Case 1

You are the newly appointed Head of Operational Risk Management at ABC Bank. It is 7 a.m. and you just arrived at your office, coffee in hand and looking forward to leisurely enjoying your favorite coffee while you browse the internet for the latest financial news. Suddenly the CRO burst into your office. The CRO, a former head of capital markets, is clearly agitated and is holding a printout of some news story. Before you have a chance to say good morning, he starts firing a series of questions:

​

"Did you see this? Can it happen here, has it happened here and we don't know about it yet? If it has happened here, how large can we expect our fine to be?"

He catches his breach and continues "There are so many questions that need answers. I am in back-to-back meetings all day today but I have committed to debriefing the Executive Committee tomorrow at 8 am. I need you to provide answers to these questions and any others that you think are important. And I don't just want a list of Q&As, I want you to come up with a Framework that we can use to comprehensively and thoroughly think about these types of risks"

Before you can complete your thought about how you and your team can possibly do all that is in 24 hrs, He says, " all I need by tomorrow is an outline of Risk Management Framework. You can work out the details over the coming weeks. Relieved (somewhat) you start by reading the news story that so agitated the CRO

RBC and TD pay more than $24 million for foreign exchange compliance failings.

Summary: The Royal Bank of Canada and Toronto-Dominion Bank were found to have compliance failures in their foreign exchange trading businesses, resulting in the sharing of confidential customer information with competitors. They have agreed to pay settlement fees and conduct compliance audits as part of settlement agreements with TD Bank and Royal Bank of Canada totaling nearly $24.5 million after the lenders' currency traders shared confidential information in chatrooms to gain a potential advantage in foreign exchange transactions. As part of a settlement approved on Friday, TD Bank agreed to a voluntary payment of $9,300,900 to the securities regulator and an additional payment of $800,000 to cover the costs of the OSC's investigation. In a separate subsequent hearing, RBC agreed to a voluntary payment of $13,552,000 to the OSC and an additional payment of $800,000 to cover the regulator's costs as part of its settlement. As well, internal audit groups at both banks will conduct audits of their compliance with the FX global code, a set of principles for the foreign exchange market. TD and RBC "failed to meet the high standards of conduct expected of a market participant, which potentially put its customers at risk," OSC commissioner Grant Vingoe said in comments made at both hearings held Friday. He added that both banks co-operated with the investigation -- a factor considered when deciding to approve a settlement and the amount to be paid -- but noted that TD's co-operation was "exemplary." The banks agreed as part of the settlements that their currency traders exchanged confidential information, such as the existence of stop loss orders, with traders at other financial institutions over a period between 2011 and 2013. Both banks also agreed that they did not have a sufficient system of controls and supervision in place in relation to their foreign exchange businesses during that time. However, both lenders did not admit to a specific breach of securities law, and OSC staff did not allege or have any evidence of market manipulation, OSC staff lawyer Cullen Price said. During the period in question, it was common for currency traders more broadly to communicate with traders at other firms using electronic messaging services, the OSC said in the settlement agreements. "While the use of such communication tools is not in itself inappropriate, the frequent and significant flow of information between traders at different firms increased the potential risk of traders engaging in improper activity, including, amongst other things, the sharing of confidential customer information," the commission wrote. Paul Le Vay, a lawyer with Stockwoods LLP representing TD Bank at the hearing, said the lender has worked "continuously" over the last six years to remediate and improve its FX compliance and supervision program. He noted TD -- Canada's second-largest bank by market value -- has since established a policy specifically for its currency traders. "The bottom line is that TD's supervision and controls environment for FX trading is quite different today than it was six to eight years ago," Le Vay told the hearing Friday. Lawrence Ritchie, a lawyer with Osler, Hoskin & Harcourt LLP representing RBC, said the bank admits that its supervision and controls during that period were "insufficient" to prevent foreign currency traders from disclosing and receiving confidential information to and from traders at other banks. "RBC acknowledges that exchanging confidential information can cause risk, including a risk in the public confidence in the capital markets," he told the OSC hearing. He added that RBC, Canada's biggest lender by market value, is "committed to ensuring a strong culture of compliance." "This settlement, and the steps taken with staff to reach it, reflects these commitments," Ritchie said. The factors in the OSC's decision to approve these settlements included efforts by both TD and RBC to improve their compliance and procedures, Vingoe said. He noted that RBC has since prohibited and shut down multi-dealer chatrooms, implemented training, and implemented enhanced surveillance of electronic communication. He said TD, among other things, has engaged a third-party consultant to review its market abuse controls. The voluntary payments, which have already been paid by both banks, were calculated using several factors including the seriousness of the conduct, whether it is an early settlement, and the level of cooperation, the OSC said. OSC staff also took into account the amount of relevant revenue during the period between 2011 and 2013, which the regulator estimated at $102.87 million for TD and $124 million for RBC.

Your Task Develop the outline for the Framework that can be used to comprehensively and thoroughly answer all related questions about not just this case but all operational risk management. Sounds impossible to do at this point. You may not even know where to start. Starting with the specifics of this case. Use the CRO questions such as "can it happen here?", as the starting point. Think through the possible answer. If the answer is yes what would have to be true? Likewise, if it is no, what would have to be true? And if it can happen here what would have to be true for it to go from a possibility (can) to a realization (has happened)? how would you detect if it happened? if it did happen is your bank prepared to deal with it? What would have to be in place to deal with occurrences and the inevitable fine? Do all the employees and senior management involved in this event know what to do before it occurs ( when it is just a possibility) and after it occurs? ​ First generate sequentially as many answers to each of these questions as possible, even if some seem not quite right. The goal at this stage is to get quantity without worrying too much about quality. You may want to do some research using ChatGPT to complete your set of possible answers. Once you are satisfied that you have captured the major components of the answers for each question, test them for quality. That is how well do each of these components answer the question? At this stage, you may keep the component, refine it, or disregard it. After this stage, you examine what is left over, and if you are satisfied that you have your answer is good enough you move to the next question. If you are not satisfied, then you repeat this process until you are satisfied. You have just used the extraordinary power tool called AGILE Problem-Solving Through this structured approach, you have generated reasonable answers to each of these questions, having accomplished something you at first thought was impossible. You now have a set of answers ready for discussion with the CRO. But before you celebrate, you need to step back and examine the entire set. Up to now, you answered each question individually but when you examine the entire set, you may find overlapping answers or other relationships between answers, such, as one answer isn't really an addition answer but an elaboration of an existing answer. So rather than present a jumble collection of answers to the CRO which may sound more like rambling, you may want to organize the answers into a hierarchical non-overlapping structure that comprehensively captures all your answers and is complete in the sense that there are no missing answers. If after structuring your answers you discover some gaps, then you will have to go back to AGILE problem-solving to find additional answers to close the gap. By structuring answers into a non-overlapping (Mutually Exclusive) and complete ( Comprehensively Exhaustive) hierarchical structure, you have just used the second extraordinarily powerful tool known as MECE