The financial sector has pioneered when considering risk management as an integral part of business management. This was developed over the last 20 years due to the growth and complexity of its operations, advances in information technology, increased regulatory requirements and increasingly sophisticated competition, requiring quicker and more efficient business management while avoiding financial losses.

In this context, operational risk has taken great importance in managing businesses, because of its inherent nature within all operations, processes and functions of an entity.

Article 235 Section VI, paragraph f) of the Insurance and Bonds Institutions Act

Operational risk will reflect the potential loss for shortcomings or failures in business processes, on information technology, human resources or other adverse external events related to the operation, among which we can consider the following risks:

  • In carrying out the insurance, surety, reinsurance and rebonding.
  • Acting as fiduciary businesses linked to its activities.
  • Managing dividends, payments or reserves of an insurance contract with pension plans.
  • In operational processes for not complying with policies and procedures.
  • In legal proceedings for not complying with the laws and administrative provisions.
  • In systems of information technology.
  • Strategic decisions and reputation of the institution.

Risk Identification and Inventory

The fundamental action in management of operative risk management is the identification of external and internal factors that may result from events that adversely affect the institution; these events are known as Risks.

The main feature of the external factors is that the institution has no way to influence them, however, it can adopt strategies to mitigate or prevent its effects; an example can be inflation or natural disasters. On the other hand, internal factors are generated within the institution itself, and can be influenced to reduce their impact, examples of these: human error or charging incorrectly premiums.

The identification of operational risks can be done using several techniques such as: process analysis, workshops, among others. The historical information and forecast should be taken into consideration when choosing a technique; these will result from the formation of operational risk's inventory.

Measurement and assessment

The risk assessment is usually done considering two aspects: the probability or frequency of occurrence and their impact or effect applying qualitative and quantitative techniques.

Qualitative techniques consider the assignment of a valuation criterion: low, unlikely or very unlikely. Quantitative techniques are more sophisticated techniques that involve the use of historical information and detailed risk and can be probabilistic, non probabilistic and even based on benchmarking.

The results should be categorized into quadrants showing graphically the risks in the three criterions: low, medium and high. This will help to make the decision to accept, control, transfer, or avoid the assessed risks.

Supervision and control

The supervision and control will be performed by the areas and officials responsible for each process, and independently with the participation of the work of internal and external audit. The results will have the purpose of improving the effectiveness and efficiency of controls in order to better mitigate operational risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.