Overview
Operational risk is the risk of an adverse outcome resulting from inadequate or failed internal processes, people, systems or from external events. Our exposure to operational risk arises from routine processing errors, as well as extraordinary incidents, such as major systems failures or legal and regulatory matters, that could occur for us or out third-party vendors.
Potential types of loss events related to internal and external operational risk include:
Operational Risk, which is part of our second line of defense and reports to our group chief risk officer, has primary responsibility for developing and implementing a formalized framework for assessing, monitoring and managing operational risk to support firmwide oversight and challenge of our global businesses, with the goal of maintaining our exposure to operational risk at levels that are within our risk appetite. GICL’s framework for managing operational risk is consistent with and part of GS Group’s framework.
Operational Risk Management Process
Our process for managing operational risk includes the critical components of our risk management framework, including a comprehensive data collection process, as well as firmwide policies and procedures, for operational risk events.
We combine top-down and bottom-up approaches to manage and measure operational risk. From a top-down perspective, our senior management assesses firmwide and business-level operational risk profiles. From a bottom-up perspective, our first and second lines of defense are responsible for risk identification and risk management on a day-to-day basis, including escalating operational risks and risk events to senior management.
We seek to maintain a comprehensive control framework designed to provide a well-controlled environment to minimize operational risks. The GICL Risk Management Committee (RMC) and the GICL Board of Directors are responsible for overseeing the companies’ operational risk and the operational resilience of GICL’s business.
Our operational risk management framework is designed to comply with the operational risk measurement rules under the firm’s Capital Framework and has evolved based on the changing needs of our businesses and regulatory guidance.
We have established policies that require all employees and consultants to report and escalate operational risk events. When operational risk events are identified, our policies require that the events be documented and analyzed to determine whether changes are required in our systems and/ or processes to further mitigate the risk of future events.
We use operational risk management applications to capture, analyze, aggregate and report operational risk event data and key metrics. One of our key risk identification and control assessment tools is an operational risk and control self-assessment process, which is performed by our managers. This process consists of the identification and rating of operational risks, on a forward-looking basis, and the related controls. The results from this process are analyzed to evaluate operational risk exposures and identify businesses, activities or products with heightened levels of operational risk.
Our signature newsletter with insights and analysis from across the firm
By submitting this information, you agree that the information you are providing is subject to Goldman Sachs’ privacy policy and Terms of Use. You consent to receive our newletter via email.