Operational Risk Governance
This chapter addresses the regulatory requirements for operational risk governance and provides alternative governance approaches that can be adopted. The roles and responsibilities of the first, second, and third lines of defense are outlined, as well as the roles and responsibilities of boards of directors, risk committees, and senior management. Finally, validation and verification requirements are introduced and explained.
ROLE OF GOVERNANCE
Appropriate governance is essential for effective operational risk management, and the people who are responsible for ownership of the operational risk management program will be unable to make a positive impact without a robust governance structure. An effective governance structure must be implemented to provide oversight of operational risk management and measurement and to ensure an effective route for risk escalation.
Governance holds the framework together, as illustrated in Figure 4.1.
The governance approach adopted by a firm needs to reflect the culture of the firm and must be practical in nature. However, it is not unusual for the creation of an operational risk function to upset the current overall risk governance framework.
One of the main potential challenges in developing and implementing effective operational risk management ...