Scroll

Insights and News /

01 December 2020 6 min read

The impact of Covid-19 on operational risk management

Matt Moloney

Matt Moloney
Senior Consultant | Financial services | London

Baringa Partners recently hosted a virtual roundtable event for operational risk specialists from across the industry. The event sparked some very interesting conversations around the key challenges firms are currently facing, particularly in terms of the impact of Covid-19 on operational risk management, which we will explore in this blog. Additionally to this, we discussed the relationship between operational risk and resilience which we will look to expand on in a separate post following our upcoming dedicated operational resilience roundtable on 10th December.

Our operational risk roundtable events are run regularly throughout the year, as well as our operational resilience roundtables. If you work in operational risk and are interested in attending, contact OpRisk@baringa.com.

Risk Exposure

Risk exposure for most businesses has notably changed in recent months, both increasing and decreasing. For instance, working from home has led to almost a complete reliance on virtual meetings and calls, meaning conversations are often completely unmonitored. As a result, there is an increased risk of sensitive information being shared, with less likelihood of detection. On the other hand, sharing of hard copies of documents has become almost non-existent, so the risk of sensitive information falling into un-vetted hands has decreased.

Attendees generally agreed that the number of risks they were exposed to, and the inherent risk level of those risks, has not been affected by Covid-19. The change in risk exposure has instead been driven by a reduction in the effectiveness of certain controls, and the ability to test these, during the Covid-19 period. Indeed, 90% of attendees felt that there was an increase in vulnerability to uncertainty around control effectiveness.

Control Testing

For many firms, testing of controls relating to third party suppliers has been particularly affected; without being able to make site visits, a firm’s ability to perform their own control tests of third parties has been hindered. In response, firms have had to rely on remote testing of controls, as well as placing a higher reliance on suppliers’ own control testing.

When reflecting on the lessons from Covid-19, it’s important to consider if you need to re-evaluate your list of key controls, and if previous effectiveness scores and testing processes need to be updated in light of this experience. It is also important to delineate roles and responsibilities to ensure that the monitoring and testing of controls is efficient and robust during both BAU and in periods of stress.

Risk Assessment Process

It’s worth considering making risk assessment processes more dynamic, so that if residual risk does change, this will be picked up quickly and dealt with before the risk can crystallise. This can be partially achieved by having the correct KRIs and KCIs in place to monitor real-time changes. Embedding a culture of frequent and thorough risk management within the business is also crucial, which is ultimately dependent on people.

Remote Training and Culture

Without the continuous learning environment that the office provides, the development of junior staff has been hindered. Remote on-boarding has impacted how the culture and values of the firm are shared and absorbed by new members of staff. In our virtual roundtable, attendees highlighted the difficulty in engaging staff in training when not completed face to face. This can have knock on consequences if, as a result, staff do not have the knowledge to effectively assess, monitor, or report risks. On a more positive note, many firms reported a flattening of hierarchy, as remote working has increased accessibility, enabling an ‘all in it together’ culture to develop in firms.

As the new way of working increasingly becomes normal, we will all need to adapt our training delivery, both to new and existing staff. You could look to undertake shorter but more frequent virtual training sessions, whilst also ensuring that sessions are interactive using virtual tools such as polling, quizzes or virtual breakrooms. You could also look to host less formal virtual drop-in sessions for both work and non-work related discussions, to try and upskill employees and maintain cultural values and a sense of community.

Our operational risk roundtable events are run regularly throughout the year, as well as our operational resilience roundtables. If you work in operational risk and are interested in attending, contact OpRisk@baringa.com.

The results from our annual operational risk survey will soon be published, which will provide further insight into firms’ biggest operational risk challenges of the year.

For more information, or for a wider discussion on operational risk, please contact OpRisk@baringa.com.