The title of my essay comes from a seminar organized by Bank of the Philippine Islands (BPI) some years ago when I was still a junior officer assigned to the BPI Consumer Banking Group. As a matter of fact, all branch officers and staff were required to attend that seminar, so it was quite a big deal back then.
It is ironic, because I have always known BPI to be a stickler for operational control, and yet, just last week, it figured prominently in the news because of a system glitch that resulted in misposted transactions and wrong balances in some depositors’ accounts. Indeed, as Murphy’s law posits, anything that can go wrong will go wrong. It appears this adage applies to even our best institutions.
Notwithstanding last week’s snafu involving my former employer, there are insights from that seminar I attended years ago that are still worth sharing today. I am doing this to respond to malicious memes and fake news posted and shared extensively via social media. Such misinformation could do more harm than good, so allow me to spell out some basic concepts to help educate everyone.
Banking is a business of trust, and there are risks that need to be managed precisely to safeguard that trust. The word “risk” is synonymous with “danger”, “peril” or “hazard”, and in the banking context, it refers to an exposure to any financial loss or damage.
To draw an analogy from Egyptian mythology, the god of light Ra is said to be at constant war with the shadow beast Apophis, who threatens to devour the entire world. Just like Ra, bankers are at constant war with risk, which could potentially come from anywhere to wreak havoc on the entire banking system.
There is credit risk, which could be either counterparty risk or sovereign risk. There is counterparty risk when counterparties cannot (or will not) meet their obligations to the bank. As for sovereign risk, it arises when the bank deals with counterparties in foreign countries under adverse economic or political conditions.
There is also market risk, which could be either price risk or liquidity risk. Price risk refers to the risk of losses due to adverse movements of prices against open positions. Such movements can be seen in interest rates, currency prices and commodity prices. Liquidity risk refers to the risk that the bank will be unable to meet its financial obligations upon demand.
There is also regulatory risk, which could be either legal risk or operational risk. Legal risk refers to the risk of incurring penalties or losses from the failure to comply with regulatory requirements while doing business. Operational risk refers to the risk of losses due to operational factors, such as fraud, human error, system breakdown or failure to comply with internal procedures.
Clearly, the beast that BPI had to wrestle last week was operational in nature. The Bangko Sentral ng Pilipinas (BSP) has vowed to investigate the matter when the dust settles. Definitely, the BSP is in the best position to determine what really caused the problem, so it would be wise to await their official findings and stop the spread of baseless speculation, which could only shake our confidence in an otherwise robust banking system.
Moreover, banks generally adhere to five basic operational controls to minimize potential losses from fraud or human error. There is joint custody, which means that at least two people should be watching over critical items like cash and accountable forms. There is dual control, which refers to a vouching process where transactions have makers and checkers. There are authority limits that define triggers for escalation to higher management. There is delineation of duties, which refers to having specific job functions put in black and white. There is secrecy of passwords, which is already self-explanatory.
These controls ensure that no individual gets to process transactions unilaterally, and accountability can be easily pinpointed. In all likelihood, there could have been a failure to adhere to these operational controls, which eventually gave rise to last week’s problem.
Nevertheless, I believe everyone is responsible for safeguarding his financial assets. As the old saying goes, do not put all your eggs in one basket. It would be wise to have money in different banks so that when something bad happens to one bank, one could easily get money elsewhere. It would also be wise to keep track of one’s transactions. Banks print account statements so that clients could monitor account movements and raise concerns if needed. Finally, people should watch out for phishing scams. Unscrupulous folks could take advantage of chaotic situations to get critical information from bank clients. However, as a matter of protocol, banks do not solicit client information via e-mail, so suspicious e-mails should not be entertained at all.
****
Ser Percival K. Peña-Reyes is a faculty member of the Ateneo de Manila University Economics Department.