CHAPTER ONE

INTRODUCTION

“Fraud rings are already resulting in major financial losses. Earlier this

year Kaspersky revealed that an international criminal syndicate was able to successfully

impersonate bank officers at over 100 banks around the world to net as much as $900 million in

stolen funds. Last year, the Boleto Fraud Ring siphoned $3.75 billion from Brazilian banks.”

1.1 Background of the research

The above-mentioned example of Kaspersky is a typical operational risk event. Not only can the

occurrence of operational risk impact on the continuity and validity of operations, but it can also

trigger financial losses to the institution. Along the same vein, impersonation of a bank official

can result in huge financial losses and corporate disrepute. In this regard, it is imperative for

financial institutions to consider operational risk as an essential risk element in its day to day

activities. Financial institutions and its regulatory body, in the last decade have awakened to the

realisation that the risk management procedures adopted and promoted by them were not holistic

enough to insulate them from all risks.

In the last couple of years, the Ghanaian banking industry has seen phenomenal growth arising

from capital injection by banks from Gh₵60million to Gh₵120million, to meet minimum

regulatory capital requirements leading to an improved buffer for risk absorption in the sector. It

is commendable that the bank of Ghana increased the capital resources requirement of all banks

in Ghana ahead of the implementation of the Basel II Accords. The implementation of Basel I

led to a significant strengthening of the banking sector, with the minimum capital requirement
now pegged at GH¢120million for the 29 universal banks in the country. In spite of this growth,

the industry is faced with operational risk issues relating to human errors, fraudulent activities,

failure in banking systems and processes.

The key components of Basel I framework were credit risk (the risk of customers defaulting on

bank advances) and market risk (this is based on value at risk analysis of the investment portfolio

of banks including their own securities). Though the first accord mentioned operational risk

exposures, there was no explicit requirement for banks to measure operational risk. The Basel II

Accord was therefore introduced to create an international standard that banking regulators can

use when creating regulations about how much capital banks need to put aside to guard against

the types of financial and operational risks banks face. “The central bank of Ghana is to start

implementation of the Basel II in mid-2017 as it seeks to enhance risk management and financial

stability in the banking sector, after successful implementation of the Basel I”, Dr. Kofi

Wampah, Governor of the Central Bank said at the official re-branding of First Capital Plus

Bank to Capital Bank.

The daily operations of a financial institution cannot be without risk. Businesses in their day to

day activities face all kinds of risks, some of which can cause huge losses. Agwu, (2014)

described risk as a quantitative measure of an expected outcome, the process that involves the

likelihood of an adverse event occurring. Risk can be defined as uncertainty about a future

outcome. It is the essence of financial institutions’ activities. A recognized risk is less risk than

an unidentified risk. Risk is highly multi-facetted, complex and often interlinked. While not

avoidable, risk is manageable. Risk when managed well can reduce the occurrence of financial

and reputational losses to the organisation. (Agwu, 2014).

Operational risk exposures are rising dangerously and security systems have become vulnerable

to breaches calling into question the strength of the internal governance and risk management

framework, and the sustainability of the current business model into the future. One-off event

can cause both mass embarrassment and collapse. For example the terrorist attacks on the World

Trade Centre in 2001, where over 6000 lives were lost and an estimated loss of $20 billion to

business (Hoffman, 2002). Financial institutions today operate in an environment marked by

growing uncertainties in business outlook, customer-centric regulations, stricter regulatory

supervision and rising costs of services. All these factors have re-defined the present and future

of banking. External challenges and economic recession have also brought along an increased

probability of rogue trading, operational lapses, internal fraud and de-motivated employees.

However, there is more pressure to avoid things going wrong while continuing to improve

corporate performance in the new environment.

The Basel Committee on Banking Supervision (2006) defines operational risk as, “the risk of

loss resulting from inadequate or failed internal processes, people and systems or from external

events. This definition includes legal risk but excludes strategic and reputational risk”. Every

financial institution is exposed to risks that fit this definition and as such it is prudent that every

institution focus on operational risk management.

The ideal firm is proactive in operational risk management as it monitors its performance by

periodically assessing its personnel and departments; keeping record of loss events that have

occurred; and analysing these losses to determine what lessons may be learnt and to develop

strategies for minimizing or preventing future problems. As with all management

responsibilities, there are several challenges that must be overcome before any institution will

conform to this ideal.

There are four main causes of operational risk that are identified from this definition. Operational

risk events can occur when there are inadequacies or failures due to:

 people(human factors);

 Processes;

 Systems ; and

 External events

In a simple language, operational risk occurs when the person doing the activity makes an error,

the process that supports the activity is flawed, the system that facilitated the activity is broken or

an external event occurs that disrupts the activity. It is therefore absolutely necessary to ensure

that operational risk is properly managed and the necessary risks are well addressed, because

mismanagement or the failure to address these risks could have a tremendous impact on the

organisation.

1.2 Research Problem

Financial institutions have always been exposed to events such as failure in people, processes,

systems and external events which are an inherent part of financial services. Over the years, there

has been emphasis on mainly credit and market risk. Major bank failures have occurred due to

unidentified risks within the banks. However, there is a strong reason to believe that financial

institutions are exposed to other kind of risks as they carry out their day to day activities. The

reason being that, systems, processes and financial products tend to become increasingly

complex and interconnected due advancement in technology.

Managing operational risks efficiently has become crucial, especially in times of financial crisis

and turmoil. Operational risks are encountered in several areas of business operations, and
financial institutions are facing a continuous increase in related regulations. There is therefore

the need for management to focus on managing operational risks as they manage other risks.

Operational risk is intrinsic to financial institutions and thus should be an important component

of their firm-wide risk management. If management neglects this task or accepts inefficient

operational risks controls, it may lead to fatal consequences.

This research therefore seeks to evaluate operational risk in financial institutions answering these

questions:

 What is operational risk and how do employees understand operational risk?

 What are the major problems in managing operational risk?

 What are the measures for mitigating operational risk?

 What is the importance of operational risk as part of the firm’s risk inventory?

 What are the main categories of operational risk within the financial institutions?

 What are the methodologies used in measuring operational risk?

1.3 Purpose of the Research

The main purpose of this research is to evaluate the good practices of operational risk

management, the role of Basel II and other regulations in the rise of operational risk management

as a discipline in financial institutions. It also encompasses the policies and procedures needed to

support operational risk management and the best practices in managing internal and external

frauds. In addition, the research will review employment practices and workplace safety, clients,

products business practices, damage to physical assets, business disruptions and system failures,

execution, delivery and process management.

However, the primary aim of this study is also to reveal the extent to which operational risk

affects the activities of banks in Ghana, the need for banks to effectively manage their

operational risk to minimize its effect on their operations.

1.4 Objectives of the study

 To evaluate how employees understand operational risk and how effective operational

risk management is being implemented

 To enable financial institutions in Ghana reduce the impact and probability of events

through the introduction of good practices.

 To enable the bank improve controls and mitigation of significant operational risk

throughout the organization.

 To develop a common understanding of operational risk across the bank involving every

employee at all levels for pro-active management of operational risk.

 To ensure that there is clear ownership for each element of operational risk and assign

clear responsibility for related day to day risk management and mitigation.

1.5 Significance of the study

The changes in financial institutions’ risk profile which is inherent in its developments such as:

use of highly automated technology, growth of e-banking, large scale merger and acquisition that

test viability of newly integrated systems, emergence of banks as very large service providers,

and increased prevalence of outsourcing has potentially increased operational risk treats in

financial institutions. These developments have caused the increased attention for the study of

operational risk.
This research is to allow banks in Ghana identify the sources of operational risk; identify

operational loss outcomes that they have exposure to, but yet to experience and take mitigating

actions. This will enable banks anticipate risks more effectively and by so doing avoid huge

losses. This study will provide guidance on the framework of management and identification of

operational risks. More importantly, this research will enable promote organizational

understanding of operational risk, as it is an imperative subject for the entirety of the business

immediate stakeholders, not limiting it only to management.

1.6 Methodology

This research is about operational risk management in Ghana’s financial institutions with

Ecobank Ghana Limited used as a cased study. These banks will be the primary source of

information for the study. Primary data would be collected through self-administered

questionnaire and structured interviews from staff of these institutions, personnel from risk

departments, heads of departments and senior managers. A well-structured questionnaire would

be used to collect the data with closed and open ended questions about operation risk in Ghana.

The data from these interviews and questionnaires would be used to analyze operational risk

management in financial institutions in Ghana and also help address the objectives set out for

this study. Secondary source data will be collected from published data, books, journals, theses

and the internet to identify the theoretical principles underlying operational risk in financial

institutions.