Disponible en Español

I Meeting of Heads of Operational Risk Management in Central Banks

September 28 - 30, 2021.
Digital format


The Meeting was held on a digital format on September 28-30, 2021, and was attended by 97 representatives from 37 institutions and associates of CEMLA from the following countries and regions: Argentina, Aruba, Barbados, Belize, Bolivia, Brazil, Canada, Chile, Colombia, Costa Rica, Ecuador, El Salvador, España, European Union, Guatemala, Honduras, Mexico, Nicaragua, Panama, Paraguay, Portugal, Dominican Republic, Spain, Suriname, the Bahamas, the Philippines, Trinidad and Tobago and the United States. The event was focused on the following topics: organizational resilience; digital technologies, climate change, compliance and supplier risk as emerging risks; models of appetite, tolerance and risk capacity; and organizational frameworks for operational risk management.

Session 1. Invited Talk. Organisational resilience – a strategic imperative for central banks

This session presented key aspects of resilience as central concept to approach operational risk management. Some takeaways of the session were the following:

  • · A resilient organization is able to respond to high impact events and uncertainty, not only to expected contingent events. It is aware of the interdependence with other institutions and industries, employees, clients, vendors, etc.
  • · Resilience is underpinned by strategic, operational and cultural dimensions within the organization. Its development relies on 4 competences: foresight, insight, oversight and hindsight.

Session 2. Emerging Risks: Digital technologies and Climate change

This session was devoted to the risks stemming from digital currencies and climate change. Some takeaways of the session were the following:

  • · In general, central bank digital currencies (CBDC) were not considered an improvement on current wholesale payment systems. Yet, there is still interest in CBDCs, and there are working groups and pilot projects to explore their implementation. However, CBDCs come with risks related to security, reliability, scalability of operations, monitoring, and the right assignment of roles and responsibilities.
  • · Climate change can trigger diverse types of operational risks. One threat is the physical damage to people or infrastructure due to extreme events. Given the complexity of climate-related impacts modelling, it is important to have data, standards and analytical tools to encompass the different level of affectation.

Session 3. Models of appetite, tolerance and risk capacity

This session discussed the perspectives of three central banks with regard to models of appetite, tolerance and risk capacity. These tools are intimately related to central banks’ organizational objectives.

Panel 1. 2LOD: Framework in the organization, roles, responsibilities, and integration with the 1LOD and 3LOD

In this session, the panelists discussed organizational frameworks in operational risk management. Some takeaways of the session were the following:

  • · Coordinating central banks’ three lines of defense allows them to manage all risks in an integrated and orderly manner, ensuring that each line has clear and complementary goals and that the banks’ goals are met.
  • · The challenges of implementing 3LOD require resource-intensive efforts in areas such as cybersecurity, risk information security, infrastructure for operational resilience, and risks arising from dependence on third parties.

Session 4. Emerging Risks: Compliance and Supplier Risk

This session discussed further topics related to emerging risks, focusing on methodologies to assess regulatory compliance and supplier risks. Some takeaways of the session were the following:

  • · Compliance is related to the observance of all the applicable laws and regulations. It is a key part of corporate governance and it is aligned to the defined risk tolerance and capacity.
  • · Acquisition risks were categorized as a specific type of supporting risk, and any institution is susceptible to be affected by them. A supporting infrastructure is key to integrate the information of any occurrence of supply risk to the risk management framework.