Welcome to Dublin and the Central Bank of Ireland.
Over the past decade, we have been witnessing significant changes to the risks our respective institutions confront. In many cases our mandates have expanded since the global financial crisis, complicated by the need to effectively process and analyse big data, often now at higher frequency intervals, and compounded by the phased migration from legacy to new technologies. The cyber and information security risks are evolving, and hybrid threats can arise as these overlay with physical security and data protection risks.
In his book, Against the Gods, the Remarkable Story of Risk, Peter Bernstein notes that "the essence of risk management lies in maximizing the areas where we have some control over the outcome while minimising the areas where we have absolutely no control over the outcome and linkage between effect and cause is hidden from us." Traditionally our respective institutions have predominantly focused on financial risk, but rebalancing over the past decade to strengthen non-financial risk management. However, over time, the lines between financial and non-financial risk have started – and will continue – to blur. This is apparent when one considers recent targeted cyber-attacks on critical infrastructure (very timely in Ireland this week), the opportunities and risks presented by financial innovation driven by technological change, not least potential developments on central bank digital currency, and our learning from the recent response to the pandemic. And of course our shared risk and the necessity for collective action to address climate change as well as our collective efforts in support of sustainable finance.
We believe in the importance of an independent central bank that is transparent, accountable and connected across all public policy domains, in Ireland, in Europe and across the world. We embrace diversity and inclusion as they strengthen us, as individuals and as an organisation. It is important that we foster a cultural foundation that supports implicit risk management, to avoid groupthink, while also implementing proportionate risk management frameworks, embedded to provide a systematic approach to explicit risk management that creates organisational value.
Effective operational risk management is a core enabler to the achievement of our vision to be trusted by the public, respected by our peers, and a fulfilling workplace for our people. It is a prerequisite to stakeholders trusting us and it forms part of living our values. It aligns with our aim that "our culture, resources and capabilities support the effective and efficient delivery of our mandate whilst maintaining the highest standards of governance and risk management."
At a global level, it is clear that the risk environment is continuously evolving, exacerbated by the pace of change, and the broader and very significant risks society itself must confront, not least climate related. For these reasons, it is important that our institutions continue to enhance their approach to risk management, and recognise that the lines between financial and non-financial risk will continue to blur over the longer term.
Naturally, tone from the top is critically important, and senior leadership must not only embrace their first line risk management responsibilities, leveraging the frameworks, policies and supporting toolset of the second line, but also continually foster a culture of risk awareness, seeking when possible to design risk out of our institutions.
It is a pleasure to open this virtual meeting of the International Operational Risk Working Group. In doing so I welcome a very diverse representation of participants from across the world. This network has continually strengthened and grown since its foundation in 2006. It facilitates an opportunity for all of our respective institutions to share learnings. The IORWG can help guide our institutions, by looking to raise the bar on the standards of operational risk management and facilitating peer dialogue on emerging risk issues. We should benchmark ourselves against each other, relevant industry standards, and maintain a broad perspective on how the risk landscape is evolving, to ensure we remain capable of mitigating controllable risk.
It is our pleasure to host this virtual conference and I encourage you all to participate and contribute over the next three days. Welcome to Dublin.
(Full text available at BIS，21 May 2021)