Skip to main content

Making operational risk personal

Having worked in in the risk and safety management area of the oil and gas industry I have seen, and in small part helped, some of the leading operators work hard on improving their safety culture.  The realisation in the industry has been that layers of processes and controls can only go so far. Front line staff need to remain aware of the risks they face and not become complacent such that they do not spot those small indicators that something is out of place.   So creating a culture that counters this tendency toward complacency, or risk normalisation, has been a focus for oil and gas operators.

The oil and gas industry is not the only one that faces risks that could lead to catastrophic losses and the removal of the licence to operate. Financial institutions have faced such losses through failures in processes and controls around rogue trading, mis-selling of products and failures in anti-money laundering controls.  The Basel Committee on Banking Stability (BCBS) as well as requiring banks to have sufficient capital to cover their market and credit risks also required banks make provision for potential losses from operational risks.  Reducing these operational risks, which include internal and external fraud, mis-selling, market conduct, physical damage to assets, business disruption and procedural errors, can be tackled using approaches used successfully in the oil and gas industry: a mix of policies, procedures and controls as well as a fostering a culture that from the boardroom to the frontline is aware of their role in managing the risks the organisation faces.

However, experience has shown that the cultural shift required in an organisation is easier to achieve in the oil and gas industry because it is much easier to personalise the consequences of failure.  Frontline staff are literally in the line of fire but even for non-plant based staff and senior management, the personal consequences of dealing with the death or injury of colleagues is relatable and in most oil and gas sites and facilities there will be people who have experienced that low point.

In banking, it has been harder to personalise the consequences of operational risk failures because, in the most part, the losses are "just money".  In taking some of the risk culture improvement approaches from oil and gas into banking, that ability to personalise risks has been a missing ingredient.

 The threat posed by certain aspects of Financial Crime, however, can be used as a call to action for genuine cultural change in banking.  The consequences for banks caught allowing criminals to use them for laundering proceeds of crime or being a conduit for the financing of terrorist activity are beyond tolerance levels.  Making sure the bank does not get used for these activities can also be a way to personalise operational risks for the entire workforce.  Everyone is aware of the social ills caused by crimes like drug dealing and would want to do all they can to stop it.  Similarly, no bank employee would wish to inadvertently assist the financing of a terrorist act that led to the death and injury of innocent people.

As a rising tide raises all boats, mobilising a banking workforce to be aware of their role in preventing their bank being used for serious crime, will also help prevent other operational risks.  Increased focus on areas like Know Your Customer (KYC) processes and unusual transaction identification will help tackle internal and external fraud as well stop the bank being used for drug money laundering or terrorist financing.

In any programme to improve operational risk management, banks should use the threat posed by serious crime to engage and mobilise the whole organisation in the change.

Comments

Post a Comment

Popular posts from this blog

Are safety KPIs counter-productive?

A colleague who works with a major international oil and gas company said “Safety KPIs achieve the exact opposite of their original intent”. Whilst he was undoubtedly being provocative to stimulate internal debate, the basis for such a bold statement can be seen in organisations that have comprehensive reporting mechanisms but still suffer from major safety incidents. Safety performance metrics face an inherent difficulty in that managers have a strong temptation to make their numbers as good as possible when they report their performance.   This will be true for safety just as it is for production, sales, financials and any other business performance metric.   Unfortunately, this tendency is the exact opposite of what is required for good safety performance.   A common theme in many of the major catastrophic industrial incidents is the fact that warning signs were there but were not reported.     If there is a bias that emphasises the good and glosses over the bad, there is li
Post a Comment
Read more

What I learnt...as Finance Director of a small UK motor car manufacturer

I was reminded recently of one of the more interesting episodes in my career when, for about twelve months, I was fortunate to be seconded to a small car manufacturer as Finance Director (both the cars and the company were small!).  It presented an exciting departure from my normal way of working but was also an opportunity to learn.  Here are the major takeaways for me from this experience: Collective executive responsibility Being part of the executive team meant that we plotted the course for the company and that we all bought into the strategy and the plan to deliver it.  We were making significant changes to the products, to the manufacturing process and to the supply chain and we all had to be clear about what we were doing, why we were doing it and how we were going about it.  Employees, shareholders, bankers, auditors and the press would be asking questions and we had to be consistent and clear in answering those questions but then in the actions and decisions we took. Vis
Post a Comment
Read more