"Three Lines of Defense," Part 4
Presenter 4: Stephan Schenk, EVP and Head of Operational Risk Management at TD Bank
Implementing the 3LD Model in Banks
Interesting note: he doesn't agree that smaller firms can't do as much risk governance. He points out that smaller firms have smaller, simpler operations, and consequently their risks will be manageable by a small risk function.
He also contradicts the 3LD model to some extent. In a steady state, he agrees that the 1st line of defense should be the largest, then the 2nd, then the 3rd, and that all business functions should roll up into the risk management function. However if a firm is in crisis or after a major change like a merger, the opposite holds. The reason is that when the business is in turmoil, you need to put people who know that business in charge of solving the problem. The risk people are not the preferred resource in that case. So the risk governance function needs to be flexible enough to adapt to the needs of the business, that is, a crisis response process is required.
He notes that the second line of defense has an inherent weakness is that it will never be able to duplicate the expertise in the first line.
He advocates "inverting" the 3LD in this way, then, for new firms/recently merged firms.
Regarding operational risk, he views this as a major weak point. Predictive power in this area has been very low. Until something better is developed, his advice is to be ready for anything. One promising avenue is to conduct "near miss" analyses as opposed to just actual crises. He also notes that the key risk indicators we're all so fond of are more (really only) valuable in combination, rather than individually.
His final word of advice is to approach regulators as if they are customers. The aim is to build long-term relationships and earn their trust.
End Part 4.
No comments:
Post a Comment