120 likes | 134 Views
Learn about WorldPay's Enterprise Risk Framework, high-level strategy, and governance model for managing operational risk. Explore key risk themes in the industry and discover the challenges and achievements in the first 90 days.
E N D
Institute of Operational Risk Robert Galway Head of Operational Risk Friday 1st November 2013
Agenda • Contents • About Worldpay • Enterprise Risk Framework; • High Level Strategy and Approach; • Governance Model; • Risk Themes Across the Industry; • My first 90 days – key challenges and achievements.
WorldPay Overview Leading independent global payment services business Top 5 acquirer globally • 400k + merchants • 8bn transactions / £300bn Streamline eCommerce US • Streamline is #1 player in UK and Europe across large corporates and SMEs • Led UK Chip & Pin implementation • First contactless transaction in UK • Process 1 of every 2 face-to-face transactions in UK • Online point of sale gateway and processing solution • Global presence with vertical expertise • Process in 120 currencies; settle in 14 currencies • Widest range of alternative payment methods • Top 10 acquirer in the US and fastest growing • Focused on SME and Mid- Market • Largest off-premise ATM network • First acquirer with end-to-end hardware encryption
Enterprise Risk Framework Systems to support risk assessment and reporting against the risk exposures, incidents and KRIs and effectiveness of the framework. Open culture whereby accountability is taken and rewarded for managing risks and incidents – “no blame” culture. Systems Culture Assurance Governance 3LOD governance model operating effectively with clear roles and responsibilities defined. Risk Committee structure articulated and embedded. Risk based assurance model in place to ensure focus given is applied in the right areas of the business – both embedding the risk framework and exposures.
What is Operational Risk? Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, systems, human factors or external events. In practice this covers the following…
Strategy and Approach The risk framework will mature and embed over time given the right focus.... • Understanding the risks.. • Key Risks identified and assessed across the business; • Control environment defined and assessed; • Actions defined to reduce risk exposures in line with appetite; • Issue Management process rolled out; • Raise awareness of risk management across the business; and • Risk Governance structure in place and basic Risk MI produced (functional and BU). • Embedding and reducing risk exposures…. • Risks and issues regularly discussed at Risk Committee and Functional team meetings; • Actions progressing to improve control environment tracked to ensure risk managed down in line with appetite; • Risk MI developing – improved KRIs and KCIs; and • Risk based decision making. • Managing Risk is BAU…. • Maturing risk culture, part of day to day management and decision making; • Actions progressing to improve control environment and reduce risk exposures; and • Risk profile reflects the underlying reality and limits issues that materialise.
Risk Assessment Risks are identified , assessed and managed at three levels across the organisation to ensure that the right risks are managed at the right level….. Key Risks for WP are discussed regularly at the Exec and ShipMidco Risk Committees Strategic risks for each Business Unit are discussed regularly at the relevant SLT meetings Risk Registers for each functional area, discussed regularly at Management meetings.
Governance Model ShipMidco meets quarterly to ensure that risk framework is embedding appropriately and key risks are managed in line with appetite. This is supported by the Exec Risk Committee and Functional “Risk Committees”
Key Risk Areas for the Industry • The following risks are a key focus for the Industry • Systems Stability; • Data Security; • Regulatory Change and Scheme Rules; • Financial Crime; • Credit Risk;