18 March 2012

Product Innovation: Individual Responsibility for Risk Management...

The next generation of Operational Risk Management professionals will be focused on a whole new set of thinking. Mitigating business risks that are associated with running the day to day functions of the enterprise will require people who have a command of their own accountability. The management of risks in their particular area of operations, will have an acute sensitivity to the level of experimentation, testing and innovation. This responsibility for individual levels of proactive risk management, begins with a new mind-set shift about the world of work itself, and our own management of our personal work product.

When you analyze where the financial services industry has exposed itself to tremendous losses over the years, it will no doubt be tied to some innovative instrument or product that was invented by some very creative and innovative people. These losses surrounding Credit Default Swaps (CDS) or Collateralized Debt Obligations (CDO) as an example, all started when an innovative person utilizing the latest tools available created a new product to be introduced to the marketplace. Sure, there were risk management professionals involved in the pipeline to production including lawyers, math quants and finance experts. Yet a failure of Operational Risk Management, led to serious losses and a global crisis, that may well be just the precursor to something even more sinister.

The humans quest for innovation, creativity and the ability to adapt is built into our DNA. So is the ability to survive and to overcome the adversities of our environment to sustain ourselves. Whether that is in the form of food and water or capital and manpower doesn't really matter. Leveraging the available resources to stay alive, being competitive and gaining more power in the conference rooms of Wall Street, or the Madrasahs in South Waziristan, remains a constant.

Innovation in the workplace, is vital for our employees to thrive and for new products to be discovered and old ones to be enhanced. Those new products are invented by people who will have the simultaneous task of doing a sound operational risk assessment. Managing risks at the same time you are innovating, is hard to separate from each other. The trade-offs and the decisions on whether to use this material or algorithm based upon use, shelf-life and the environment that the new product innovation will be operating in, takes prudent risk analysis.

So what will be different for our next generation of Operational Risk Management professionals? What will the new thinking be all about? It will be about engineering the four-step process into everything we do, and to reinforce the compliance with each step of the teams process:


1. Assess the situation.

The three conditions of the Assess step are task loading, additive conditions, and human factors.

  • Task loading refers to the negative effect of increased tasking on performance of the tasks.
  • Additive factors refers to having a situational awareness of the cumulative effect of variables (conditions, etc.).
  • Human factors refers to the limitations of the ability of the human body and mind to adapt to the work environment (e.g. stress, fatigue, impairment, lapses of attention, confusion, and willful violations of regulations).
2. Balance your resources.

This refers to balancing resources in three different ways:

  • Balancing resources and options available. This means evaluating and leveraging all the informational, labor, equipment, and material resources available.
  • Balancing Resources verses hazards. This means estimating how well prepared you are to safely accomplish a task and making a judgement call.
  • Balancing individual verses team effort. This means observing individual risk warning signs. It also means observing how well the team is communicating, knows the roles that each member is supposed to play, and the stress level and participation level of each team member.
3. Communicate risks and intentions.
  • Communicate hazards and intentions.
  • Communicate to the right people.
  • Use the right communication style. Asking questions is a technique to opening the lines of communication. A direct and forceful style of communication gets a specific result from a specific situation.
4. Do and debrief. (Take action and monitor for change.)

This is accomplished in three different phases:

  • Mission Completion is a point where the exercise can be evaluated and reviewed in full.
  • Execute and Gauge Risk involves managing change and risk while an exercise is in progess.
  • Future Performance Improvements refers to preparing a "lessons learned" for the next team that plans or executes a task.

So what does the renewed emphasis on the process being embedded into our work actually do for our work product? It gives the human a sense that the innovation is now ready for experimentation and field testing. This means that it is still not ready for prime time or the marketplace. You see, this realization is important. The recent focus on rapid prototyping and a push to get products to the marketplace before the competition, has produced the sinister and evil outcomes we have all witnessed. Why does it take so long for a new drug to make it through the pharmaceutical pipeline and end up being advertised on the CBS Evening News?

And even then, after so much testing and study, we find that a new drug (product) is not really so safe compared to the long term complications of using it as prescribed. The risk reward equation is at stake in our financial services industry and every other economic sector that is striving to be more innovative in todays global marketplace: For individuals, here are $18 Million reasons:

Attorney Lynn Szymoniak had spent a career investigating insurance fraud when a bank moved to foreclose on her Florida home in 2008. Almost four years later, the fraud she said she uncovered by combing through mortgage documents earned her $18 million.

Szymoniak, 63, is among six whistle-blowers who will pocket $46.5 million as part of a $25 billion national foreclosure settlement that state and federal officials reached in February with five banks, including Bank of America Corp. andJPMorgan Chase & Co. (JPM), according to the U.S. Justice Department.

“When they did this to her, they picked the wrong person at the wrong time in the wrong place,” Richard Harpootlian, Szymoniak’s attorney in two whistle-blower cases, said in an interview. “They stuck their hand into the beehive.”

Szymoniak’s examination, in which she relied on her experience as an insurance-fraud investigator, led to her claims against banks for submitting fraudulent documents to the federal government asserting that they owned loans insured by the Federal Housing Administration, she said.

The national foreclosure settlement with the five banks, which resolves claims of abusive foreclosure practices, provides mortgage relief to borrowers, pays $1.5 billion to those who lost their homes to foreclosure, and sets standards for how the banks service mortgage loans.

Who will be your choice for effective operational risk management as your new innovative products are consumed by the marketplace?

A. Your employees or workplace stakeholders

B. Your customers or consumers

The choice is yours as your institution puts new resources and new incentives in front of your workplace stakeholders.

10 March 2012

Enterprise Risk: The Future of Public Private Partnerships...

When it comes to the overall Business Resilience in a city or geographic region, there are a plethora of Public Private Partnerships that have been in development for decades between government entities and the private sector. The goal for some is the simple exchange of information on relevant topics of community and local or federal jurisdictions. Others have a very distinct role and measurable outcomes designed into their structure, to achieve a mutual purpose. The Houston Ship Channel Security District is a rare example:

The Houston Ship Channel Security District, a unique public-private partnership, improves security and safety for facilities, employees and communities surrounding the Houston Ship Channel. The district provides oversight of comprehensive and cost-effective security solutions, leveraging more than $30 million in federal grants to install technology and security infrastructure with operations, maintenance and matching dollars to fund specific security projects, maintenance and operational services.

An enhanced multi-layered approach increases preparedness and response capability to mitigate and eliminate potential security threats within district boundaries, protecting both landside and waterside facilities. The improved infrastructure includes wireless and fiber optic-wired communications systems, software that analyzes video images, high-tech night vision and motion-activated detection equipment. It also includes land and water detection components, such as radar, sonar and security sensors.

District services include enhanced security capability, such as marked patrol boats, patrol cars and all-terrain vehicles. Information sharing, alerts and notifications will be improved through a consolidated multi-agency operational and strategic command and control emergency
response structure.

Improving domain and situation awareness through enhanced infrastructure and services will deliver more rapid response times.


There are other Public Private Partnerships (PPP) that help address the safety and security of the United States, including the FBI's InfraGard program. This is an approach to engaging with private and public sector individuals in a region, as opposed to a specific business entity. The combination of an individual-based intelligence sharing organization, combined with a more business owner-operator and city, county and state governments model, is one that needs continuous care and oversight to remain effective.

There are hundreds of other local and national models that converge on the goal of a true public private partnership, that never achieve excellence. They continuously miss the mark from several levels of information exchange, coordination, cooperation and collaboration. These failed attempts at getting the private sector working in concert with government, still comes back to one key criteria for success; people. Regardless of whether you have the funding resources or not, a single or handful of motivated, dedicated and smart people, can and will make the relationship work.

Simultaneously, people can also be the roadblock, the resistance or the problem in getting a public private partnership working as effectively as it could be, to achieve the mission. This is when the mechanisms of governance, oversight and common sense are needed to guide the respective initiatives and operations of the entity either public or private, in the right direction.

You only have to look at the leadership in many cases to understand why there is continuing success in achieving SMART objectives or why there is failure. Service before self-interest is what becomes a major facet of why many of these organizations perish and then you have to examine who is really the beneficiary of the work being done by these dedicated volunteers.

Another effective public private example is the Intelligence National Security Alliance:

INSA is the premier not-for-profit, nonpartisan, private sector professional organization providing a structure and interactive forum for thought leadership, the sharing of ideas, and networking within the intelligence and national security communities. INSA has over 160 corporate members, as well as several hundred individual members, who are industry leaders within the government, private sector, and academia.

When you are able to converge the thought leaders from a particular vertical discussion area, to produce the best thinking on an operational risk topic, the output is extraordinary. The key is to keep these same set of thought leaders together long enough and often enough, for the trust factors to build and for the true sense of collaboration to emerge. INSA has accomplished this with the Homeland Security Intelligence Council. Formed in 2010 and working continuously on a monthly and even bi-weekly basis, they have produced several valuable outcomes from their work together. One example is the white paper produced soon before the tenth anniversary event of 9/11.

Homeland Security Intelligence is a discipline that depends on the successful fusion of foreign and domestic intelligence to produce the kind of actionable intelligence necessary to protect the homeland. INSA is one private private organization that realizes this more than others.

The private sector companies, who in many cases are the owners of critical infrastructure assets in the nation remain the power base. The willingness or reluctance to share the right information at the most appropriate time from government and combine it with private sector capabilities, will always be the largest challenge going forward.

So what are a few of the recommendations of highest priority these days for consideration by all:

  • The DNI, in partnership with the Office of Intelligence and Analysis, DHs, the Director of the FBI and state, local and tribal leaders should articulate a clear, lawful role for fusion centers in the national intelligence process and the national intelligence strategy, and define what constitutes appropriate Federal presence in a fusion center. DHs, I&A as the federal executive agent, should establish standards for training all fusion center analysts to a common analytic standard.
  • Congress should consider funding a base-line operational capability for state and urban area fusion centers. Federal funds should be limited to support of maintaining federally-validated capabilities, and allocated specifically for the fusion centers.
  • The program manager - Information sharing environment should develop policy for a single, effective suspicious activity reporting system, a better methodology and analytics to support the use of Suspicious Activity Reporting in Homeland Security Intelligence (HSI) analysis, and promulgate policy for the establishment of a single sensitive but unclassified information sharing network for the enterprise.

The last word in the last sentence is the key to public private partnerships in the U.S.. The "Enterprise" is not just government when it comes to intelligence and situational awareness. One only has to look at the number of iPhones and camera enabled PDA's being carried around by millions of people to understand this today. Social Media and Commerce is a wave forming on the magnitude of a Tsunami and without an effectively functioning "Enterprise", we can only imagine the future enterprise risk implications.