Posted: 20 Apr. 2020 5 min. read

Recasting Operational Risk in COVID-19

The COVID-19 pandemic is no Black Swan event, rather it is what Michelle Wucker describes as a Grey Rhino – highly obvious and highly probable, but still neglected. And as such it has meant that almost every company was unprepared and is now scrambling to manage the financial and operational capacity shocks that directly challenge their existing risk, control, and defence models.

As we navigate through this ‘respond’ phase - perhaps the most disruptive period of the crisis - we need to be prepared to be effective in our immediate environments and strengthen our resilience into the future.

The following seven themes require recasting as key risks to the financial services industry emerge as we respond to COVID-19:

1. Conduct: Effectively balancing obligations between customers, shareholders and other stakeholders will require leaders to make complex and sometimes difficult decisions for instance the complexities that are arising in areas such as managing between principles for responsible lending and assessing eligibility for assistance.

  • As such, organisations need to have clear, defined, defendable and robust processes for managing an increasing number of potentially sensitive customer requests. 
  • Managing hardship obligations and dealing with default will be of particular focus, especially where credit extensions are provided and related parties involved such as guarantors and joint accounts. 

2. Technology, cyber and data privacy:  With the sudden imperative to work virtually, where the industry as a whole pivoted their entire workforces in record time to access the organisations systems and information remotely.

  • This shift in working rhythm has meant a critical dependency on effective security, identity management, and system availability controls. Our Australian-based Deloitte Cyber Intelligence Centre (CIC), along with its network of 33 CICs across the world, has observed a material uptick in malicious attempts by third parties to penetrate client systems and access sensitive information. 
  • This includes phishing and ransomware attacks, remote working security risks and supply chain attacks, as well as delays in detecting and responding to cyber-attacks and an influx of cyber criminals.

3. Staff resilience: In this rapidly changing environment, a wave of ancillary health risks is coming to the fore. This means that organisations are obliged to ensure their staff members are appropriately supported and empowered in their resilience.

  • Many staff members will be experiencing new levels and forms of stress and uncertainty, driven by health, financial or the social consequences of distancing due to COVID-19. Leaders need to consider both what they need to do and evaluate whether they are doing enough to help their teams adapt and respond. 
  • Having a proper way to educate and support staff members who are struggling to make the right decisions in the current unprecedented environment, is key to ensuring the organisation pivots effectively.

4. Staff re-allocation: With the rapid shift in priorities due to COVID-19, organisations are increasingly moving ‘non-essential’ staff into essential customer services.

  • As such, there is a need to rapidly upskill staff members to ensure they understand their new roles, responsibilities and obligations. 
  • In tandem, organisations need to react quickly to on-board these staff members into their new roles to ensure continuity of essential services, including provisioning appropriate system access, monitoring compliance to processes, and documenting efficient and effective procedures for business critical service decisions such as hardship decisions. 
  • The focus needs to be on the processes and controls that must now be relied upon to manage these new ways of working.  

5. Fraud: In previous times of hardship, such as during the Global Financial Crisis, there were marked increases in fraud and financial crime.

  • With the additional banking and government relief measures being made available to businesses and individuals impacted by COVID-19, we may see similar trends occur. 
  • Although there may not yet be a clear estimate over how severe the fraud risk will be in this unprecedented environment, it is a continually emerging risk which needs to be adequately monitored over the coming period. 
  • Organisations will need to ensure their controls and assurance activities across hardship and relief determination processes are robust and effective.

6. Collateral: With the introduction payment deferral options provided to customers, there are heightened concerns over loan guarantees and the collateral underpinning the assets. These risks are further exacerbated due to:

  • Concerns over significant asset revaluations which could potentially lead to negative equity
  • Additional restrictions on the ability for organisations to access collateral, such as family homes, particularly given the sensitivities around vulnerable customers.

7. Implementation Risk: Significant and uncharacteristic changes to policies, such as automatic extensions of credit are happening rapidly in response to changing needs. As such, organisations need to ensure that their processes and systems can adapt and apply the changes to both customers and products in an accurate, consistent and timely manner.

While these risks will continue to evolve, organisations need to focus on the key controls they will rely on to rapidly and effectively respond to shifting business needs, risk exposures and community expectations.   

More about the author

Sean Moore

Sean Moore

Partner, Risk Advisory

Sean has over 20 years’ experience within institutional and investment banking. Prior to Deloitte, he was Head of Thought Leadership at Westpac’s Institutional Bank. As a Managing Director at Global banks, Sean held key roles included Global Head of Operational Risk, APAC Head of Product Control, COO of European Equity Trading, Head of Finance for Continental Europe and COO Australia. Sean's Advisory experience has focused on supporting Financial Institutions on Risk, Technology and Business Transformation.