Q3 Threat management and Operational Resilience minutes

Abridged Minutes

Today Non-Financial Risk (‘NFR’) is managed within silos, with no single point of data aggregation existing to provide holistic oversight that would support decision making (in relation to NFR).

It is recognized:
-Data is the lifeblood for effective NFR management
-The aggregation of this data is an evolving necessity if the COO (or other) is to be able to have an informed oversight of these risks
-Emerging risk identification and horizon scanning would help contextualize decision making born from integrated NFR data

Q. What sits within this spectrum and where, who and how are these risks managed?

A. It was agreed unanimously that NFR has no definitive categorization, the following being commonly used classifications:

(The following has been sent to iCOOC participating members to complete to enable Armstrong Wolfe to develop a reference for NFR categorization to work from moving forward)

Q. Integrated or segregated, what benefits arise to a fully integrated process to manage NFR?

A. Overwhelmingly a desire to establish an integrated approach, noting:

The COO often operates with a fragmented or incomplete view across the Threat & Risk landscape

No one bank has a systematic approach to aggregating and analysing NFR

Reservations exist in relation to capital expenditure to develop this capability

It is noted that much if not most of this data is already captured somewhere in the organisation and therefore there is little or no need to invest in technologies to do so; limiting expenditure to a technology solution needed to collect from established data pools, and to aggregate and translate it

Aggregation of NFR data will allow (the COO) to separate the signal from the noise and how to identify points of correlation within the NFR spectrum.

This function should be positioned as the centre of threat management education, ensuring it helps develop a culture of non-financial risk awareness that will further protect the franchise

Q. CRO or COO – who is better positioned to provide the answer to ‘so what?’

A. The business heads (be this CEO, SMR, other accountable executives), with the COO as the managing agent of this risk, noting:

The business owns the risks and the COO, working with the CRO and other partners (providing data), is best positioned to translate NFR and to make informed commercial decisions based upon this data

This would enable the business to operate on an anticipatory footing and be prepared for the inevitability of future crises

Q. If the above is correct, would you build or buy a solution, and if the latter, with whom?

Next steps:

Follow on deep-dive COO Cluster Calls to be offered to iCOOC members to participate.

1-to-1 meetings with AW and Control Risks to discuss outline solutions.

Consumer Duty – A Hot Topic

Terry Yodaiken, Armstrong Wolfe Advisor The July 2023 deadline for firms to have completed effective implementation for the FCA’s Consumer Duty initiative is fast approaching and exactly where asset managers are in their implementation journey’s is a hot topic.  To...

Converging Paths: The Synchronicity of Product Visionaries

In the realm of innovation, where revolutions unfold, it is crucial to comprehend the profound significance of design.Design is not about mere appearances; it is the fusion of aesthetics, functionality, and human experience. Our duty as pioneers of the digital age is...

Management challenges within hybrid working

Hybrid working has become the pyramidal battleground between the authority of the company to define its working patterns and the right of the individual to select their own. This point of tension rests upon an understandable, although some would say aged corporate...

3 of 24 things on the Control Officer’s mind

1. What’s in a name? 2. Can you measure culture? 3. Emerging technologies 1. What’s in a name? Within the continued evolution of controls and 1st line risk management, some banks are renaming their control function, risk management. Most say it would make sense to...

Workforce Management: Caught in the hybrid cul-de-sac

The honeymoon period for hybrid working is over, the hopes of a new epoch in working practices has hairline cracks, and companies that embraced this new dawn are facing difficult decisions. It is too simplistic to draw a line mid-Atlantic to define where banking and...

Mental Health Forum Summary – UK Mental Health Week 2023

The use of data to manage stress and mental health in the workplace is crucial for maximising productivity. In 2022, Armstrong Wolfe launched an ESG data management programme with our alliance partner Sutherland. From this programme, we concluded three things: Many...

The role of the COO in developing and implementing ESG strategies

Armstrong Wolfe are looking to establish the current roles and responsibilities of the COO where they relate to managing and interacting with their organisation’s ESG strategy, and to offer a possible framework of solutions to facilitate productive ESG management. In...

24 Things on the CCO’s Mind

Q1 Chief Control Officer Survey: What are the 3 top things you wish to debate with your peers in Q2 2023? In March 2023 iCOOC members participated in a Control and Business Risk survey. Despite a pressing need to adapt operating models and securing funding to further...

Creating High Performance Teams by Enabling Effective Followership

Q1 iCOOC Forum Summary - Creating High Performance Teams by Enabling Effective Followership Character has, throughout history, been one of the most prominent factors in determining the attributes of a good leader. Yet modern leaders are often disconnected from this...