The Perception and Culture of Operational Risk in the Banking Sector: Evidence From Northern Cyprus

Abstract

This study aims to analyze the attitudes toward and the perception of the risk culture with regard to operational risk (OR) among Northern Cyprus (TRNC) banking sector employees working in related departments. Although most previous studies have concentrated on the measurement and management of OR, the research remains extremely limited on the perception side as well as the formation of cultural background by human resources departments. The novelty of this study lies in the fact that it investigates OR from the perspective of human perceptions and cultural development in the context of a small banking industry. In addition, via addressing the relationship between personnel structure and the prevention of ORs in small banking sectors, this study fills an important gap in the literature. For this purpose, a survey was designed and the collected data has been analyzed by using Factor Analysis. The results are gathered under eight factors where both OR perception and cultural formation were analyzed under these eight factors. The sensitivity of perception and cultural development were then analyzed by taking into account the demographic information of the respondents. The results indicate that employees working in the treasury department are strongly sensitive toward OR. Furthermore, older staff who have experienced a banking crisis are more sensitive compared with their younger counterparts. Other findings include that developments in the financial sector increase the OR, senior management appropriation decreases the OR, and an effective OR database is required. The findings of this study can potentially serve as a guide for senior executives in the banking sector in terms of policy development and applications related to internal systems, particularly in small economies.

Keywords

risk operational risk risk management risk culture TRNC

Introduction

In 2000, the banking sector of the TRNC was affected by a substantial banking crisis and 15 banks were liquidated as they failed to fulfill their liabilities. In periods of economic turbulence, the business risks increase (Dvorsky et al., 2018). As suggested by Tripati and Ghosh (2008), the most important reasons for this crisis were loose regulations and legal gaps, poor monitoring and weak supervisory activities, delayed precautions, the sudden increase in the number of banks, insufficient capital stocks and risk arrangements, and the misuse of bank resources in favor of the main shareholders. Similar arguments, particularly with regard to loose regulations, were made by Chevallier and Joueidi (2019) in their research aimed at detecting banking bubbles. At the time of the crisis, the number of banks in operation was 37, but after the liquidation of 15 banks, the establishment of three new banks, and the merger of other banks, the number dropped to 22. As of 2019, there are 21 banks operating in the sector (The Central Bank of TRNC, 2019). Banking legislation and risk management practices were restructured after the crisis, which subsequently affected human resources and mid-level management in particular gained more importance in the sector. In recent decades, risk has become the core factor of economic life (Dvorsky et al., 2018) and the developments toward corporate governance and institutionalization as well as awareness in risk culture have significantly increased. As a result of the nature of operational risk (OR), along with the difficulties in monitoring and measuring it, three basic methods have been identified in terms of its application in the TRNC (The Central Bank of TRNC, 2019). However, only the Basic Indicator Approach is being used by the sector and the supervisory authority. The measurement is only made once a year based on the profit and loss accounts of the banking sector. This routine has a negative impact on the sector’s investment in this subject and the creation of a risk culture in terms of human resources. The establishment and sustainability of such a culture, along with improvements to the perception of human resources with regard to this subject, are considered to be essential for the prevention of OR, but this requires substantial infrastructural investment.

The complexity of OR and the difficulties in its calculation mean that it is increasingly difficult to control; hence, there is now increased focus on suitable precautions for mitigating risk. As the most important precaution is considered to be the creation of a risk culture in institutions (Buchelt & Unteregger, 2003), the main focus of this study is to measure the bank employees’ overall tendencies, knowledge, and perceptions regarding this type of risk. As the literature mainly focuses on measurement methods, this study aims to make a new contribution by concentrating on the perception of employees, which is considered to be the most crucial element of risk management, particularly in small economies. The creation of an OR culture and perception within institutions is the most important way of mitigating risk (Basel Committee on Banking Supervision, 2011; Blacker, 2000). In this study, it is foreseen that, based on the employees’ perception and the risk culture, the OR should be prevented rather than measured. In smaller banking sectors in particular, this can be achieved by improving the perception of the employees and establishing a certain degree of risk culture.

The diversity in the nature of OR causes problems in detecting and limiting the dimensions that are required to define it (Moosa, 2007). Although numerous international banks have launched identification initiatives, the generally accepted regulatory definition can be found in the proposal document of Basel II in June 1999, which emphasizes that OR includes legal risk but excludes strategic and reputational risk. The definition in CRDIV (Directive, 2013) (within Basel III) “means the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, and includes legal risk” (Regulation Art. 4(52), 2013). The countries reflect these generally accepted definitions within their own regulations (Mermod & Ceran, 2011). These definitions also emphasize the difficulty of measuring OR.

The interest in OR increased after the 2000s as a result of the regulatory efforts of the Basel Committee, which subsequently led to an acceleration in the number of studies in the literature. Therefore, OR is relatively new compared to credit and market risks. Risk and loss have always been factors in business life and particularly in banking, arising from reasons such as human nature and cases of corruption, the complexity of the profession, legal processes, and information technology (IT) systems. Recently, developments that have increased the importance of OR include various forms of trade such as the incidents of substantial loss, globalization, mergers, automated technological infrastructures, online trade activities, service procurement, and the complexity of financial assets (Moosa, 2007).

It is important to highlight the fact that OR interacts with a bank’s reputation and this feature affects the reporting transparency in this area; consequently, institutions are unwilling to report such risks (Sturm, 2013). OR has been associated with profitability in the generally accepted Basel II and III and if there is profit, the OR is covered by this profit. In the banking system, reserves or provisions can be easily created to cover this risk. However, in some cases, it may be impossible to cover the loss of OR with these provisions and it may even cause the collapse of the bank. The motivation of business to build up reserves is significantly reduced in crisis periods (Belás et al., 2018). Transparent reporting and the announcement of financial risk information including incidents of substantial loss and operational loss have significant importance for improving market efficiency, transparency, and corporate culture.

With reference to the resource-based approach theory, the importance of human resources’ perception of OR in banking is undeniable. Barney (1991), as one of the major contributors to the development of the resource-based approach, separated resources into three types, namely financial resources, human resources, and organizational resources. The author claimed that in order for these resources to provide a competitive advantage, they should also be valuable, scarce, inimitable, and non-competitive. It is not possible to create a risk management framework unless the employees comprehend any potential undesired problems OR might cause. OR perception is a sort of control mechanism for the specified goals (Abdul Rahim et al., 2014). Therefore, in this study, we aim to measure human resource perception toward OR and the level of cultural formation in the TRNC banking sector. For this purpose, a survey with carefully formulated questions was designed to evaluate and interpret the attitudes of bank employees in relevant departments toward OR. Factor analysis revealed that human perception is affected by eight factors. The factors that were related to human perception and culture formation were then grouped for regression analysis. With respect to different departments, the results indicated that employees working in the treasury department are significantly more sensitive toward OR. This is attributed to the fact that these employees are continually in contact with their counterparts in correspondent banks. With respect to age, our results indicate that older staff are more sensitive and have developed a higher level of risk culture compared with younger employees. For example, they strongly believe in the necessity to establish an OR database, whereas the younger employees do not place as much value on such a database. This is due to the fact that older employees experienced the challenges of the banking crisis in 2000. In order to determine the specific factors that have more effect on human perception and cultural formation, regression analysis was conducted. Our findings indicate that human perception is improved due to developments in the financial system. On the contrary, culture is formed by institutionalization. In addition to contributing to the state-of-the-art OR knowledge, the findings in this article have the potential to guide senior managers in the banking sectors of small economies by providing insights about the attitudes of employees.

Conceptual Framework and Literature Review

OR has been officially used in the literature by internal auditors since the 1990s. The pioneering report on internal auditing and control was published in 1992 by The Committee of Sponsoring Organizations of the Treadway Commission (COSO; 2013). Internal control systems are composed of five integrated components, which are control environment, risk assessment, control activities, information and communication, and monitoring activities (Pakurár et al., 2019). At that time, OR was treated as a residual risk and was therefore not covered under credit risk and market risk (Power, 2003). Due to the case of investment corruption at Barings Bank in 1995 as well as the corruption involving forward transactions at Société Générale, which occurred in 2008 resulting in a loss of 5 billion euros, and other similar incidents within that period, the literature in this field developed, and the need for increased regulation and measurement arose.

According to Power (2003), “Operational risk is not a new risk . . . However, the idea that OR management is a new discipline with its own management structure, tools and processes, is new.” Basel II introduced rules for measuring and management of OR that ranged from the simple to the complex methods, including incentives for capital-holding (Figure 1) (Regulation Art. 4(52), 2013) along with reporting and publishing requirements within the framework of the third pillar. OR has now started to develop as a separate and specific area and new departments focusing on this subject have been opened.

Figure 1.

Basel II OR evaluation methods.

After credit and market risks, these developments drew the attention of both academics and the audit authorities, which led to the emergence of this field of study (Barakat & Hussainey, 2013).

The Basel III document placed greater emphasis on OR and suggested that business continuity programs should be based on the concept of “risk” with the aim of maintaining the function of corporations and reducing the possibility of undesired loss in the case of unexpected and low probability but potentially significant incidents (cutback, state of emergency, crisis, or disaster). The expected characteristics of the risks that are taken into account within the scope of business continuity are the low probability of occurrence and high impact (Directive, 2013). Within this framework, effective reporting and public announcements, and the formation of internal and external databases are important in terms of both supervisory and academic perspectives (Barakat & Hussainey, 2013).

Those who are opposed to the regulations of Basel regarding the necessity to hold capital toward OR claim that OR is not systematic, it can easily be differentiated by investors and can be interpreted or perceived in different ways. However, unlike other non-systematic credit risks, OR is asymmetric and it does not have the possibility of resulting in a profitable outcome; in fact, it almost always results in damage (Cummins et al., 2005).

The most notable difference between OR and financial risks is that it arises solely as a result of engagement in an activity and is not dependent on a financial position. Also, it is highly impactful yet difficult to predict (Dima, 2009). It has come to the agenda of the financial system as a result of low frequency but high impact loss incidences (Black Swans) (Mousa, 2011). While some researchers characterize it as events arising from business-specific factors and they emphasize that it does not present any threat of systemic risk, other researchers have investigated the association between OR and macroeconomic data (Mousa, 2011). It is known that, regardless of size, the operational losses resulting from corruption in the financial sector lead to serious reputational loss and such reputational loss is not taken into consideration in measurement modeling (Eckert & Gatzert, 2015). Barakat et al. (2019) concluded that the loss of reputation is higher in cases where the media uses negative and strong language when announcing the OR losses. Therefore, it is emphasized that even the attitude toward risk of employees who are communicating with the public has importance. Many operational losses are based on human-related incidents and problems. Operational losses resulting from internal processes may be relatively small, but they attract the attention of the media as well as public opinion. ORs based on these kinds of irregular transactions or improper work processes become more harmful than material losses for the corporations due to the damage they cause to their reputation (Perry & Fontnouvelle, 2005).

Considering the destructive nature of OR, it is clear that only allocating capital for this is not likely to provide protection and it can have a very high cost. In this regard, the management and mitigation of OR gain importance. The management of OR requires a strong risk management framework (Mazıbaş, 2005).

Although the Basel Committee and the scope of CRD IV developed a range of strict approaches toward the identification of OR, its impact on bank activities was not mentioned. There are ongoing complex problems related to OR management in terms of practical and methodological methods regarding the interpretation of the system and the decision-making mechanisms. No measurement approach has been developed that measures the negative impact of OR on financial results (Daryakin & Andriashina, 2015).

The diversity of the ORs allows for various different systems of classification and definition. Basel II document provides a uniform application in the calculations of capital adequacy and it divides OR into seven categories (internal corruption, external corruption, recruitment practices and workplace safety, clients, products and loss incidents related to business processes, accidents and natural disasters, system crashes, processing, loss incidents related to delivery and process management) (Bank For International Settlements [BIS], 2004). On the contrary, Dorogovas et al. (2013) categorized the ORs under four main titles. These are the factors arising from human behavior, information systems, internal systems (corporate process), and external sources. Consequently, the efforts to separate and classify the ORs are insufficient due to the characteristics of this risk. This feature is affected by the lack of a suitable database and the scarcity of incidents that have a high impact (Ökdemir & Çelenk, 2010). Besides, there is an ongoing debate about the definition of OR. Power (2003) and Moosa (2007) reviewed the literature about OR, OR definitions, categorizations, and characteristics from a historical perspective. They concluded that even though it is the only type of risk that is institutionalized with an official description, it is highly debatable and therefore almost impossible to achieve a consensus on the issue; hence, it would be beneficial to simplify it in terms of definition, data collection, and measurement strategies. Power (2003) emphasized the fact that it is not possible to quantify it within the framework of the Basel II document. Daryakin and Andriashina (2015) conducted a comparative analysis using Bayesian modeling with income items. They highlighted the deficiencies and inadequacies of the existing models and emphasized the necessity to have qualitative and quantitative factors. Candoğan and Altan (2014) compared the OR calculation methods within the scope of Basel II and concluded that, as the method becomes more complex, the amount subject to OR and the OR capital requirements decline.

Due to globalization, the collapse of global financial firms has a significant effect on economies all over the world. Therefore, corporate governance has become more important for stability and profitability purposes. The business environment has changed dramatically and technological development, changing customer needs, regulations, and policies have increased competition in the market (Pakurár et al., 2019). Thus, the relationship between corporate governance and risk disclosure has received much more attention in the literature than other concepts. Barakat and Hussainey (2013) investigated the effects of governance, regulation, and audit on banking and Islamic Banking risk reporting and OR reporting in particular and explored whether to increase the quality of reporting, the independence of the board of directors and the activities of the audit committee should be increased and the auditors should be more proactive. Conversely, concentrating the responsibilities of the chairman and chief executive officer on the same person reduces the quality of information.

Other researchers have investigated the reputational effect of OR losses and reached valuable outcomes. Perry and Fontnouvelle (2005) analyzed 115 operational loss incidents in financial corporations between the years 1974 and 2004 in order to measure the reaction of capital markets to OR. The results showed that the market value of a company falls by more than double the operational loss that results from internal corruption, and external corruption has the same level of impact as operational losses. Furthermore, the losses are higher in companies where the shareholders have substantial rights. Herghiligiu and Cocrıs (2014) reached the same conclusion about shareholders’ influences. However, in their study, OR was expected to have a negative impact on reputation and would therefore result in a plunge in profitability. While insufficient data was a limitation of their study, they stated that a significant correlation was not detected. Sturm (2013) reviewed the capital market reactions to the declaration of operational losses by European financial institutions between 2000 and 2009. He concluded that operational losses did not originate from the nature of the incident and that the impact on companies was largely determined by their structure. Banks that have higher equity capital and whose liabilities are less than their assets are less affected and he explored whether the OR has any negative impact on reputation risk.

In terms of measurement, Dima (2009) carried out a regression analysis based on 418 branches of a Romanian bank to reduce transaction-based OR and to increase the number of clients. The study suggested that the most effective way of detecting ORs is to systematically track loss incidents and record their frequency and severity as well as other necessary information. Even though this method is expensive, it has proved to be effective. On the same issue, Dorogovas et al. (2013) suggested that the measurement and management of certain risks are still problematic, particularly OR, and 52% of ORs arise from human behavior and information theft. Developing safeguard measures may protect IT systems against possible attacks. Safeguard measures are more important than detecting the last service user’s profile and behavior; however, the use of a firewall may contribute to this process. Mermod and Ceran (2011) reviewed risks including OR and the capital requirements of the banking sector based on the recommendations of the Basel Committee in their comparison of Turkey, Europe, and the United States of America. They concluded that the Turkish banking sector possesses a sound and solid structure.

Some academics believe that the formation of culture is as important as measurement. Financial risk occurs everywhere and it is not possible to eliminate such risks but it should be managed using alternative methods (Shuying & Mei, 2014). According to Mazıbaş (2006) and Ökdemir and Çelenk (2010), the process of creating an OR database and OR auditing, the effectiveness of the database, and the integrity of risk management systems are closely related to the extent which the bank executive management embraces the issue by improving the control structure and the formation of culture. It is important that the determination of the management lays the essential foundation for the functioning of the systems and processes and prevents the behaviors that arise from negative motives. Erdoğan and Ülbeği (2009) aimed to provide data for the methods that will be developed for risk measurement and management by revealing the perception differences of the human resources, which is one of the most significant determinants of OR, toward various incidences that may affect risk formation. Ultimately, they concluded that the perceptions differ according to demographic characteristics. Kanagaretnam et al. (2011) studied the two cultural structures predicated on avoiding uncertainty and selfhood and their impact on risk-taking in the banking sector. Their findings suggested that banks take less risks in countries that avoid uncertainty and take more risks in countries where there is higher selfhood.

Method

This article involves a survey that was administered to employees of Internal Auditing, Risk Management, Compliance, Credit, Treasury, Information Technologies (IT), and Accounting Departments of the 22 banks operating in the TRNC. In total, 320 completed surveys were collected. Although there is no statistical data about the employees that are working in the selected departments, considering the fact that the total number of employees working in the banking sector was 3,148 as of December 2018 (The Central Bank of TRNC, 2018), the number of completed surveys is sufficient to obtain reliable results for an overall representation of the whole banking sector. Taking into account that within the TRNC banking sector, risk management/compliance, internal audit, and IT departments do not have sufficient human resources, the survey was conducted with the participation of the abovementioned departments, which are situated in the executive headquarters of the banks. It can be said that the total number of employees reached (320) is representative of the total number of employees of the concerned departments (Creswell, 2009; Saruhan & Özdemirci, 2013).

In this case, we can refer to a combination of cluster sampling, which is one of the probability-based methods, and deliberate (purposive) sampling, which is one of the non-probability-based (biased) methods (Ryzın, 1995; Tongco, 2007). Ryzın (1995) argued that cluster analysis has a number of features that make it extremely useful for purposive sampling, such as that it can provide extra information about the selection process and results can be easily generalized.

The survey was prepared referring to the scales used in the articles “A Study on OR Audit in Banks and the Banks Operating in Turkey” by Ökdemir and Çelenk (2010), “A Study on OR Perception” by Erdoğan and Ülbeği (2009) and also the authors’ personal experience. A 5-point Likert-type scale is used in the survey (1—Strongly Agree, 2—Agree, 3—Neutral, 4—Disagree, 5—Strongly Disagree). At the beginning of the survey questions, the participants were asked six questions with the aim of understanding the demographic structure (age, department of duty, banking experience, education, position, the age of the bank). In total, the survey consists of 32 questions.

A pre-application test was conducted with 18 participants to evaluate and revise the inadequacies of the survey questions and any expressions that appeared to be false or incorrect. The statistical data in this research were produced via SPSS packaged software. In terms of the analysis method, Factor Analysis by the Principal Component Method, Factor (Principal Component)-Based One-Way Variance (analysis of variance [ANOVA]), and linear regression analysis were applied to the variables created as a result of factor evaluation. The Principal Components are named as “Factors” throughout this article.

Findings

Demographic Structure

Table 1 shows the demographic attributes of the 320 employees who participated in the survey.

Table 1.

Demographic Attributes (Numbers and Percentages Are Given in Each Section).

Age of employee	20–35 years	36–45 years	46–55 years	56 years and older
	142	110	54	14
	44.38%	34.38%	1.88%	4.38%
Department	Credit	Internal audit	Risk man./compl.	Accounting	Treasury	IT
	97	45	39	76	38	25
	30.31%	14.06%	12.19%	23.75%	11.88%	7.81%
Experience	1–5 years	6–10 years	11–15 years	16–20 years	21 years and more
	65	89	59	37	70
	20.31%	27.81%	18.44%	11.56%	21.88%
Education level	High school	Academy (2 years)	University	Postgraduate	PhD and above
	44	16	187	72	1
	13.75%	5.00%	58.44%	22.50%	0.31%
Position	Manager	Auditor	IT Personnel	Officer	Authorized emp.
	107	26	15	88	84
	33.44%	8.13%	4.69%	27.50%	26.25%
Age of the bank	51 years and older	Between 30 and 50	Between 20 and 29	Between 10 and 19	Between 0 and 9
	100	63	117	15	25
	31.25%	19.69%	36.56%	4.69%	7.81%

Note. Risk man./compl. = risk management and compliance; Authorized emp. = authorized employee; IT = information technology.

Age of the participants and the department in which they work

Approximately 79% of the survey participants were under the age of 45 and 21.2% were over 46 years. Only 4.4% of the participants were 56 or older and 44.4% were 35 or younger (Table 1). This indicates that the participants were either very young during the banking crisis in 2000 or they were not working in the sector at that time. When we consider the number of employees in terms of departments of duty, the low number of employees in the IT, risk management/compliance, and internal audit departments is noteworthy. The number of those working in internal audit departments is more than 50% less than those working in credit departments, and the number of personnel in the risk and compliance department is as much as half of accounting personnel. Before the crisis, such departments did not exist, but over time, there was no alternative other than to rely on internal risk management (Tripati & Ghosh, 2008). Hence, it is obvious that the importance given to these departments has increased.

Banking experience and education of the participants

66% of participants had less than 15 years of experience in the sector and 11.6% had 16 to 20 years of experience. Only 22% had been working in the sector for 21 years or more, while 81.2% had a university degree or higher education qualification. Hence, although the experience of the participants was low, their education levels were relatively high.

Positions of the participants and age of the bank

In many banks, particularly the relatively small ones, departments such as internal audit, risk management, and IT are still not recognized or established as full departments and due to the fact that number of employees is low, personnel in these positions work as administrative and authorized officers. In terms of risk management, one of the disadvantages of a small banking sector is the insufficient number of personnel in these departments and the inability to develop sophisticated approaches. The number of personnel who work in the specified departments is higher in banks that have been operating for more than 20 years and lower in banks that are younger than 20 years.

Factor Analysis and Reliability

Factor analysis

Factor analysis is used to aggregate variables and to collect the co-variables under the same factor. The aim is to interpretively aggregate the variables related to OR perception and culture. Before the factor analysis was applied, the Kaiser–Meyer–Olkin Sampling Adequacy Test was conducted to test the conformity of the variables to the factor analysis. The result of this test was found to be 0.816, which is significantly greater than the threshold (0.5), indicating that the variables are suitable for the factor analysis. As a result of the chi-square test, statistic for Bartlett’s Test of Sphericity, which measures the sufficiency of correlation between the variables, was found to be 2,689.045, with a p value of approximately zero. The calculated p-value is much smaller than the significance level (.05). Thus, the variables that were used are suitable for factor analysis.

As a result of the varimax rotation principal components factor analysis (Büyüköztürk, 2002), which was applied to 32 variables after the prerequisites were met, the “Component Matrix” was evaluated. Out of 32 variables, 26 of them were collected under eight factors as a result of the evaluation. The total variance expressed has been reported as 64.19%. Table 2 shows the eight factors that have an eigenvalue higher than 1, along with their pre- and post-rotation values. The description value of each factor in the variance identifies the relative importance of the related factor.

Table 2.

Factor Analysis Result Table.

Factors (F) and variables	Eigenvalue	Factor loads	Variance%	Cumulative variance	Rotation variance
F1-Operational risks increase due to the developments in the financial system.	6.098		23.455	23.5	9.1
The increase in products and services increases the operational risks.		0.819
The increasing number of financial products and services makes auditing operational risk more difficult.		0.778
Operational risks continually increase.		0.682
F2-Operational risk database is important in operational risk quantification.	2.583		9.936	33.4	9.0
External data should be added to the operational risk database.		0.796
Operation risk databases should be established in banks.		0.705
External service procurement is important in database security.		0.601
Banks should participate in a joint “Operational Risk Database” project.		0.582
F3-Information about operational risk quantification has been formed.	2.216		8.522	41.9	8.5
Executives tend to use older software and systems for as long as possible.		0.823
Executives tend to ignore risks they have never encountered before.		0.803
The consulting aspect of Bank auditors is neglected.		0.563
In the process of operational risk quantification, qualitative methods are more realistic than numerical methods.		0.508
F4-Operational risk audit is performed adequately.	1.294		4.976	46.9	8.4
Auditors of banks act independently and impartially from the executives.		0.749
The auditors are adequately prepared with regard to money laundering.		0.742
The studies and reports covering operational risk-based audits are sufficient.		0.666
The public supervisory authority is adequately leading in operational risk management.		0.557
F5-Priority issues for mitigating operational risk have been perceived.	1.265		4.867	51.8	8.4
The lack of knowledge and experience of the employees who perform treasury operations and credit transactions leads to operational risk.		0.802
The lack of a sufficient number of employees who perform treasury operations and loan transactions leads to operational risk.		0.777
In order to prevent conflicts of interest, the mechanisms of assessment, approval and execution in the Credit and Treasury departments should be separated.		0.730
F6-Importance of auditing is perceived.	1.137		4.375	56.1	7.3
Auditors are primarily responsible for detecting corruption.		0.714
Lack of auditing is the fundamental cause of operational risk-related scandals around the world.		0.581
Money laundering causes serious operational risks.		0.540
Use of banks in money laundering crimes can be substantially prevented with auditing.		0.515
F7-The responsibilities of the top management have been understood.	1.057		4.067	60.2	7.1
Top management should understand the importance of the credit risk the bank is exposed to in both on- and off-balance sheet transactions.		0.834
Top management must have implemented a comprehensive policy about the asset quality of the bank.		0.824
F8-The institutionalization objectives of the top management are important.	1.038		3.994	64.2	6.5
Designation of required documentation that should be provided by bank customers in a detailed manner and should be transactional based (such as balance sheet, income statement, certificate of activity) reduces operational risks.		0.691
The targets such as exorbitant deposits/credits that are determined and directed to the branches by the top management lead to operational risk.		0.538

Note. Variables that are excluded from factor analysis. 1—The fact that the valuation of loan collaterals is not determined by taking into account the imputed costs and the current market values in the market leads to operational risk (7). 2—Capital adequacy is not an objective for BASEL, it is a tool for effective supervision systems (10). 3—Emergency Action Plans should be prepared by the auditors of the bank (23). 4—When preparing an Emergency Action Plan, the opinions of employees at all levels should be sought (24). 5—Operational risk-based audits are mostly shaped within the framework of legal obligations. 6—A position such as “Fraud Auditor” should be established at the banks (31).

The eight factors obtained as a result of factor analysis are divided into two main groups and associated with OR perception and the formation of risk culture. The factors that are classified under OR perception are those that require awareness, experience, and as a result, perception formation. Those that need corporate involvement and the initiative of the organization are classified under formation of OR culture. The two main groups are subjected to linear multiple regression analysis (Table 3).

Table 3.

Variables of the Linear Regression.

Operational risk perception	1. Operational risks increase due to the developments in the financial system.2. Operational risk database is important in operational risk quantification.3. Information about operational risk quantification has been perceived.4. Operational risk audit is performed adequately.5. Priority issues for reducing operational risk have been perceived.	3 components 4 components 4 components 4 components 3 components	Factors that have been evaluated as signals of the perception of OR and the necessity of OR management.
Formation of operational risk culture	6. Importance of auditing is perceived. 7. The responsibilities of the top management have been perceived. 8. The institutionalization objectives of the top management are important.	4 components 2 components 2 components	Factors that affect the formation of OR culture.
Demographics	Age, department of work, banking experience, education, duty, and age of the bank	6 components

Note. OR = operational risk.

Reliability

Cronbach’s alpha analysis was used in order to test the coherence of the data and the scale obtained as a result of the survey. The test was carried out on the entire scale consisting of 32 questions and the obtained result is .884. Separate reliability tests were applied on the eight factors that were formed as a result of the factor analysis and the results are summarized in Table 4.

Table 4.

Overall and Factor-Based Reliability Test Results (Cronbach’s Alpha).

Factor-based reliability
Overall reliability	F1	F2	F3	F4	F5	F6	F7	F8
.884	.771	.725	.723	.718	.768	.595	.789	.495

Note. F denotes “factor.”

As the reliability in Factors 6 and 8 is below the expected minimum value of 0.7 (Saruhan & Özdemirci, 2013), the variables compiled under these factors were examined and the reasons for the incoherence of the participants’ responses were investigated.

Evaluation of F6 and F8, Which Have Low Reliability Degrees

Within the framework of F6, there is a tendency to hold the auditors accountable for any corruption incident, fraudulent loss, corporate damage, and any transaction that causes material or moral loss. The different approaches on this subject taken by the auditing department and other departments in the banking sector are remarkable. Audits take place after incidents occur and they include procedures to ensure that corrective measures are taken. Auditors play an important role in ensuring that work is carried out properly and the adopted corporate governance principles are applied. Also, they detect the generally defective aspects and the mechanisms that lead to the malfunctioning. The detection of corruption depends on the type of corruption that occurs, but generally it is not an easy task to detect cases of malicious corruption. In systems where the Board of Directors do not set effective internal control mechanisms, irregular transactions occur more frequently (Rao & Ghosh, 2008). For this reason, holding the auditors primarily responsible can lead to misleading results.

Evaluating F8, the profit-oriented attitudes of management and the incentives given to mid-level executives as a result of certain determined targets can lead to a struggle for superiority and might cause misappropriation. With regard to the necessary documents that customers should submit, confidence issues arise between customers and corporations, based on the characteristics of underdeveloped societies. The clients particularly feel that the banks have a level of mistrust toward them. Income-generating departments experience difficulties with gathering detailed documentation and considering the challenges involved with application; they refrain from establishing a detailed database. The incoherence also observed in this subject should be associated with institutionalization and the form of management.

Factor Analysis in Terms of Differences in Perception

In order to evaluate the differences in perception, factor-based one-sample t-test is applied (Table 5).

Table 5.

One-Sample t-Test (Test Value = 3).

Statistics	F1	F2	F3	F4	F5	F6	F7	F8
M	2.210	1.939	2.777	2.536	1.638	1.939	1.215	2.132
Median	−0.789	−1.060	0.222	−0.463	−1.361	−1.060	−1.784	−0.867
SD	0.839	0.589	0.829	0.711	0.665	0.626	0.446	0.822
t value	−16.820	−32.188	4.795	−11.647	−36.579	−30.266	−71.475	−18.869
Sig. (two-tailed)	.000	.000	.000	.000	.000	.000	.000	.000

Note. Sig. = “significance.”

In all factors, the participants responded below the test value, which corresponds to “I agree.” Factors 2, 5, 6, and 7 are separated from the other four factors. In other words, the mean difference is greater than 1, so it is determined that the mean of these factors is below 2. The majority of the participants responded with values of 1 and 2 for Factors 2, 5, 6, and 7. On the contrary, the participants expressed more anxious and indecisive attitudes with regard to Factors 3, 4, 1, and 8.

Factors With Results Close to 3 (F3, F4, F1, F8)

Listed from the most indecisive, the range mentioned in the title (F3, F4, F1, F8) is formed and statistical data in Table 5 were listed as below 3 and above 3 depending on the value of 3, which corresponds to indecisiveness.

In Table 6, the responses of 154 participants are 3 or above with respect to F3 “Information about Operational Risk Quantification has been formed.” It is observed that they were either unsure about the subject or they claimed that no information had been formed. There is no aggregated database available in the sector on this subject, and banks have not collected or reported data. Although the average is expected to be over 3, the value was actually 2.777. This level may be interpreted to mean that the participants preferred to stay neutral to avoid giving an incorrect answer. Even though the value for F2 “OR Database is Important in OR Quantification” was lower than 2, which means the participants clearly accepted that there is no database in the sector and they believe it is essential, their indecisiveness with respect to F3 may be related to the tendency to ignore the insufficient infrastructure. On the contrary, because there is no idea of the limits of sufficiency, this may have resulted in the need to appear perceptually sufficient. Although the results do not indicate negativity as the average is not above 3, as it is close to the value of 3, this can be interpreted as an indication that there is a certain level of awareness.

Table 6.

Factors With Results Close to 3.

	F3			F4			F1			F8
	Below 3	3	Above 3	Below 3	3	Above 3	Below 3	3	Above 3	Below 3	3	Above 3
Numbers	166	37	117	220	43	57	261	15	44	250	42	28
%	51.88	11.56	36.56	68.75	13.44	17.81	81.56	4.69	13.75	78.13	13.13	8.75

In F4, which assesses whether the audits are being conducted sufficiently, although it is expected that negative results would be obtained, which means higher than 3, the results of the contextual variables suggest that a definite judgment was avoided. When the contextual variables are reviewed, it is found that there is 70% agreement (except the neutrals) with the fact that auditors are completely independent from managers, which is a relatively high rate. If the auditors are allowed to act sufficiently independently, they would go beyond legal requirements and would have the opportunity to make more advanced audit plans. Banks should have the responsibility to provide effective education and enhance the skills of the employees to achieve such an independent structure. An OR audit is a form of audit that is more specific, requires experience, and contributes to the development of prevention mechanisms (Basel Committee on Banking Supervision, 2011). 53% of the respondents confirmed that the auditors have adequate knowledge about money laundering issues. There was almost 72% agreement that OR-based audits are only conducted to extent that legal obligations require. In short, this type of audit is only performed on a minimal basis. In fact, OR audits should be the concern of the corporations themselves rather than the supervisory authority. On the contrary, only 28.8% of the participants agreed with the statement that the supervisory authority is sufficiently leading with regard to OR management, whereas 43% were neutral and the rest disagreed. With regard to the sufficiency of OR-based studies, only 41% agreed; in other words, it is emphasized that it is not sufficient.

A majority of respondents (82%) stated that the developments in the financial system increases OR (F1); however, the fact that around 20% gave neutral or negative responses is an important indicator that shows that there are professionals who still do not have any knowledge about OR. It is recognized that ORs that cause major losses may lead to even greater reputational losses (Perry & Fontnouvelle, 2005). For that reason, attempts are made to hide banking scandals that occur on an infrequent basis from the public. It is an undeniable fact that financial developments trigger OR. Although this has been confirmed, the fact that there are neutral and negative responses show that there are problems with regard to the perception of the subject.

It is well established that top management’s objectives toward institutionalization (F8) and the precautions would reduce the OR. One of the recent debates surrounding Basel is about the guidelines and thresholds of banking management and corporate governance (Neifara & Jarbouib, 2018). Despite these developments, it is observed that there is a tendency toward indecisiveness and contradiction (40%) in a significant segment of the banking sector in the TRNC. The increasing importance of suitably equipped human resources, which is the most important resource in the banking sector, and enhancements to the corporate governance structure to avoid OR should be understood. This reveals that there is a strong need to improve the OR culture within the system.

Factors With Results Below 2

The questions that are collected under F2—OR Database is Important for OR Quantification, F5—Priority Issues to Reduce OR have been Understood, F6—Importance of Audit is Understood, and F7—The Responsibilities of the Top Management have been Understood include more leading and more generally accepted components. Therefore, the beliefs and attitudes of the participants are formed in that direction. Table 7 shows that there is almost no disagreement with regard to the responsibilities of top management regarding OR.

Table 7.

Factors Below 2.

	F2			F5			F6			F7
	Below 3	3	Above 3	Below 3	3	Above 3	Below 3	3	Above 3	Below 3	3	Above 3
Numbers	303	7	10	304	6	10	292	18	10	317	1	2
%	94.69	2.19	3.10	95.00	1.90	3.13	91.25	5.63	3.13	99.06	0.31	0.63

One-Way ANOVA Tests

In the one-way ANOVA tests (used to determine whether there are any statistically significant differences between the means of three or more independent variables), the only significant differences are between the ages and factors in the context of Factor 2 and the department of duty and factors in the context of Factor 4 and Factor 6.

ANOVA test between age and factors

In the ANOVA test conducted between age and factors, in the context of F2 “OR Database is Important for OR Measurement” a significant difference is found between those aged 20–35 and 46–55. The 46–55 age group (Table 8) has the lowest average related to this subject. This means that this age group is differentiated from the others and has the highest support for the formation of an OR database along with its measurement. Based on the research findings, Kozubikova et al. (2016) reached the same conclusion that older firms more intensively perceive the importance of financial risk. The highest average appears in the 20–35 age group. It is considered that the reason for this perception could be entirely related to the crisis that occurred in 2000, as this age group of employees started working in the sector after this period.

Table 8.

46–55 Age Difference Within the Context of Factor 2.^a

Age	Number	M
46–55	54	1.782
36–45	110	1.911
56 and older	13	1.981
20–35	142	2.024
Sig.		0.299

The mean difference is significant at the .05 level.

ANOVA test between the department of duty and factors

In Table 9, the perceptual differences between the mentioned divisions are stated.

Table 9.

Differences Between Departments and Factors.^a

F4-OR audit is conducted adequately	F6-The importance of audit has been perceived
1. Credits and treasury	1. Credits and internal audit
2. Accounting and treasury	2. Internal audit and accounting

Note. OR = operational risk.

The mean difference is significant at the .05 level.

In terms of the variables that analyze F4, a significant difference is observed between the Credits and Accounting departments and the Accounting and Treasury departments. When the subject is analyzed within the framework of the data in Table 10, the responses of the Credits departments are close to the “adequately performed” statement with an average of 2.43, whereas the Treasury Departments responses are closer to the “not performed adequately” statement with an average of 2.82. This can be interpreted as relatively normal considering the fact that Treasury personnel are more conservative and have higher awareness as they are more integrated with the outside world. However, the striking outcome is related to the attitudes of employees in Credit departments, who are responsible for managing a significant proportion of the bank balance sheets. The less anxious position of Credit personnel may be attributed to the fact that in the TRNC, the banks are more inward looking, whereas Treasury personnel face more risks as they are more integrated with the international system. It is thought that the perceptual differences between Accounting and Treasury employees may be based on the same reason. The interesting result here is that although the Risk Management, Compliance, and Internal Audit departments were expected to be as sensitive or even more sensitive than the Treasury department employees, they have relatively less awareness. On the contrary, the change in IT departments compared with the other departments is undeniable because, in recent years, the increasing dependence on IT has given IT personnel extraordinary self-confidence and has made the bankers dependent on the initiative of these departments. This may be considered as a process that could lead to the creation of new ORs.

Table 10.

Interdepartmental Differences Within the Scope of Factor 4.

Department of duty	Number	M
IT Department	24	2.344
Accounting	76	2.391
Credit	97	2.430
Risk management/compliance	39	2.680
Internal auditing	45	2.717
Treasury	38	2.816
Sig.		0.127

While the Credits and Accounting department personnel reached the conclusion that the importance of auditing has been perceived, the personnel in the Internal Audit departments displayed a slightly more concerned attitude (Table 11). Table 10 shows that there is a trend that confirms about a similar situation to that observed in Factor 4. The employees who conduct the audits and are therefore exposed to risks have to pay more attention to the risks they encounter when performing their duties. In fact, one of the major risks the banking sector confronts is credit risk. For that reason, the departments that extend loans should be sufficiently aware of credit risk and OR, and the credit supply processes should be determined effectively. This result shows that the Credits and Accounting departments are less equipped with regard to the perception of risk and its nature. Here, the perceptions of the Risk Management and Compliance department employees yield interesting results. The fact that risk departments are more content while Internal Audit employees are more concerned indicates a contradictory situation.

Table 11.

Interdepartmental Differences Within the Scope of Factor 6.

Department of duty	Number	M
Risk management/compliance	39	1.836
Credit	97	1.853
Accounting	76	1.859
Treasury	38	2.026
IT Department	24	2.052
Internal auditing	45	2.211
Sig.		0.057

Regression Analysis

The eight factors obtained as a result of factor analysis are deliberately divided into two main groups and associated with OR perception and the formation of risk culture (Table 3). The adjusted R² is same and is calculated as “1” for both two regressions that performed, which means independent variables that we used (factors) hundred percent explain the dependent variable. A hypothesis test via the F-statistic was also carried out to determine whether the independent variables (Factor 1–8) were significant. In all cases, the p-value was less than the significance level. This indicates that the null hypothesis (null hypothesis H₀: β_Fi = 0, alternative hypothesis H₁: β_Fi ≠ 0, i = 1, 2, . . . , 8.) is not valid and should be rejected. Therefore, the factors and hence the model are significant in explaining the data. Note that β_Fi refers to the respective regression co-efficient.

Within the context of OR management, establishing a comprehensive structure for perception is an essential yet difficult task. This type of structure should be formed in connection with the other departments of the bank, a steady information flow and reporting infrastructure should be developed, regular reports should be provided to the board of directors, and regular controls should be applied via internal and external audits. The results of the regression analysis conducted on the OR perception are illustrated in Table 12 and it can be seen that while all related factors affect the OR perception, factors F1, F3, and F4 have the greatest effects. The developments in the financial system, OR measurement elements, and the components of the OR audit are the factors that have the most impacts on perception. It can be seen that the number of ORs is continually increasing due to the growth in financial services. It is therefore necessary to develop systems and software, despite the tendency of senior management to ignore such factors. It appears that the sufficiency of bank supervision and the competency of auditors constitute the main influencers of perception. Under these circumstances, it can be said that where mid-level management is more effective and communication channels from mid-level upward and downward is formed efficiently, the OR perception can spread throughout the corporation in a smoother way. Hence, mid-level management and effective forms of communication are vital (Flores et al., 2006).

Table 12.

Regression Analysis Between OR Perception and Five Factors (Dependent Variable OR Perception).

	Unstandardized		Standardized	t	Sig.	Collinearity statistics
Numbers	B	SE	Beta	t	Sig.	Tolerance	VIF
(Constant)	1.712E−16	0.000		0.000	1.000
F1	0.200	0.000	0.368	716,113,945.711	0.000	0.709	1.410
F2	0.200	0.000	0.256	495,864,133.603	0.000	0.702	1.424
F3	0.200	0.000	0.362	727,344,854.468	0.000	0.756	1.323
F4	0.200	0.000	0.315	708,550,492.778	0.000	0.945	1.058
F5	0.200	0.000	0.286	590,130,453.898	0.000	0.797	1.255

Note. OR = operational risk; VIF = variance inflation factor.

The formation of culture is a more complex and process-based concept. North (1991) defined institutions as being either formal or informal. Formal institutions are those that defined in a written format in terms of a constitution, laws, property rights, or human rights. Unofficial institutions are unwritten structures, such as taboos, traditions, religious principles, manners, and habits, which are shaped within communities over time and belong to that community.

Informal institutions provide continuity from the past and play a major role in the formation of official institutions (Casson et al., 2010). Advanced predictive OR management programs can change employee sentiments, but deeper changes are also needed at the cultural level (O’Reilly et al., 2018). The formation of culture and the establishment and settlement of written rules can be managed by transferring them to the next generations. The formation of organizational memory is of great importance as it facilitates the settlement of culture.

Table 13 shows that all related factors affect the OR culture but F8, which refers to institutionalization, is the most effective. The institutionalization objectives of management are closely related to the formation of culture and it is clear that it is not possible to mention culture without institutionalization.

Table 13.

Regression Analysis Between the OR Culture and Factors (Dependent Variable OR Culture).

	Unstandardized		Standardized	t	Sig.	Collinearity statistics
Numbers	B	SE	Beta	t	Sig.	Tolerance	VIF
(Constant)	2.474E−15	0.000		0.000	1.000
F6	0.333	0.000	0.428	222,261,129.157	0.000	0.827	1.209
F7	0.333	0.000	0.329	170,727,901.376	0.000	0.827	1.209
F8	0.333	0.000	0.562	289,230,118.755	0.000	0.814	1.228

Note. OR = operational risk; VIF = variance inflation factor.

Discussion and Limitations

This research falls in the framework of Resource-Based Approach Theory (Barney, 1991) and studied the human resource aspect of OR. Specifically, our research concentrated on factors that affected the formation of employee perception and culture. The attitudes of employees in the North Cyprus banking sector who are more integrated in banking activities and are exposed to risks analyzed from the perspective of employee perception of OR and the formation of a culture within the sector. It is important to note that a severe crisis affected the banking sector in Northern Cyprus in 2000. Certain reconstructive measures were put in place in the aftermath of the crisis. These measures as Power et al. (2013) stated as regulatory culture enhanced the banking sector robustness, and as a result, it was less affected by the global financial crisis of 2008. To the best of the authors’ knowledge, this is the first such study to be conducted in North Cyprus. The fact that North Cyprus is a small economy with its own peculiarities makes the study quite representative and potentially valuable for other small economies.

Our findings show that there is a strong correlation between employees’ attitudes toward risk perception and financial crises that impact the country in which they work. The research shows that the personnel who experienced the 2000 crises are more sensitive to and at the same time more aware of the risks. This finding is in line with the empirical findings of Richter (2013). After the 2000 crises, measures toward the institutionalization and adoption of strict regulations resulted in an improvement of OR perception. The findings of Lim et al. (2017) about the relationship between effective risk management and strong risk culture strongly support our results.

The questions that were directed at the banking employees were aimed at measuring the basic concepts of OR in empirical way as suggested by Palermo et al. (2017) and concentrated on their perceptions and the specific factors that deepen the culture in these areas (Agarwal et al., 2019). The conducted factor analysis revealed that among the many factors that affect OR, eight of the factors had a more significant influence on OR perceptions. Via the ANOVA tests, it was found that the perceptions of Factors 4 and 6 showed significant differences with respect to the department in which the employees worked. Similarly, Factor 2 showed significant differences with respect to the age of the employees.

The eight factors were divided into two main groups and associated with OR perception and the formation of risk culture. In their research, Agarwal et al. (2019) also find out that, based on the empirical studies, researchers have discussed whether risk culture is measurable and reportable and what factors have more impact on risk culture. Further regression analysis on the two groups was then carried out to determine the factors that were more important for each of the two general groups, respectively. The results indicated that Factors 1, 2, and 4 are important for OR perception. For the formation of effective perceptions, financial institutions should follow the developments in the sector such as new products and services and new techniques for OR auditing, methods of measurement and infrastructure, internal control, and reporting methods of OR (Basel Committee on Banking Supervision, 2011). On the contrary, Factor 8 indicates that the institutionalization objective of top management has crucial importance for the formation of culture, which is in line with the research of Power et al. (2013).

The results presented in this article only reflect evidence from the North Cyprus banking sector. The fact that only one country that is representative of a small economy has been studied is a limitation. Therefore, the conclusions of this study should be supported with more evidence sourced from economies and banking sectors similar to North Cyprus. This will also allow for a comparison of the attitudes of employees from different countries. It is believed that this will make the results more valuable.

The above limitation also presents a direction for future research. Similar studies should be carried out for countries with similar economies and banking sectors. A good candidate would be the Republic of Cyprus, which also underwent a financial crisis in 2011. Another direction of future research that we believe will be important comes directly from the results of the risk literature, which indicate that the prevention of OR is more important than its measurement. This finding is also supported by this study. However, prevention depends on the extent to which perception transforms into a persistent culture. We believe that studies that concentrate on how acquired perception can be turned into a persistent culture are worth pursuing.

Conclusion

Instead of mining from the reports as performed by Power et al. (2013) and Agarwal et al. (2019), this study used primary data and has determined differences in perception of OR and formation of culture by using factor analysis followed by one-way ANOVA tests. As a result of the ANOVA tests between departments and factors, a significant difference between credit, accounting, and treasury personnel has been observed. The treasury personnel are more sensitive about the subject when compared with the other two. With regard to the importance of audits, there is a significant difference between the credit, accounting, and internal audit departments. Here, another important aspect is that the perceptions of risk management/compliance departments do not differ from the credit and accounting departments. The structure of treasury departments means that they are more open to international transactions, which is accepted as an indicator that they are more sensitive in terms of perceiving risks. One of the issues to be addressed is whether the risk management and compliance departments implement their functions effectively and according to the international criteria for good practice. This is an indicator that in small banking sectors, these departments are not developed sufficiently and there is a need for active guidance from public supervisory authorities.

In the one-way ANOVA test between age and factors, there were more significant differences in the 46–55 age group compared with the 25–35 age group. As a result of the analysis, it has been determined that the 46–55 age group has the highest belief in the importance of the measurement of OR and the formation of a suitable database. This is important in the sense that it clearly shows that personnel who witnessed the crisis in 2000 are more sensitive about the subject. However, it is unfortunate that this awareness of older personnel has not been transmitted to the younger generation and it is thus hard to say that a permanent culture has been formed.

The majority of the survey participants emphasized that the main reason for OR is the lack of auditing. The results of the regression analysis confirm that the concept of auditing and the functions of the auditors are often confused. An effective audit can be preventive and act as a deterrent; however, the detection of corruption requires the creation of effective mechanisms in addition to the audit function. This finding is also consistent with the findings of Neifara and Jarbouib (2018).

Institutionalization is one of the most important factors in establishing an adequate framework related to this subject. The results for Factors 3, 4, and 1 about OR perception and Factor 8 on culture indicate that there is a significant amount of indecisive respondents. This suggests that although there are no settled, adopted concepts or detailed work about the subject or the scope of the subject in the TRNC, the participants preferred to stay neutral. However, a significant number of participants responded positively to the issue of institutionalization.

It is thus not difficult to conclude that there is a need to establish measures to improve the institutional nature of the industry (formal and informal institutions) which in turn will result in the formation of an OR culture. The formation of a culture is one of the key factors that will influence economic growth (North, 1991; Williamson, 2000).

Another finding of our study is that the participants accepted that there is a necessity to establish an effective database for OR control that can increase the awareness and lead to the formation of effective mechanisms. The perception of risk management is only possible by collecting and sharing information/data and making it a part of the corporate culture through these efforts, as stated by Flores et al. (2006).

It has been demonstrated that the auditing and reporting of the public supervisory authority about OR remain insufficient. OR is, in fact, an internal problem that should be addressed by the institutions themselves and it may be possible to prevent it by increasing the level of awareness. Therefore, it is also important to ensure that in the process of increasing awareness, the public supervisory authority fulfills its guiding duties effectively.

The participants agreed that auditors should be independent from managers. However, they also confirmed that OR audits do not extend beyond the legally stipulated requirements. The directing and guiding aspect of the supervisory authority with regard to this subject should therefore be made more effective. The subject of what is understood about the independence of the auditors should be examined in a separate study. Although it is confirmed that the developments in the financial system increase OR and the institutionalization targets of the top management reduce OR, the fact that there is a significant amount of neutral and negative views about these issues shows that there are still problems with regard to the perception of OR.

Footnotes

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

ORCID iD

Dervis Kirikkaleli

References

Abdul Rahim

N. F.

Haron

Mohamed Zainal

S. R

. (2014). Perceived operational risk management and customer complaints in Malaysian conventional banking industry. Advanced Science Letters, 21, 745–750.

Agarwal

Gupta

Kumar

Tamilselvam

S. G.

(2019). Learning risk culture of banks using news analytics. European Journal of Operational Research, 277, 770–783.

Barakat

Ashby

Fenn

Bryce

(2019). Operational risk and reputation in financial institutions: Does media tone make a difference? Journal of Banking and Finance, 98, 1–24.

Barakat

Hussainey

(2013). Bank governance, regulation, supervision, and risk reporting: Evidence from operational risk disclosures in European banks. International Review of Financial Analysis, 30, 254–273.

Barney

(1991). Firm resources and sustained competitive advantage. Journal of Management, 17, 99–120.

Bank for International Settlements. (2004, June). Basel Committee on Banking Supervision international convergence of capital measurement and capital standards, annex, 7. https://www.bis.org/publ/bcbs107.pdf

Basel Committee on Banking Supervision. (2011, June). Principles for the sound management of operational risk. https://www.bis.org/publ/bcbs195.pdf

Belás

Dvorský

Kubálek

Smrčka

(2018). Important factors of financial risk in the SME segment. Journal of International Studies, 11, 80–92.

Blacker

(2000). Mitigating operational risk in British retail banks. Risk Management: An International Journal, 2, 23–33.

10.

Buchelt

Unteregger

(2003). Cultural risk and risk culture: Operational risk after Basel II. QNB (Austrian National Bank) Financial Stability Report, 6, 86–97.

11.

Büyüköztürk

. (2002). Faktör Analizi: Temel Kavramlar ve Ölçek Geliştirmede Kullanımı [Factor analysis: Basic concepts and its use in scale development]. Kuram ve Uygulamada Eğitim Yönetimi [Educational Administration in Theory and Practice], 32, 470–483.

12.

Candoğan

M. A.

Altan

(2014). Basel Kriterleri Çerçevesinde Operasyonel Risk ÖlçümYöntemlerinin Karşılaştırılması: Örnek Bir Uygulama [Comparison of operational risk measurement methods in the framework of basel criteria: A sample application]. Selçuk Üniversitesi Sosyal Bilimler Enstitüsü Dergisi [Selçuk University Journal of Social Sciences Institute], 31, 265–276.

13.

Casson

M. C.

Giust

M. G.

Kambhampati

U. S.

(2010). Formal and informal institutions and development. World Development, 38(2), 137–141.

14.

The Central Bank of TRNC. (2018, December 31). http://www.kktcmerkezbankasi.org

15.

The Central Bank of TRNC. (2019, December 6). http://www.kktcmerkezbankasi.org/sites/default/files/mevzuat/Bankalar%C4%B1n%20Sermaye%20Yeterlili%C4%9Finin%20%C3%96l%C3%A7%C3%BClmesine%20ve%20De%C4%9Ferlendirilmesine%20%C4%B0li%C5%9Fkin%20Tebli%C4%9F.pdf

16.

Chevallier

C. O.

Joueidi

S. E.

(2019). Capital regulation and banking bubbles. Journal of Mathematical Economics, 84, 117–129.

17.

COSO. (2013, May). Internal control-integrated framework. https://www.coso.org/Documents/990025P-Executive-Summary-final-may20.pdf

18.

Creswell

J. W.

(2009). Research design qualitative, quantitative and mixed methods approaches. Sage.

19.

Cummins

Lewis

C. M.

Wei

(2005). The market value impact of operational risk events; US banks and insurers. Implementing AMA for operational risk. Federal Reserve Bank of Boston.

20.

Daryakin

Andriashina

(2015). Problems of evaluation and management of operational risks in banks. Procedia Economics and Finance, 24, 156–165.

21.

Dima

A. M.

(2009). Operational risk assessment tools for quality management in banking services. Amfiteatru Economic Journal, 11, 364–372.

22.

Directive. (2013, June 26). Directive 2013/36/EU of the European Parliament and of the Council. Official Journal of the European Union.

23.

Dorogovas

Solovjovab

Romanovsc

(2013). New tendencies of management and control of operational risk in Financial İnstitutions. Procedia—Social and Behavioral Sciences, 99, 911–918.

24.

Dvorsky

Popp

Virglerova

Kovács

Oláh

(2018). Assessing the importance of market risk and its sources in SMEs of the Visegrad Group and Serbia. Advances in Decision Sciences, 22, 1–25.

25.

Eckert

Gatzert

(2015). Modeling operational risk incorporating reputation risk; An integrated analysis for financial firms. Department of Insurance Economics and Risk Management Friedrich-Alexander University Erlangen-Nürnberg (FAU).

26.

Erdoğan

Ülbeği

(2009). Operasyonel Risk algısına Yönelik Bir Araştırma [A research on operational risk perception]. Bankacılar Dergisi [Journal of Bankers], 71, 48–57.

27.

Flores

Bonson

P. E.

Escobar

(2006). Operational risk information system: A challenge for the banking sector. Journal of Financial Regulation and Compliance, 14, 383–401.

28.

Herghiligiu

Cocrıs

(2014). Reputational and operational risks in European Banks (Theoretical Article). SEA—Practical Application of Science, 2, 575–578.

29.

Kanagaretnam

Lim

C. Y.

Lobo

G. J.

(2011). Effects of national culture on bank risk taking. Social Sciences and Humanities Research Council of Canada (SSHRC).

30.

Kozubikova

Kljucnikov

Smrcka

(2016). Selected aspects of financial risks of SMES in Czech Republic and Slovakia. Actual Problems of Economics, 184, 98–106.

31.

Lim

C. Y.

Woods

Humphrey

Seow

J. L.

(2017). The paradoxes of risk management in the banking sector. The British Accounting Review, 49, 75–90.

32.

Mazıbaş

(2005). Operasyonel Riske Basel Yaklaşımı; Üç Yapısal Blog Çerçevesinde Bir Değerlendirme [Basel approach to operational Risk; an assessment in three structured blog frameworks]. Banking Regulation and Supervision Agency (BRSA).

33.

Mazıbaş

(2006). Bankalarda Operasyonel Risk Veritabanının Oluşturulması [Creating operational risk database in banks]. Banking Regulation and Supervision Agency (BRSA) Working Report.

34.

Mermod

A. Y.

Ceran

(2011). Basel III Doğrultusunda Bankacılık Riskleri ve Sermaye Yeterliliği; Türk Bankacılık Sektörü Üzerine Karşılaştırmalı Bir Analiz [Banking risks and capital adequacy according to Basel III; a comparative analysis on the Turkish banking sector]. Finansal Arastırmalar ve Çalısmalar Dergisi [The Journal of Financial Research and Studies], 2, 29–38.

35.

Moosa

I. A.

(2007, November). Operational risk: A survey. Financial Markets, Institutions & Instruments, 16(4), 167–199.

36.

Mousa

(2011). Operational risk as a function of the state of the economy. Economic Modelling, 28, 2137–2142.

37.

Neifara

Jarbouib

(2018). Corporate governance and operational risk voluntary disclosure: Evidence from Islamic banks. Research in International Business and Finance, 46, 43–54.

38.

North

D. C.

(1991). Institutions. The Journal of Economic Perspectives, 5(1), 97–112.

39.

Ökdemir

Çelenk

(2010). Bankalarda Operasyoel Risk Denetimi ve Türkiyede Faaliyet Gösteren Bankalar Üzerine bir Araştırma [Bank supervision and risk in operasyoel a study on active banks in Turkey]. Maliye Finans Yazıları [Fiscal Finance Articles], 1, 77–111.

40.

O’Reilly

Idnani

Davis

Bhatti

(2018). The future of operational risk in financial services. A new approach to operational risk capital management. Deloitte & Touche LLP.

41.

Pakurár

Haddad

Nagy

Popp

Oláh

(2019). The service quality dimensions that affect customer satisfaction in the Jordanian banking sector. Sustainability (MDPI), 11, Article 1113.

42.

Palermo

Power

Ashby

(2017). Navigating institutional complexity: The production of risk culture in the financial sector. Journal of Management Studies, 54(2), 154–180.

43.

Perry

de Fontnouvelle

(2005). Measuring reputational risk: The market reaction to operational loss announcements. Federal Reserve Bank of Boston.

44.

Power

(2003). The invention of operational risk. The London School of Economics and Political Science.

45.

Power

Ashby

Palermo

(2013). Risk culture in financial organisations: A research report. CARR-Analysis of Risk and Regulation. http://eprints.lse.ac.uk/67978/1/Palermo_Rsik%20culture%20research%20report_2016.pdf

46.

Rao

D. T.

Ghosh

(2008). Preparedness of Indian banks in managing operational risk. Economic and Political Weekly, 43(18), 51–53.

47.

Regulation Art. 4(52) (2013, June 26). Regulation 575/2013/EU of the European Parliament and of the Council. Official Journal of the European Union.

48.

Richter

(2013). Current developments in risk culture in financial organizations in Germany. Journal of Economics and Management Research, 3, 75–86.

49.

Ryzın

G. G.

(1995). Cluster analysis as a basis for purposive sampling of projects in case study evaluations. Evaluation Practice, 16, 109–119.

50.

Saruhan

Ş. C.

Özdemirci

. (2013). Bilim, Felsefe ve Metodoloji [Science, Philosophy and Methodology]. Beta Basım A.Ş.

51.

Shuying

Mei

(2014). Theory of SMEs financial risk prevention and control. In International Conference on Education, Management and Computing Technology (pp. 514–517). https://www.atlantis-press.com/proceedings/icemct-14/13144

52.

Sturm

(2013). Operational and reputational risk in the European banking industry. Journal of Economic Behavior & Organization, 85, 191–206.

53.

Tongco

M. D.

(2007). Purposive sampling as a tool for informant selection. Ethnobotany Research & Applications, 5, 147–158.

54.

Tripati

D. R.

Ghosh

(2008). Preparedness of Indian banks in managing operational risk. Economic and Political Weekly, 43(18), 47–53.

55.

Williamson

O. E.

(2000). The new institutional economics: Taking stock, looking ahead. Journal of Economic Literature, 38, 595–613.