Development of operational risk management methodology

Go back

Operational risk, inherent in every business activity and process of a credit institution, holds a significant place in the risk management system. The Bank of Russia places particular emphasis on both the requirements for organising procedures to manage this type of risk and the methods for assessing and controlling the volume of operational risks.

FBK assists in bringing a bank’s operational risk management (ORM) in compliance with the requirements of Bank of Russia Regulation No. 716-P “On the Requirements for the Operational Risk Management System of a Credit Institution or a Banking Group” dated 8 April 2020, as well as in integrating provisions from Bank of Russia Regulation No. 787-P “On Mandatory Requirements for Credit Institutions to Operational Reliability in Banking Activities to Ensure Continuity of Banking Services” dated 12 January 2022, and implementation plans for GOST R 57580.3–2022 and GOST R 57580.4–2022.

The services for developing an operational risk management methodology at credit institutions may include:

GAP analysis of the operational risk management to assess compliance with regulatory norms, the bank’s risk profile, and the nature and scale of its operations.
Evaluation of ORM effectiveness.
Refinement of specific operational risk (OR) management procedures.
Development of approaches for allocating KRI values (key risk indicators).
Design of a methodology to assess losses from OR events.
Development of KRIs for specific OR types.
Assessment of the quality of OR event database maintenance.
Development of self-assessment and scenario analysis methodologies for specific OR types.
Integration of operational reliability requirements into the ORM.
Evaluation of data quality in information systems supporting critical processes.
Formulation of an information systems policy.
Upgrading the information security policy to meet the latest regulatory standards.

Upon completion of the development of operational risk management methodology, the client receives:

Drafted or updated internal documents compliant with the latest regulatory requirements, including the operational risk management policy, information security policy, and information systems policy.
Recommendations and suggestions for improving the ORM.
Proposals for establishing and monitoring KRI methodologies.
Templates for conducting OR self-assessments and scenario analyses.
Minimisation of regulatory risk.
Reduction of the risk of downgrading the Bank of Russia’s assessment of the risk management indicator (PU4) in accordance with Bank of Russia Ordinance No. 4336-U “On Assessing Banks’ Economic Situation” dated 3 April 2017.
Optimised risk management and control line efficiency in line with the nature, scale, and risk profile of the credit institution’s activities.
Reduced losses from operational risk events.

Our advantages

Expertise

FBK experts have a proven track record in developing operational risk management policies and procedures for credit and non-credit financial institutions of varying scales, nature, and specialisations. This includes expertise in addressing operational risk holistically, as well as specific risks related to IT systems and information security.

Individual Approach

FBK’s opinions and recommendations are tailored to factors such as the type, scale, and nature of operations, the institution’s sensitivity to external factors, and the target maturity level of the processes under consideration.

Expert Team

FBK experts possess hands-on knowledge of the intricacies of diverse business processes within financial organisations, coupled with extensive experience in their integration and optimisation.