Professional Documents
Culture Documents
What are the standard firm’s key Operational Risks? What is Operational Risk?
Risk of loss resulting from
1. Business Practices: Inappropriate business practices or
inadequate or failed internal
market conduct
processes, people and systems or
2. Business Selection: Inadequate due diligence; non from external events.
adherence to credit, market, oprisk policies and limits
3. Infrastructure Adequacy/Capacity: Inability to support Process Risks
business growth due to deficiencies in the infrastructure Execution, Delivery, Process Mgmt
4. Financial Integrity: Incorrect books, records, reporting Business Disruption, Systems Failure
5. Compliance with Laws and Regulations: Failure to comply Conduct Risks
with the spirit and letter of applicable laws/regulations
Clients, Products, Business Practices
6. Information Security: Inappropriate safeguarding of Employment Practices,Workplace
customer or proprietary information assets; cyber-security
Internal Theft, Fraud
7. Continuity of Business: Inability to continue business
during a contingency event External Risks
8. Employment Practices: Inappropriate employment External Theft and Fraud
practices and workplace environment Damage to Physical Assets
9. Vendor Management : Risks not defeased, poor practices
Operational Risk as a Discipline
Discipline Modern History Risk Measurement Risk Mitigation Tools
4
Operational Risk Management Basics
• Management of the frequency AND severity of events and losses
o Dimension operational risk exposure (quantitative, qualitative) to confirm an acceptable
level of risk
o Determine the appropriate level of capital to absorb extreme losses associated with risks
that do not lend themselves to control, and for control failures
• Assessments (Self, Audit, Regulator) for view on control effectiveness, residual risk
• Metrics (KRIs) warn of imbalances and serve to attract management attention
5
VALUE IS ELUSIVE
For over 5 decades, operators had taken larger and larger risks to save money, to compete
Greater attention to amenities than to safety - engineers did not have critical input vs. $
Lifeboats expensive, heavy, ate up deck space - Board of Trade dominated by shipbuilders
Poor procedures: 2200 passengers, only 1200 could have been saved, only 700 were
The good news: disasters bring change…Change for the good, despite the costs
7
The Problem with Operational Risk
• Potential losses are practically unbounded
– Exposure is undefined and undimensioned
– Losses are not capped, e.g by Credit Risk Limits or Market Risk Stop Losses
– Observed loss amounts are not simply related to firm size although some
evidence of deep pockets premium e.g lawsuits and regulatory settlements
– Loss severity distributions are fat-tailed
– The payoff profile is asymmetric
• Capital need is driven by the risk of infrequent but extremely large events
8
The Problem with OpRisk Management
• Ex-Ante vs Ex-Post: Historical, rear-view mirror … years on, we still know too little
• So Management says stay away from us, just keep the Regulators happy
• All in all, Default approach is therefore Compliance and Audit, not Risk
9
BEST PRACTICES IN
OPERATIONAL RISK
2 ANALYSIS,ANALYSIS
3 JOIN DOTS
4 SCENARIOS,CAPITAL
5 COMMUNICATE
What is Op Risk Management
<
Inherent Mitigation Residual Risk
- = /
Risk or ‘Hedge’ Risk Appetite
=
11
OpRisk Management Essentials
12
Process / Control Analysis
Who • Who would like to see this problem fixed?
Cares?
• Loss data, KRIs, exception reports, assessment data…
Relevant • Where else are these problems seen?
Data • Where are similar problems prevented?
16
Sample analytics and reports
Risk & Controls Analysis Analysis of Compensating Controls
Transaction Execution
Theft and Fraud (Internal)
Control Coverage
Suitability, disclosure & fiduciary
Employee relations 62%
Customer Client account manangement 61%
Customer intake & documentation
Non-client trade counterparties…
60%
Transaction capture execution &… 59%
Vendors & suppliers outsourcing &… 58%
Systems security (Hacking etc)
Theft & Fraud (External) 57%
Theft & Fraud (Internal) 56%
Unauthorized activity
55%
0 10 20 30 40 50 60 50 40 30 20
Finance FO IT & infra Ops & HR Risk & compliance Cost Effectiveness (FTE)
17
Capital : Three Fundamental Questions
0.0001
0.1 1 10 100 1000 10000 100000
Loss Size
Capital sensitivity by RLOB to Frequency
Using Some Historical Estimates
4,000
3,300
3,000 2,900
Corp, Comml
Banking
2,000 Severity = 0.65
o Organizations try too hard to avoid learning from their own mistakes
o The sustainability tradeoff for financials cos. is not growth vs prudence, but with
o The risk-taker is your first-line of defense, but all Three Lines matter
o ‘Our people are our greatest assets’ needs to be real, insofar as Asset Risks
o Silos are fatal;: the way risk manifests is irrelevant, labels are redundant
o Join-the-dots intelligence is the only worthwhile investment in Risk Mgt
o There needs be sufficient premium on quantity and quality of communication
21
Risk in the post-crisis era
• Market & Credit Risk are transactional, substitutable, arbitrageable, inseparable
23
Thank you!
Questions?
24