6.5.2 Operational risk identification and management

Operational risk identification and management

Typically, Operational Risk events includes the following:

  • Internal fraud: Risk of unauthorized activity and fraud perpetrated within the organization
  •  External fraud: Risk of fraud or breach of system security by an external party
  • Employee practices and workplace safety: Risk of failures in employee relations, diversity and discrimination, and health and safety risks across the Group
  • Damage to physical assets: Risk of impact to the Group due to natural disasters including epidemic
  • Clients, Products and Business Practices: Risk of failing in assessing client suitability, fiduciary responsibilities, improper business practices, flawed products and advisory activities.
  • Business Disruption and System failures: Risk of not planning and testing business continuity and disaster
  • Execution delivery and process management: Risk of failed transaction execution, customer intake and documentation, vendor management and monitoring and reporting.

The BRMC is an independent sub-committee of the Board of Directors (‘BOD’) and has the responsibility to ensure the effectiveness of Group’s ORMF. With context to Operational Risk Management, the BRMC assist the BOD in fulfilling its oversight responsibilities, set the “tone at the top” and empower Senior Management to contribute to the effectiveness of Operational Risk in the Group. In order to effectively discharge its duties, the BRMC gets update on the progress of Operational Risk activities on a quarterly basis.