Operational Risk Edification for Financial Institutions

Sep 10 - 16, 2007

Operational risk exists in every known operation of the world. It is since the emergence of last decade in 1991 the world became more conscious about gauging these kind of risks. These usually take many kinds and types in multiple disciplines according to their. The measurement of this kind of risks in respective disciplines has therefore become a science and its management an art!

In Pakistan, all other industries except Banking and Financial Institutions have been working to standardize their operational capabilities through conforming to the ISO certifications, but SBP and Financial Institutions have waken up very late to wok for themselves. For the industries, the government had made an effort to improve their operational efficiencies and to bring them in line with the international standards. At present Pakistan National Accreditation Council (PNAC) is performing the same sort of task by making a recommendation to the relevant accreditation committee to thoroughly review the case and recommend award of Quality Management System (QMS) i.e. ISO-9000 and Environmental Management Systems (EMS) i.e. ISO-14000.

Accreditation is chosen by an organization because of the competitive advantages it affords, through access to a given market via independent assessment and demonstration of compliance with international requirements. Organizations can be accredited to carry out a defined conformity assessment activity.

These activities include; Testing, Calibration, Inspection, Personnel Certification, Product Certification, Environmental Management, Systems Certification, and Quality Management Systems.

At the same time the following areas of operational risk have been laid down by International Convergence of Capital Measurements and Capital Standards known as (the New Accord) or BASEL-II; Risk from Inadequate Internal Processes; Risk from failed Internal Processes; Risk from people employed by or working for the organization; Risk from the System employed by the organization; Risk from external events

The definition of the operational risk includes the operational risk but excludes strategic, reputational and systematic risk.

Although the whole of this accreditation system has no direct or indirect relation with operational risk standards however, it includes almost all of the factors that have been described as to be accounted for managing such risks. The only aspect that accreditation system ignores is the risk stemming from external events. And the only risk that the definition of operational risks ignores is the environment risk. In this regard if we review the areas as pointed out by the Reserve Bank of India to be included in the parameters of operational risk which include; Technology Risk, Reputation Risk, and Operating environment Risk; then the picture becomes clearer about the correlation between ISO certification and operational risk compliance.

A graphical correlation analysis of the two approaches to certify the operations is hereunder:


The above graphical correlation analysis makes it clear that the ISO Certification almost accounts for all of the aspects of operational risk management. Therefore the State Bank of Pakistan and the Financials Institutions themselves should also adopt ISO certification guidelines with the slight modifications required according to their own requirements and should also make their customers adopt the same in order to comply with the international requirements.