Professional Documents
Culture Documents
CONTROLS
L.V.S. MOHAN
DGM/MOF
Introduction
Operational risk is one area that is faced by all organizations.
More complex the organization is the more exposed it would
be to operational risk.
Operational risk would arise due to deviations from normal
and planned functioning of systems, procedures, technology,
and human failure of omission and commission.
Results of deviations from normal functioning is reflected in
the revenues of the organization either by way of additional
expenses or by way of loss of opportunities that would be
otherwise feasible.
It may also arise due to inherent defaults in systems,
procedures and technology which impacts the revenues of
an organization adversely.
Introduction
Operational risk arises literally from all the activities
undertaken and consequently it is everywhere in the
organisation.
The impact of various forms of operational risk may
vary in degree i.e., some risks may have more
potential of causing damages while some may have
less potential , some may occur more frequently
while some may occur less frequently.
Operational risks in the organization continuously
change especially when an organization is
undergoing changes
Definition of Operational
Risk
Basel Committee has defined operational risk as the risk
of loss (direct loss) resulting from inadequate or failed
internal processes, people and systems or from
external events. This definition excludes strategic and
reputational risk but includes legal risk.
(Legal risk includes exposure to fines, penalties, or
punitive damages resulting from supervisory
actions , as well as private settlements)
Operational risk can result not only in losses (direct
expenses) but can also impact service, revenues,
competitive advantage( known as indirect losses)
For operational risk management banks should assess the
operational risk based on both direct and indirect losses.
Operational Risk
Management
Management of Operational Risk
means and includes identification,
assessment,
monitoring/control/
mitigation of this risk.
Effect based
Effects: The consequences or impact of the event.
Effects are a combination of hard losses and
indirect consequences such as reputation ,
service,
regulatory
exposure
or
business
interruption.
Legal liability,
Regulatory, compliance and taxation penalties.
Loss or damage to assets
Restitution,
Loss of recourse
Write downs.
Structure of ORM
Each institutions risk profile is unique
Each institution requires a tailored risk management
approach for the scale and materiality of the risk present
and size of the institution
There is no single framework that would suit every
institution
Different approaches will be required for different
institutions
The techniques of ORM continue to evolve rapidly to keep
pace with new technologies, business models and
applications.
Operational risk is more of risk management than
measurement issue.
Organisational Set-up
Board of Directors
Risk Management committee of the
Board
Operational
Risk
Management
committee
Operational
Risk
Management
Department
Operational Risk Managers
Support Group for operational risk
management
ORMD (contd)
Consolidation and Reporting of Data: ORMD will
collect relevant information from all the areas of
the Bank ,build a consolidated view of operational
risk, assemble summary management reports and
communicate the results to the risk committees
or other interested parties. Key information will
include risk indicators, event data and self
assessment results and related issues.
Analysis of data: ORMD is responsible for
analysing the data on consolidated basis , on
individual basis and a comparative basis
ORMD (contd)
Best Practices: ORMD will identify best
practices from within the bank or from
external
sources
and
share
these
practices with management and risk
specialists across the bank
Insurance: ORMD will determine optimal
insurance limits and coverage to ensure
that the insurance policies the bank
purchases are cost beneficial and align
with the operational profiles of the bank.
ORMD (contd)
Policies: ORMD will be responsible for drafting,
presenting,
updating,
and
interpreting
the
operational risk policy, and related policies and
methodologies.
Self assessment: ORMD will be responsible for
facilitating periodic self assessments for the
purpose of identifying and monitoring operational
risks.
Coordination
with
Internal
audit:
to
plan
assessments and concerns about risks in the bank.
They share information and coordinate activities so
as to avoid overlap of activities.
Requirements of effective
controls
Segregation of duties and personnel to forestall
conflicting responsibilities/ conflict of interests
Available data should be reliable, timely,
accessible, and in a consistent format
Data in electronic form should be secured
monitored independently, and supported by
contingency plans
Staff should be adequately trained to fully
understand policies and procedures relating to
their duties and responsibilities.
Operational risk
quantification
Three options are provided
for
measurement of operational risk for the
purpose of capital allocation:
The Basic Indicator approach
The standardized approach
Advanced Measurement approaches
While the first two are based on income
approach the third is based on
operational loss measurement.
Risk Indicators
Lack of supervision of lending/ investment by
designated officers
Lack of specific lending or treasury policies or failure to
enforce existing policies
Lack of code of conduct or failure to enforce the code
Lack of separation of duties
Lack of accountability
Lack of written policies/ or internal controls
Entering into transactions where the institution lacks
expertise
Excessive growth through low quality loans
Unwarranted concentration
Risk Indicators
Volatile source of funding such as short term deposits
Too much emphasis on earnings at the expense of
safety and soundness
Compromising credit policies
High rate high risk investments
Lack of documentation or poor documentation
Lack of adequate credit analysis.
Failure to properly analyse and verify financial data
The institution is a defendant in a number of lawsuits
alleging improper handling of transactions.
THANK YOU