Commentaries and insightful analyses on the world of finance, technology and IT.

« Comprehend(ed), manage(d)! | Main | Blurring Risk boundaries »

Op Risk: Containing the loss continuum

A few days back, my boss asked me.... (Argghh!!...Let me stop myself right there! Are too many people using this line? Hmm.... the bosses get the brightest of ideas, after all)..."Have you ever thought about how a ship or submarine's damage control mechanism works?" What resulted is one of our finest implementations yet.

Traditionally, in the OpRisk world, the loss from a risk was thought of, as being one isolated event (say loss of revenue from system downtime). However, the reality is much different, take for instance, rogue trading, which in many a case, has resulted in a series of losses before being unearthed. The key to effective control is to monitor and react whilst ensuring there is always a fall back for worst case scenario. The biggest risk is being blithely unaware of a looming vulnerability. Let's take the popular instance of laptop theft - sure, data encryption could be prescribed and implemented, physical security beefed up; but that does not rule out the possibility of laptop going missing or data remaining unsecure. In this case, even if invoking access prevention, remote data purging etc fail, the business could make arrangements to reduce or eliminate some costs, say legal (eg: data confidentiality).

In this context, we created a concept, "Contained Damage" which is also an integral part of our risk management platform. Imagine an entire gamut of systems working like a neural network - slightest signs of trouble sensed, impact points delineated (by process maps), damages estimated (using algos), slew of preventive mechanisms kicked in (based on criticality of impact areas and predicted losses) and relevant people notified. (I'll save how this works, for a later post). Contrast this with a vessel - a series of 'flood gates' are activated on impact and damage is contained to a small portion between two gates. When one gate fails, the next provides resistance, still limiting damage. Meanwhile sirens blare and parallel evacuations ensue.

In short, be aware of vulnerability, contain the damage, have a safe 'wrangle out' strategy.

Have you ever thought of it this way?

Comments

There is a definite cascading effect that an event could create a vulnerability that may set off a string of damages - Very valid point - though I would say, it may not be limited to the same "type" of damage, for instance may not be just repetitive loss from continued rogue trading.

The neural network strikes as quite innovative, Sure, oprisk mgt has to traverse pure data integration into oprisk loss data warehouses.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter