Compliance
OpRisk professionals advised to develop their personal brands
• 0 minute read
December 5, 2024
Operational risk professionals should develop their personal brands and do more to persuade colleagues of risk management’s value, said Elena Pykhova, director and founder of the OpRisk Company in London at a recent book launch.
“You cannot embed risk management just by policies, procedures and guidelines. If there is no trust, if there is no brand, whatever good procedures you write, it’s not going to embed risk management,” Pykhova said.
Having worked in operational risk management for more than 25 years, the last 11 of these in a consultancy capacity, Pykhova has observed risk experts who could have been more effective had they invested in their own branding and in acquiring softer skills.
Industrious and knowledgeable
She explains: “I’ve seen so many organisations, and there is a common theme that is coming through, which is the brand and identity of risk people. And the theme is that they are generally quite industrious, knowledgeable and fantastic people, who put their head down and get things done — and while they do that, what they are lacking is sales, marketing, branding, sort of persuasion.”
Pykhova feels strongly about this softer skill set and includes it as a mandatory module when she teaches operational risk management. “I ask risk practitioners: what’s the identity of the risk professional? [They] should be a trusted advisor, a problem solver and a knowledgeable counsellor: someone whom you can go to and who will help, rather than only providing oversight and challenge.”
Reputation for endless reporting
At times, risk management can be a never-ending reporting function that collects risk information, repackages it and reports it upwards. Over the years, risk registers have ballooned to the point where there is fatigue from the first line of the business. Risk registers have, to a certain extent, become about quantity over quality, Pykhova said.
Risk management divisions hold a lot of knowledge and should consider how to liaise with other departments, how to add value in their reporting, and think more about the feedback they give the business, she said.
“These professionals need to step back and look at their day. If what I’m doing is constantly collecting information and reporting to the board, can I change that? All the risk guidelines and regulations are high level; all they require you to do is identify, assess, manage and report on risk. Nobody tells you what that means in practice.”
Formal v Informal
Risk teams should also consider whether they have the right mix of people — some with more soft skills than others, for example — and whether they have the right balance of formal and informal interactions. For example, risk practitioners should not meet with business people solely in the context of conducting risk assessments. Organisations where risk teams combine formal and informal interactions are more successful in embedding risk management programmes than those risk teams who engage exclusively in formal, and often longwinded, communications.
Operational risk management has come a long way in the past few years, as financial services firms have had to respond to events such as the Covid-19 pandemic, operational resilience challenges, and regulatory criticism. However, it has not yet been fully embraced, and part of that is down to risk teams not communicating effectively, Pykhova said.
She stressed that this is a shared responsibility. “Senior management needs to support risk teams; risk teams need to state upfront that they need to be good communicators about the need for the budget, or recruitment of extra resources. Otherwise, it’s difficult to listen to the voice of risk; others can’t tune in to what they’re saying.”