Operational Risk Management: "Time For A Face Lift"

C Spielmann Op Risk

Craig Spielmann is the Former Global Head of Operational Risk at RBS Americas and Founder and CEO of RiskTaO, LLC. He will be one of many Professionals presenting at CFP’s Risk Americas 2015. He will be speaking on, "How much Data is enough Data?" as part of a Luncheon Roundtable Discussion and will be leading a Post-Summit Masterclass on, "Effective Risk Data Aggregation In The Post-Crisis World."

Here Craig provides key insights into effective use of Operational Risk Management. 

As a major risk discipline, Operational Risk Management (ORM) struggles to be relevant and respected. Corporations spend greatly more on AML/Compliance programs as a result of major regulatory fines and civil lawsuits that have cost them $Billions. ORM needs to change its image, product set and value proposition to successfully compete for corporate dollars. In other words, “a complete face lift.” 

At a recent ops risk conference, a Federal Reserve and OCC panel stated that “Operational Risk was the most critical risk” for the financial industry. My panel followed them. I asked the 250 attendees, “If anyone’s ORM budget was increased for 2015.” No one raised his or her hands. I followed up with a second question, “How many ORM budgets are being cut?” Half the room raised their hands. So what’s wrong with this picture? The most “important risk” and “least funded?” The answer is that corporations don’t spend valuable capital on perceived low return programs especially, when their profits are being decimated through regulatory fines. 

Management Slight

Another common sign of “perceived low value” is the constant senior ORM changes. It’s all too common, that credit risk people, who have little tangible ORM experience, replace a senior Operational Risk Manager. No disrespect to my credit risk friends, but they usually end up listening to the same people who caused the original manager to fail. Conversely, I don’t believe there is a bank out there that would appoint an ORM expert with little or no credit risk knowledge to lead a credit risk program. 

Take the “Blue or Red Pill”?

It’s easy to pass blame when you’re down but any great business “looks inside” for their failings. They build a “roadmap to success.” They take the “red pill of reality" from “The Matrix” and reinvent themselves or they take the “blue pill” and revert to a fetal position and wait to be abused and used. 

Brand Change

Lets start with the name “Operational Risk Management” and the image it projects. This name implies “back office.” Actually, the opposite is true. You’ve probably heard the edict “the business owns the risk.” When things go wrong it is the business that is impacted from losses due to fines, revenues, civil suits, and additional capital charges. So why would we focus our brand on the “non-risk owners?” Therefore, the name should be changed to “Business Risk Management (BRM).” That would clearly define the practice, products and services.

BRM represents the true “essence of our existence.” It could attract stronger talent, give credibility to the discipline and get senior business managers involved in the framework, which is essential to make it relevant and effective.


Another issue that is a major obstacle is recruiting top ORM talent. You need great people to have a great business. To improve hiring top talent, there is a need to attract high quality people at all levels. Would any top college business grad want a career in “ORM” or “Business Risk Management?” Would a senior business manager want to attend a meeting with the “ORM or BRM?” The answer is the apparent.

Strategic Planning/Proactive Risk Management

BRM will also create a natural access path to the businesses’ strategic planning which is essential to proactive risk management. You cannot add value if you’re assessing risk in the midst of a change that you are unaware of. It is like assessing the risk to a ship when it’s “tied up at a dock” when in reality, it is “already 500 miles out in the ocean.” 


BRM would assess and challenge the businesses goals, strategy and execution approach in line with risk appetite. This proactive approach is vital for strong proactive risk and business management, which are really the same thing. It also gets everyone involved maximizing profits and minimizing risk. In my personal view the biggest risk to any business is profitability. This “common theme” aligns the interest of all major stakeholders, which today is not the case. 


The vision is to have BRM play a key role to challenge the business’s goals upfront in the long term planning stage. Corrections can efficiently and effectively be executed with little cost. However, people with strong relationship, risk and business management skills are needed to build credibility and bridge the relationship, communication and perception gaps. 


Businesses pay “substantial fees” to consulting firms for business advice. The approach, outlined above can potentially shift a small portion of that spend to investment in effective and efficient BRM programs as the value proposition becomes realized.


Run Risk As a Business

The first question I always have asked the teams is “would you pay for your own services.” Many times the answer is “no.” I then run them through a business value proposition exercise to change that answer to “yes.” Regardless of regulations and other pressures, businesses will not pay for low valued services. ORM has relied on regulatory pressures for their existence for too long. The products and services that are being funded need to demonstrate real value and return for the business. There are many other challenges that I will save for another day such as capital modeling and allocation, inconsistency in approach towards materiality and frameworks. 


ORM can continue to “exist” due to regulatory mandate and die a “death by 1000 cuts” or can be positioned to run as an “effective and efficient business." As such, the industry has to look deep inside and adjust to reality. This starts with a vision, strategic plan and risk assessment designed to surpass all stakeholder goals. This change will take leadership and risks to transform the practice into a highly competitive, sought after and respected risk discipline. In my view, it is the only option. Isn’t it time for a change?

For further information including speaker line up please visit http://cfp-events.com/oprisk