the future of operational resilience.
To learn more about our War Games and scenarios, view the programme here.