The media was recently awash with news of massive attack and destruction launched against two Deposit Money Banks in the Industry. Different versions of the story have been circulating but the central issue seems to revolve around the fact that an armed policeman attached to one of the attacked banks allegedly shot dead a tanker driver who parked directly in front of the bank thereby constituting security threat. The policeman quickly left the scene and entered the banking hall just to escape from the angry mob that immediately gathered obviously to do jungle justice. When the mob could not lay their hands on the policeman, they descended on the bank and set it ablaze. The mob did not stop there but traced the policeman to another bank where they suspected that he (policeman) had taken refuge to escape being lynched. On sighting the policeman, the security operatives attached to the branch of the second bank prevented the mob from entering the branch while evacuating staff and customers before the arrival of police reinforcement.  The mob got upset and again, set the second bank ablaze.

Incidences like these are not new. In Mpape area of Abuja, sometimes in 2011, a branch of another Tier 1 bank was razed in a similar manner. The story that was circulated then was that a mobile policeman attached to the Tier 1 new generation bank shot at a taxi driver who was turning in front of the bank and the bullet hit the sole passenger of the vehicle who coincidentally is also a banker and who was pregnant at the time. The woman died instantly and within a ‘twinkle of an eye’ an irate mob gathered and set the bank ablaze. It was reported that nine vehicles and one motorcycle that were parked inside the bank premises were also burnt.

The situation is not peculiar to banks. Manufacturers, multinationals and indeed the public sector are not spared of this kind of ‘jungle’ justice. Recently, a depot belonging to Dangote Cement was razed in Onitsha by angry mob when a policeman attached to the company was alleged to have caused an accident leading to the death of three people that were attempting to cross the road in front of the factory.  Also late last year, a LASTMA (Lagos State Traffic Management Authority) Zonal head was reportedly stoned to death while carrying out his official duties, by tanker drivers in Apapa (Apapa tanker drivers again!). There have been series of reported cases where trucks of manufacturers were attacked and burnt while on official assignment. The recent rise in this risk factor cannot be divorced from the influence of unfavourable macroeconomic condition in the country, that is, rising unemployment, drop in purchasing power, unfavourable foreign exchange rate etc.  

All these incidents cited above are referred to as external events in Operational Risk Management.

What is Operational Risk?

Operational risk is defined as the risk of loss resulting from inadequate or failed 1)-internal processes, 2)-people, and 3)-systems or from 4)-external events. 

We shall, for the purpose of this discussion, focus on no 4, that is, External Event.

Event risk is the risk of a negative impact on a company’s financial position as a result of an unexpected event like a natural disaster, industrial accident, hostile takeover, Civil disruption (war, rioting, revolution, protests, vandalism, terrorism, etc.)

The terrorist attack on September 11, 2001 was a massive external event which disrupted business activities and caused huge shareholder losses in the airline and financial services industries.

External events as stated in these examples are however not limited to the above but very broad. Incidences like flood that occurred recently in VI and Lekki axis of Lagos and in many parts of Nigeria belong to this type of risk heading. Boko Haram, Niger Delta militancy, Kidnapping of expatriates and local professionals when on field engagements, etc could also be categorized under this heading.

External Events are therefore synonymous with the natural disasters and other similar types of emergencies that confront organizations on a daily basis and should be considered as part of the Business Continuity Planning (BCP) risk assessment process. Within the simple risk model External Events are treated as threats, agents of potential harm to the organization.

External Events are prioritized on the basis of Type (riots, earthquake, fire, etc.), Frequency (how often will the External Event occur over a period of time), Duration (if the Event occurs how long will the associated processes be unavailable) and Loss (in addition to the financial exposure assessed under Cost, what would be the expected expenses related to loss of buildings or equipment, the cost of renting alternate facilities, etc.).

Are we helpless about the management of these risks? Should an organization just resign to fate, count its losses and move on whenever it happens? Or how specifically should an organization address the issue of external event in managing the risk encountered in its operations?

To be continued next week….