by Caroline Smith, Archan Bahulekar
On August 5, 2022, the Monetary Authority of Singapore (MAS) issued an information paper addressing operational risk management (ORM) standards and practices. The paper, which can be accessed here, focused on good practices, improvement areas, and case examples observed from the MAS inspections. Additionally, the paper scrutinised and provided recommendations in respect to third-party risk management.
This blog is the first in a short series outlining how HireRight’s core background screening services can be a helpful tool to support operational risk management.
What is operational risk management?
Financial institutions must manage two distinct types of risk: financial risk and operational risk. The latter is the risk of loss due to, for example, errors or breaches caused by people, internal processes/systems, or external events. These types of losses are not limited to a monetary impact but will also impact the financial institution’s reputation.
What were the key takeaways from the MAS paper?
MAS selected several banks over the 2020/21 period to inspect operational risk management and it was observed generally that whilst there were established frameworks and processes in place to address internal operational risk and management of third parties, those frameworks could be improved. MAS had expectations with respect to how financial institutions should be managing organisational risk. We have not summarised all those expectations, but the key takeaways are that financial institutions should:
- take a comprehensive approach to operational risk management by implementing across all business areas and outsourcing arrangements
- have clear requirements in due diligence and risk assessment for the onboarding of outsourcing arrangements and use of third parties; and
- fill ORM roles with the right talent.
The approach to operational risk management should be firmwide, not just focused on those that hold regulatory roles or provide external support to those regulatory functions.
How can HireRight help with operational risk management?
Any framework implementing operational risk management usually focuses on four areas: people, information technology (IT), organisational structure (e.g., sales/incentives), and regulation. HireRight’s services address people and regulation.
Background checks may be performed on individuals either pre-employment or periodically throughout their tenure with their employer. The background checks offered are tailored to specific sectors, risks, and job types including checks to support the hiring of MAS-regulated individuals.
In addition to this, HireRight offers an Extended Workforce Screening solution, which is a program those financial institutions can mandate their network of third parties sign up to. The scope of the program is determined by the financial institution to address the risk of using third parties to carry out either outsourced functions (e.g., core IT functions or recruitment functions) or non-outsourced functions (e.g., vendors providing staff to service printers or providing janitorial services).
How can background checks mitigate organisational risk?
When analysing the value of background checks in context of organisational risk, HireRight focuses on three pillars:
- Reputation and risk management
- Protection against internal threats (e.g., theft of intellectual property or financial misconduct)
- Reputational management (i.e., a bad hire leading to bad press)
- Holistic understanding of an individual’s background to drive informed hiring decisions
- Talent Management
- Hiring the best quality individual
- Protection of top talent (e.g., a bad hire impacting productivity and staff turnover)
- Screening to regulatory requirements (i.e., fitness and propriety plus regulatory references under MAS)
- Rescreening of those who hold both regulated and key risk roles
Operational risk management starts at onboarding and should continue throughout the lifetime of an employee or vendor.
How can your organisation meet these requirements?
By implementing a background screening program across all departments within a financial institution, and by mandating the same as a condition of onboarding vendors (both those that are outsource providers and non-outsource providers), Financial Services entities can demonstrate their operational risk management in line with MAS expectations as set out in the paper. Background checks can identify and mitigate operational risks.
Contact us here to discuss your background screening needs with our sector specialist today.
About the Authors
Caroline Smith – VP, Deputy General Counsel, International
Caroline Smith is a UK qualified lawyer with over 18 years of experience, who has been with the HireRight group for over 10 years. Caroline assists in the negotiation of contracts across the region and leads the International business compliance function advising on a range of issues including data protection and regulatory updates.
When not “lawyering” or writing blogs, Caroline can be found striking yoga poses in remote locations such as Mongolia and Bhutan. Caroline earned her Master of Arts degree at the University of Saint Andrews and went on to study law at the College of Law in York earning the GDL and LPC postgraduate qualifications.
Archan Bahulekar – Enterprise Sales Executive, APAC
Archan has over a decade of experience selling compliance and risk solutions pertaining to processes around anti-money laundering (AML), Know Your Customer (KYC), and credit risk. At HireRight, he is in charge of customer acquisition across various industries in APAC, with a key focus on banking and financial services.
Archan’s other interests include reading about philosophy and mysticism, working on the topic for his next book, and perfecting his volley-smash drill in tennis. He has a postgraduate diploma in corporate finance from Narsee Monjee Institute of Management Studies (NMIMS).