Please enable JavaScript.
Coggle requires JavaScript to display documents.
Risk management (Examples of the type of risk, internal and external, that…
Risk management
Examples of the type of risk, internal and external, that may affect OSPs are
Business risk: the firms performance, loss or destruction of assets, in correct decision making, loss of revenue, excessive costs and incorrect record keeping
Financial risk: Shortage of cash, fraud, embezzlement, unreliable accounting, hidden liabilities
-
-
-
-
-
Regulatory risk: non compliance, lack of records and systems
-
The UK Auditing Practices board have developed a device for identifying the internal controls a firm should have in place to manage its risk
Segregation of duties: One person checking the other's work. One common rule is that an employee must take two consecutive weeks holiday
Physical controls: Chinese walls, Internet firewalls, disaster recovery, use of passwords, limiting access and having different levels of authorisation
-
Management controls: Review targets, cash flow, valuations, ascertain trends
-
Organisation: Clear roles, lines of authority, reporting lines, span of authority and control
Arithemtical and accounting controls: Salami fraud, reconciliations, internal audit
Personnel: Quality controls re employees suitability, experience, training, fit & proper
To ensure that service providers manage and control risk effectively, the following may need to be considered and to be in place
-
established policies, standards and procedures
-
-
In order to adhere to the rules on corporate governance and risk management, an integral part of the regulated environment today, OSPs must ensure that they have implemented an internal control system which will consist of two discrete but interactive parts
A control environment: this is building a culture that acknowledges the need for internal control and encompasses all levels of management from board level through to individual employees
Control procedures and policies: procedures to enable an orderly and efficient conduct of the business so that the OSP can
- safeguard assets
- prevent and detect fraud and error
- ensure accuracy and completeness of financial records
- ensure timely preparation of financial information and / or returns to the regulator
Many regulators consider risk to be the combination of impact (the potential harm that could be caused) and probability (the likelihood of the particular issue or event occurring)
Systemic risk: A macro risk, affecting the global marketplace which is likely to impact on the financial services sector as a whole such as the credit crunch of 2008. The likely impact of this type of risk is the resultant changes in the risk management regimes within OSPs and the requirements set down by the local regulatory bodies
Systematic Risk: Also considered a macro risk but specifically focuses on the different marketplace in which the OSP undertakes activities. For example the fiduciary marketplace and the impact of changing legislation
Unsystematic risk: A micro risk that relates to specific products and services including the acceptance of new business
A risk based approach starts with the identification and assessment of the risk that has to be managed, in the context it requires an OSP to assess the risks of how it might be involved in money laundering or terrorist financing taking intro account its customers, products and services and the ways in which it provides those services
The nature of risk identifies two types; downside risk and upside, one being planning for something that would not normally be expected, the other than events may turn out better than expected
All business take risks but it is an important element that risk management is incorporated into the corporate governance at board level and also downwards through the levels within the different business areas
The OSP must consider what risks are acceptable, what risks can be managed and what types of risk are not acceptable