Operational Risk Management Framework for the Financial Sector
The need to improve operational risk management framework (ORMF) is something facing all banks. It is therefore critical to start diagnostics as soon as possible, so that organisations can gradually prepare for the latest ORMF requirements of the Bank of Russia:
- Regulation No. 716-P On the Operational Risk Management Framework Requirements for Credit Institutions and Banking Groups (“Regulation No. 716-P”)
- Draft Regulation On the Calculation of Operational Risk for the Capital Adequacy Ratios of Credit Institutions and Risk Compliance Oversight by the Bank of Russia (the “Draft Regulation”).
The new ORMF requirements set out in Regulation No. 716-P will take effect from 1 October 2020.
We will be happy to assist you with implementing the Bank of Russia’s new OMRF requirements.
1. Operational risk management diagnostics
We conduct diagnostics of your operational risk management frameworks (ORMF) using Deloitte’s maturity assessment model, which benchmarks the current state of your ORMF against the best international practices. We will use the results of diagnostics to identify areas for improvement and develop a roadmap for your target ORMF.
2. Building a stronger ORFM methodology
Our professionals will help you update your existing methodology or develop a new approach, tailoring them to suit the size and risk profile of your bank. We can:
- Build approaches to identify, assess and manage operational risks
- Develop recommendations for the existing operational risk assessment approach, including IT and cybersecurity risks
- Design/streamline operational risk management methodologies, including methodologies for IT and cybersecurity risks, to bring your organisation in line with Regulation No. 716-P, the Draft Regulation and the target ORMF model
- Develop/update bank internal regulations to ensure that they comply with Regulation No. 716-P, the Draft Regulation and the target ORMF model
3. Streamlining operational risk management processes
We can analyse the completeness of your risk events database and develop or improve operational risk management (ORM) processes to provide assurance of reporting submitted to the Bank of Russia. We can also update your internal regulations where changes are necessary.
4. Increasing process automation
Regulatory compliance may require increased automation in a number of areas such as:
- Capturing operational risk events
- Aggregating operational risk events
- Calculating key risk indicators (KRIs) and monitoring thresholds
- Stress testing
- Internal and external assessments
We can assist you with:
- Developing business requirements for the necessary upgrades in your information systems
- Identifying technology evaluation criteria and recommendations for selecting and implementing IT software
- Creating test cases for proposed changes to your information systems
- Performing testing
- Implementing information system changes or a new information system
Once the changes have been rolled out, we can assess whether the transition to the target ORMF has been successful.
5. Towards a stronger risk culture
A continuously evolving risk culture is critical when it comes to ensuring the completeness of risk event databases. We can organise training to help your risk management staff acquire a stronger understanding and deeper insights into risk management processes.