IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager, Operational Risk, Financial Conduct Authority 1

What we will cover 2 –FCA overview –Relevance of operational risk to the FCA –How our focus on operational risk is different from the FSA

FCA Objectives 3 Strategic objective: –To ensure that the relevant markets function well Operational objectives: –To secure an appropriate degree of protection for consumers –To protect and enhance the integrity of the UK financial system –To promote effective competition in the interests of consumers In comparison, the objectives of the PRA are: –To promote the safety and soundness of banks, building societies, credit unions, insurers and major investment firms. –For insurers, to contribute to the securing of an appropriate degree of protection for policyholders.

FCA Scope 4 Supervise conduct of c.25,000 financial services firms Regulate prudential standards for c.23,000 of these firms Co-operation and co-ordination with PRA through Memorandum of Understanding (MoU)

FCA Supervision Approach 5 To ensure firms have the interests of their customers and the integrity of the market at the heart of how they run their business. Aim of Supervision Forward looking and more pre-emptive Focused on judgement not process Consumer focused Focused on big issues and causes of problems Robust when things go wrong More focused on business models and culture Orientated towards firms doing the right thing Greater emphasis on individual accountability Externally focused, engaged, transparent and listening Joined-up approach Principles Approach based on key principles Executed through coherent operating model Making life easier for consumers across their life cycles Embedding major interventions Preparing for the worst Looking further up the value chain Ensuring redress when thing so wrong Delivering real outcomes Enabling delivery of real outcomes

Definition of Operational Risk 6 Basel definition: “The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events” The interpretation of ‘loss’ can be extended beyond financial loss to include other aspects such as: –Loss to customers –Loss of integrity of the UK financial system

The example of mis-selling 7 Operational Risk IT systems failure Fraud Mis-selling Etc. Prudential-related Impacts Conduct-related Impacts Financial Loss Competition Damage to Physical Assets Reputational Damage Consumers Market Integrity Regulatory Fine Redress Consumer Detriment Revenue Foregone Firm Failure

What are our expectations? 8 Robust and effective operational risk management framework Second line of defence providing robust challenge FCA has not created new risks –Change in impact and likelihood? –New ways of managing risks? –Assessing wider range of operational risk impacts? Not just ‘a compliance exercise’

‘Typical ‘ Operational Risk Framework Elements 9 OR Taxonomy (definition, categorisation and terminology) OR Monitoring, Escalation & Reporting Risk Identification & Assessment OR Measurement & Quantification OR Appetite / Thresholds OR Governance & Culture (Policies, committees, allocation of responsibilities, challenge, performance appraisal, reward, etc) Internal & External Incident Capture Inherent Risks Risk & Control Self-Assessments (RCSAs) Scenario Analysis Controls Residual Risks OR Systems & Documentation

Possible enhancements to your OR framework 10 –Add customers and UK financial system integrity impacts to risk assessment methodology for RCSAs –Number of customers affected, measure of customer detriment etc. –Size of market affected, volume and value of transactions, significance to operation of UK financial system –Assess effectiveness of controls in managing risks for the customer –Include conduct impacts when capturing details of crystallised operational risk loss events –Enhance MI to give management a conduct perspective on risks the firm is exposed to

Questions 11