Challenge
A global universal bank was facing broad regulatory pressure across geographies to upgrade management and control of its operational risks, including pressure from the Single Supervisory Mechanism in Europe and new regulations in the United States and elsewhere.
The bank also faced increased industry focus on operational risk management due to a series of major events that had shaken major institutions.
To address these issues, it launched an enterprise-wide transformation effort on operational risk.
McKinsey’s approach
McKinsey teams began supporting the transformation from its start in January 2014 through groupwide execution and regulatory submissions.
Conducted initial diagnostic. We set up a diagnostic process that compared the bank against the new regulatory standards and best practices. This included a detailed evaluation grid that helped the bank assess itself against more than 150 requirements, across ten dimensions and nine different geographies.
Supported advanced modeling. We advised the client on creating an advanced model to quantify required capital for operational risk using the Advanced Measurement Approaches. This included creating the data sets and methodologies, to developing methodological notes for regulators on critical aspects to prove.
Developed best-in-class operational-risk framework. This included structuring the new organization, refining governance (including board training), and running ten scenario workshops (for example, rogue trading, cyberattack to a payment platform) with top management to help them understand and address the most relevant risk classes. We helped the client redefine its risk appetite and key risk indicators and developed new reporting processes for top management and the board.
Supported regulatory submission. We supported the bank on its regulatory strategy and approach and prepared the necessary materials to submit the new operational-risk framework and model for approval.
Impact
With our support, the bank redefined its framework, operating models, and policies for managing operational risk. Through workshops and training—including the board and top management—it enhanced the risk-management culture across the organization.
The bank was able to identify and quantify its top operational risks, and develop strategic priorities for operational risk for the next two years. Additionally, it saved 10 percent in capital requirements in the most relevant business unit, and it successfully navigated the new regulatory processes.