Beginning to End

Operational risk is often thought to be limited to losses that can occur in operations
or processing centers (i.e. where transaction processing errors can occur). This
type of operational risk, sometimes referred to as operations risk, is an important
component but by no means all of the operational risks facing the firm.
Operational risk can arise before, during and after a transaction is processed.
Risks exist before processing, while the potential transaction is being designed,
during negotiation with the client, regardless whether the negotiation is a lengthy
structuring exercise or a routine electronic negotiation, and continues after the
negotiation through various continual servicing of the original transaction.
A complete picture of operational risk can only be obtained if the activity is analyzed
from beginning to end. Take the example of a derivatives sales desk shown in Figure
12.2. Before a transaction can be negotiated several things have to be in place, and
each exposes the firm to risk. First, sales may be highly dependent on a valued
relationship between a particular sales person and the client. Second, sales are
usually dependent on the highly specialized skills of the product designer to come
up with both a structure and a price that the client finds more attractive than all the
other competing offers. These expose the institution to key people risks. The risk
arises from the uncertainty as to whether these key people continue to be available.
In addition, do they have the capacity to deal with an increase in client needs or are
they at full capacity dealing with too many clients to be able to handle increases in
client needs? Also do the people have the capability to respond to evolving and
perhaps more complex client needs?

The firm is exposed to several risks during the processing of the transaction. First,
the sales person may either willingly or unwillingly not fully disclose the full range
of the risk of the transaction to a client. This may be a particular high risk during
periods of intense pressure to meet profit and therefore bonus targets for the desk.
Related to this is the risk that the sales person persuades the client to engage in a
transaction that is totally inappropriate for the client, exposing the firm to potential
lawsuits and regulatory sanctions. This is an example of people risk. Second, the
sales person may rely on sophisticated financial models to price the transaction,
which creates what is commonly, called model risk. The risk arises because the
model may be used outside its domain of applicability, or the wrong inputs may be
used. Once the transaction is negotiated and a ticket is written, several errors may
occur as the transaction is recorded in the various systems or reports. For example,
an error may result in delayed settlement giving rise to late penalties, it may
be misclassified in the risk reports, understating the exposure and lead to other
transactions that would otherwise not have been performed. These are examples of
process risk. The system which records the transaction may not be capable of
handling the transaction or it may not have the capacity to handle such transactions,
or it may not be available (i.e. it may be down). If any one of the steps is outsourced,
such as phone transmission, then external dependency risk arises.
The list of what can go wrong before, during, and after the transaction, is endless.
However, each type of risk can be broadly captured as a people, a process, a
technology risk, or an external dependency risk and in turn each can be analyzed in
terms of capacity, capability or availability.