Key People Risks
Employee fraud or malice Including collusion, embezzlement, sabotage of bank reputation, money laundering, theft of physical and intellectual property, programming fraud including virus introduction
Unauthorized activity Including misuse of privileged information, churning, market manipulation, activity leading to deliberate mis-pricing or with unauthorized counterpart or unauthorized product, limit breach, intentionally incorrect models such as deliberate changes to parameters, activity outside exchange rules, illegal/aggressive selling tactics, Ignoring/short-circuiting procedures deliberately
Employment law Including wrongful termination of employment, discrimination/equal opportunity, harassment, non-adherence to other employment law, non-adherence to Health and Safety regulations Workforce disruption Industrial action and other forms of disruption
Loss or lack of key personnel Lack of suitable employees and loss of key personnel
Key Systems Risks
Investment risk Including strategic platform or supplier risk, inappropriate definition of business requirements, incompatibility with existing systems, obsolescence of software
Systems development and implementation Including inadequate project management, cost/time overruns, programming errors (internal/external), failure to integrate and/or migrate from existing systems, failure of system to meet business requirements
Systems capacity Including lack of adequate capacity planning, inadequate software Systems failuresIncluding network failure, interdependency risk, interface failure, hardware failure, software failure, internal telecommunication failure
Systems security breaches Including external security breaches, internal security breaches, programming fraud, computer viruses
Key External Risks
Legal/public liabilities Including breach of fiduciary duty, etc. Criminal activitiesIncluding money laundering, terrorism, robberies, etc.
Outsourcing/supplier risk Including breach of service level agreement, supplier failure, etc.
Insourcing risk Including failure of firm as supplier of services to third-party
Disasters and infrastructural utilities failures Including fire, flood, and failure of critical supplies etc.
Regulatory risk Including change of regulatory rules etc.
Political/government risk Including expropriation of assets, changes in tax regime, law and industry regime, etc.
Remember, this does not even cover the largest category of Operational Risk, Processes. The process associated with our different procedures, protocols and mechanisms for doing business are one of the greatest areas to incur loss events. Errors, ommissions and lack of training are just a few of the areas that need to have consistent monitoring and continuous auditing.