This action might not be possible to undo. Are you sure you want to continue?
Outline of Presentation Introduction to Operational Risk (OR) The Basel II OR framework Measuring OR under the AMA Latest QIS OR Results OR Management Evaluation, Implications and Conclusions
hat is OR?
pplies to all firms (financial and non-financial) Used to be a catch-all phrase for non-financial risks Current Basel II definition is "the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events''
ncludes both internal and external event risk egal risk is also included, but strategic, reputational and systemic risks are not. irect losses are included, but indirect losses (opportunity costs) and near misses are not
Examples of OR Loss Events Examples of OR Loss Events .
cost of avoidance. not risk vs. return .Major OR Characteristics Partly endogenous Unwanted by-product of corporate activity Positively related to complexity of operations Highly idiosyncratic OR events tend to be less correlated to each other and to other risk types Less directly linked to business cycles In principle (partially) controllable ex ante Trade-off is mostly risk vs.
Key Drivers of Interest in OR .
g. e.Size Compared to Other Risks OR is sizeable compared to other risk types Its exclusion can make certain businesses appear Artificially attractive. asset management and trading .
asel II Framework for OR cope of application illar I (minimum capital requirements) Definition usiness line mapping Classification of loss event types Measurement approaches (3) Qualifying criteria illar II (supervisory review) illar III (market disclosure/discipline) .
Scope of Application for OR
Primarily intended for internationally active banks and banks with significant OR exposures Applied, on a fully consolidated basis, at holding company and lower levels within a banking group Insurance activities are excluded Supervisory approval required for banks to revert to simpler approach once approved for more advanced one
illar I - Approach 1
asic Indicator orresponds to the Standardized Approach for credit risk apital charge is 15% ('alpha') of bank's average annual gross income over previous 3 years ross income should exclude provisions, insurance income, realized profits/losses from sale of securities in banking book, and extraordinary or irregular items o specific criteria/requirements for its use
illar I - Approach 2
tandardized / Alternative Standardized
ank's activities divided ('mapped') into 8 business lines apital charge is sum of specified % ('beta') of each business line's average annual gross income over previous 3 years* eta varies by business line (12%-18% range) eneral criteria required to qualify for its use
Active involvement of Board and senior management in OR management framework Existence of OR management function, reporting and systems
Business Line Mapping .
illar I . to be met on initial and on-going basis dditional quantitative standards Soundness standard: selected approach must capture 'tail' loss events .Approach 3 dvanced Measurement Approaches (AMA) Corresponds to the IRB Approach for credit risk OR capital charge to be derived from bank's ow methods Its use (partial or full) is subject to supervisory approval The extent of partial use is determined by bank criteria and is conditional on submission of a plan to roll out AMA fully over time A hybrid 'allocation mechanism' approach is allowed for the calculation of OR capital for certain internationally active banking subsidiaries* roadly similar general criteria and qualitative standards as for Standardized Approach.
April 2003).) — Credit losses from OR to be recorded but excluded from calculations Risk mitigation — Risk mitigating impact of insurance limited to 20% of capital charge — Various compliance criteria for risk mitigation recognition "Unless the bank can demonstrate that it is adequately capturingEL. .) Additional quantitative standards (cont. attribution etc.Pillar I .) — Regulatory capital requirement for OR is the sum of EL and UL* — Sound. and business environment and internal control factors should be used — Minimum 5-year observation period for internal loss data** — Criteria for internal loss event capture (e. Third Consultative Paper on The New Basel Capital Accord'. in its internal business practices" (section 629b. recoveries.g. Basel Committee on Banking Supervision. mapping by business line and event type***. scenario analysis. threshold levels.Approach 3 (cont. Pillar One. internally determined OR loss correlations can be used — Internal and relevant external loss data.
Basel II lets 'a thousand flowers bloom' in the AMA At least) three types of approaches identified Internal Measurement Approaches (IMA) PD/EAD/LGD-type framework. where capital charge (UL) is a fixed function 'gamma' (calculated by bank itself) of EL oss Distribution Approaches (LDA) Capital from modeling loss frequency and severity distributions corecard approaches .lternative AMA Approaches iven embryonic state of OR measurement.
AMA — Some Practical Issues
Example: Internal Loss Capture
xample: Loss Modeling Populating the loss distribution for a specific business line and event type VENT TYPES LOSS DISTRIBUTION .
illars II and III illar II he four key principles mentioned also apply for OR 003 paper on 'Sound Practices for the Management and Supervision of OR' to form basis for Pillar 2 evaluation illar III ualitative disclosures OR capital approach. including AMA description (if applicable) Various OR management objectives and policies .
OR Management Framework* .
D&O liability. contingent capital etc.g. e. e. six-sigma.Example: OR Control and Mitigation OR control and mitigation measures Aimed at both center and tail of OR loss distribution Can be both preventive (ex ante) and mitigating (ex post) Increasingly based on cost-benefit analysis There exists a variety of alternative measures Operational excellence initiatives. TQM etc. Service Level Agreements with vendors/service providers Contingency planning and disaster recovery Capital Risk transfer Insurance. Capital markets.g. e. weather derivatives .g. cat bonds. blanket bond.
llows AMA flexibility and offers simple alternative for smaller banks ons eak risk sensitivity of non-AMA approaches Arbitrary rules for Basic and Standardized Approaches One-size-fits-all exposure indicators and alpha/beta factors Ad hoc cap on mitigation from insurance .valuation of Basel OR Framework Pros orces banks to focus on growing OR issue ncourages industry efforts for pooling of loss data etc.
ikely Impact of OR Capital Charge Calibrated to produce minimal change at system level Some redistribution of capital requirements towards banks with large specialized processing businesses xamples: brokerage. custody and asset management May incentivize some of these institutions to de-bank maller domestic banks will opt for the Basic or Standardized/Alternative Standardized approach .
Implications for Emerging Markets • Similar themes to Basel IFs credit risk framework ^ OR framework should not be examined in isolation .
organizational culture. practical (cost-benefit) considerations and market/regulatory developments .Conclusions Basel II has made OR a distinct and important discipline in its own right Industry-wide convergence to OR standards will continue to evolve for the foreseeable future Loss definitional issues. data collection techniques and quantification methodologies still under discussion No one right answer on how to proceed Approach based on strategic priorities.
Classification of Loss Events .
) .Classification of Loss Events (cont.
) EVENT-TYPE CATEGORY (LEVEL 1) CATEGORIES DEFINITION ACTIVITY EXAMPLES (LEVEL 2) (LEVEL 3) .Classification of Loss Events (cont.
Monetary Loss Types .
Operational Risk Management: Developments and Challenges .
Discussion Scope • What is Operational Risk? • What were the Driving Forces that Gave Rise to the Operational Risk Management Discipline? • What are the Key Elements of ORM? • What’s Different? • Key Issues and Challenges Today .
and systems or from external events …” . people.What is Operational Risk? “The risk of loss from inadequate or failed internal processes.
it was the Losses. Some of the largest landmark cases were: • Herstatt 1974 • • • • • • • • • Drexel 1988+ BCCI 1991 Orange County and Prudential Securities 1994 Barings 1995 Sumitomo 1996 Long Term Capital 1998 “9/11” and Enron 2001 WorldCom 2002 Putnam 2003 .What Gave Rise to ORM? First and foremost.
What Else? Other Factors – Fallout from the Losses: • Corporate Governance • Recognition of the Need for: – Quantification – Enhanced Controls Then came the regulations and laws: • Basel II and Regulatory Capital • Sarbanes Oxley in the U.S. .
Distinctive Elements of ORM • The Definition and Focus on Risk Response / Mitigation • Profile of the Function .
Distinctive Elements (Cont’d) • The Loss Data – Internal – External Collections – External Sharing • • • • Risk Indicator and Control Data The Need for Improved Quantification Resources Risk Control Assessment Tools .
What Else is Different? • Applying Quantitative Analysis to a Broad Array or a Composite of Risk Classes (not just single LOB’s) • Puts a Name to a Collection of Risk Classes on a Par with Credit and Market Risks • Risk Capital .
Regulatory Developments .
Basel Committee on Banking Supervision • Intent for Operational Risk – To include “Other Risks” in regulatory capital charges – To refine implied buffer in the 1988 Accord • Basel Committee Pronouncements: – January 2001 Consultative Document on Operational Risk – Various Working Papers – Most Recent: November 2005 International Convergence Standards .
home of the Bank for International Settlements (BIS) • “Basel I”: The 1988 Basel Accord – Primary initial focus on Credit Risk • Evolution toward Market and Liquidity Risks • Most Recent Discussions: Further refinement of Credit Risk and Segregation of Operational Risk • Next on the Agenda: Basel IA and Basel II .Background and Regulatory Developments • Basel. Switzerland .
Basel Capital Adequacy Framework The Component Parts (“Three Pillars”): • Minimum Capital Requirements • Supervisory Review of Capital Adequacy • Market Discipline .
OR Regulatory Capital • Implications and Realities – Standard Definition – Advancement of the Discipline – Regulatory models now more visible than economic operational risk models • Range of Proposed Approaches: – Basic Indicator Approach – Standardized Approach – Advanced Measurement Approaches .
“The Standardized Approach” K TSA = Σ (EI 1-8*β • • • • 1-8 ) Divides firm into 8 business lines Applies financial indicators by line A beta factor is applied by line Issues: – Still relatively risk insensitive – Data factors are relatively blunt .
• Simple aggregation of business lines • Still many questions.“Advanced Measurement Approaches” • Also divides firm into a series of business lines and risk types • Separate expected loss figure generated from each line / event type combination. including: – Industry Data? – Diversification effect? .
Delivery & Process Mgt. Re ta i lB din g nt & Co rp or a Co mm er Ag en cy As se Internal Fraud External Fraud Employ Pract & Workplce Safety Clients Products & Bus Practices Damage to Physical Assets Bus Disruption & System Failures Execution.AMA Mapping for Quantification Fin an ce an ki n g en t ice s Se ttle m an ki n g Sa gt. Pa ym e Re ta i l Tr a Br ok er ica lB Se rv te tM & ag e le s .
. .g. • Capital charge based on simple sum of VaR for each business line and risk type. • Estimates probability distribution functions by: – imposing distribution assumptions or – deriving them with empirical data • Produce likely distribution of losses over a future time horizon (e. 2001 as one of proposed Advanced Management Approaches (AMA). one year).AMA “Loss Distribution Approach” • Introduced in September.
Components of AMA Qualitative Standards • Independent Function • Internal Measurement System Integration • Regular Reporting • System Documentation • Internal / External Audit • Validation .
Components of AMA (Cont’d) Quantitative Standards • Committee Not Specifying approach or Distributional Assumptions • Specified Loss Event Types • The sum of EL / UL • Measurement System must be Sufficiently Granular to capture major Drivers of risk • May use internally derived correlations .
Components of AMA (Cont’d) Quantitative Standards (Cont’d) • Must have Key Features: – – – – Internal Data. Scenario Analysis and Bus Environ and Control Factors (BECF) • Documented and Verified Approach to Weighing the Elements (Note: 99.9% Percentile Confidence Interval Required) . External Data.
Advancement • Quantitative Analysis Evolution • Quantitative Role in Operational Risk Management • The Value of Risk-Based Capital • Enhanced Organizational Profile .
Principles-based Risk Management • Balance between Measurement and Management • Data Concerns • Diversification Effect Concerns .Concerns • Regulation Leading Risk Management • Risk Management as a Compliance Function • Prescriptive vs.
What’s Next? .
Present Chairman: Mr Jaime Caruana. — Activity: Formulation of broad supervisory standards and guidelines and statements of best practice in the expectation that individual authorities will take steps to implement them through detailed arrangements . Canada. D Basel Committee for Banking Supervision — Established in 1 974 by the central bank governors of the Group of Ten countries.INSTITUTIONS _ D Bank for International Settlements (BIS) — Established in 1930. Japan. United Kingdom and United States. Italy. France. Secretariat (12 persons) provided by the BIS — Members: Representatives of central banks / authorities with formal responsibility for the prudential supervision of the banking business of Belgium. Switzerland. About twenty-five technical working groups and task forces which also meet regularly. Governor of the Bank of Spain. Germany.statutory or otherwise - . Luxembourg.statutory or otherwise which are best suited to their own national systems. — Meets regularly four times a year. Recommendations have no legal force. Sweden. the Netherlands. Spain. Activity: Formulation of broad supervisory standards and guidelines and statements of best practice in the expectation that individual authorities will take steps to implement them through detailed arrangements . Headquartered in Basel — Mandate: cooperation among central banks (and other agencies) in pursuit of monetary and financial stability.
Economic Risk Capital approaches) Targets of Basel II — Goal is to address known deficiencies in Basel I rules and reduce opportunities for arbitrage — More risk sensitivity to align capital more closely with underlying risks. BASEL II OVERVIEW BACKGROUND Basel I: 8% minimum capital ratio — out-of-date regulatory regime implemented in 1988 . No coverage of operational risk — No differentiation between banks' degrees of sophistication — Growing divergence to sophisticated banks' practice (e.g. e.1.g.Not risk sensitive e.g. for credit risks. credit risk — Encourage improvement of risk management in banks — Maintain current capital levels in the banking system .
BASEL II OVERVIEW 3 PILLAR ARCHITECTURE .1.
1. BASEL II OVERVIEW TIMELINE .
out-of-date regulatory regime Goal is to address known deficiencies in Basel I rules and reduce opportunities for arbitrage More 'risk sensitivity' for credit risk (i. esp.Summary of proposals: Pillar 2: Formalized requirements.. including heavy details about Basel II capital components .e. re: internal capital assessments d Pillar 3: Large increase in external disclosure. BASEL II OVERVIEW IMS AND BUILDING BLOCKS Aims of Basel II reforms Radical overhaul of current. lower ratings = higher charge) plus capital for Op Risk Roughly similar to Economic Risk Capital (ERG) style approach for capital calculations Pillar 1 .
BASEL II MENU APPROACH OVERVIEW PILLAR 1 .2.OPERATIONAL RISK: 3 OPTIONS .
BASEL II IMPLICATIONS: GOVERNANCE SYSTEMATIC CONTROL TASKS REQUIRED .3.
3. BASEL II IMPLICATIONS: GOVERNANCE BANK SPECIFIC ORGANISATION OF CONTROL TASKS .
4.warehouse or inter-connect? . IMPLEMENTATION ISSUES: CREDIT RISK DATA STANDARDISED APPROACH D Availability of external ratings D Requires to gather more details about each individual collateral INTERNAL RATING BASED APPROACH D Need to gather enormous detail about each individual loan even under the Standardized approach D Requires complete reengineering of how some banks process loans D Standardizing data sets across branches/subsidiaries is a major challenge .
.4. IMPLEMENTATION ISSUES: OPERATIONAL RISK DATA & SYSTEMS STANDARDISED APPROACH D Break down of Gross Income in Regulatory Business lines D Specification of local implementation: beware of quick fix from consultants ADVANCED MEASUREMENT APPROACH D Vendors are a sensible way to go in selected areas. but. D Data relevance & scarcity D Model development must be ownership by the bank D Use Test: Models must be integrated into decision-making ..
Closer integration of risk management & financial control functions . CONCLUSION AND OUTLOOK WHAT CAN BANKS AND THEIR STAFF DO? d At organisation level .Substantial changes in oversight & governance of those processes .Correct exposure measurement a) for internal purposes and b) regulatory purposes . capital allocation by product/counterparty d At the risk-MIS level .g.5. timely and of sounder quality Trades are entered correctly in the MIS .Pricing systems more integrated with risk assessments (use test) d At the individual risk staff level Work on making data/rating more appropriate.Closer integration of risk & capital management.Prepare risk management processes & systems for Basel II compliance .Correct/timely capture of all transactional and counterparty dimensions . e.
mortgages. CONCLUSION AND OUTLOOK BASEL II IN GENERAL d Substantial benefits from aligning regulatory and economic capital Improved acceptance of capital allocation Enhanced market perception. to Basel III? Build a common understanding Clarification of interpretation issues Concrete examples and suggestions .Drive to reduce non-investment grade business likely to increase specialization . SF business d The industry/supervisory dialogue must go on . retail. SL..Potential of consolidation for banks focused on corporate..Drive to expand retail business likely to increase competition (e. SME's) . process efficiency and risk-based pricing Increase number of variables to influence capital requirements d New balancing of strategies .5.g.Drive to push corporate/bank clients to enhance governance/disclosure set-up .
FOCUS ON HIGH-IMPACT LOW-FREQUENCY EVENTS? 7."MAJOR" OpRISK EVENTS 8. COMPARING OPERATIONAL RISK WITH CREDIT & MARKET RISK 5. "SWISS-CHEESE" MODEL . BASIC INDICATOR APPROACH 3. THE 4 ELEMENTS OF THE AMA QUANTIFICATION 6.ANNEX: OPERATIONAL RISK CONTENT 1. OVERVIEW QUALIFYING CRITERIA 2. STANDARDISED APPROACH 4. COMPONENTS OF CSG'S SCENARIO ANALYSIS .
OPERATIONAL RISK OVERVIEW QUALIFYING CRITERIA .
ANNEX: OPERATIONAL RISK BASIC INDICATOR APPROACH .
ANNEX: OPERATIONAL RISK STANDARDISED APPROACH .
Stress testing Good Adequate data for backtesting Market risk models well established and proven tools Credit Risk Yes Money lent. Potential exposure Known Medium Medium Rating & loss models Reasonable Backtesting difficult to perform over short term Using models considered reasonable . Market Risk Risk position Quantifiable exposure Exposure measure Completeness Context dependency & data relevance Measurement & validation Portfolio Completeness Context dependency Data frequency Risk assessment Accuracy Testing Summary Yes Position. OpRisk is very different. Risk sensitivity Known Low High VAR.but should be used with care OpRisk Difficult* Difficult . considering each characteristic in turn and its impact on the ability to quantify OpRisk. While market and credit risk have many similarities.ANNEX: OPERATIONAL RISK AMA COMPARING QpRISK WITH CREDIT AND MARKET RISK The table below compares OpRisk with market and credit risk.no ready position equivalent available* Unknown High Low* No true risk models Low Results very difficult to test over any time horizon Models appear inadequate .
ANNEX: OPERATIONAL RISK AMA THE 4 ELEMENTS OF THE AMA QUANTIFICATION d A bank's AMA OpRisk model must include the following 4 elements: (1) Internal loss data (2) External loss data (3) Scenario analysis (4) Business environment & internal control factors d There are a number of practical implementation issues with each of these 4 elements: .
ANNEX: OPERATIONAL RISK AMA FOCUS ON HIGH-IMPACT LOW-FREQUENCY EVENTS .
SWISS FEDERAL BANKING COMMISSION'S APPROACH . RISK CULTURE 2.ANNEX: IMPLEMENTATION ISSUES CONTENT 1. CREDIT RISK: SYSTEMS 3. CHALLENGES FOR REGULATORS 4.
LGD and EAD need to permeate down to loan officers and up to Boards Model needs integration into everyday activities . provisioning.ANNEX: IMPLEMENTATION ISSUES RISK CULTURE Developing a risk management culture for credit will require major change in many banks The concepts of PD. capital allocation.pricing. rewards Boards (and some management) need education in portfolio concepts of credit risk "Old school" credit officers will need retraining Biggest challenge for banks in many markets is that the incentives will not be there in many cases for moving to the higher levels of B2 .
but. D Model development must be ownership by the bank: only partnership with vendors D Use Test: Models must be integrated into decision-making .ANNEX: IMPLEMENTATION ISSUES CREDIT RISK SYSTEMS STANDARDISED APPROACH D Limited system requirements D Specification of local implementation: beware of quick fix from consultants INTERNAL RATING BASED APPROACH D Vendors are a sensible way to go in selected areas...
not something that every regulatory agency has fostered — The challenge is to develop a framework within which supervisors can make decisions and exercise their judgements .ANNEX: IMPLEMENTATION ISSUES CHALLENGES FOR REGULATORS The Basel II framework is extremely demanding on supervisors Three types of responsibilities: . peer review and accountability — It will move many regulators outside their comfort zones .requires guidance.General compliance — Pillar 2 Supervisory Review — Eligibility (permission) to use IRB or components thereof Third set is where the biggest challenges are and which will require skill upgrades in many regulators Second set requires judgment .
ANNEX: BASEL II IMPLEMENTATION IN SWITZERLAND SWISS FEDERAL BANKING COMMISSION'S APPROACH .
hy the Interest In Operational Risk? mphasis on transparency in financial reporting Technological advances make data more readily available Investor advocacy groups demand more disclosure Bank regulators encouraging market discipline as a regulatory device Legislation tightening accounting standards as a .
globalization. multinational production processes Financial products with numerous embedded options and guarantees Exploding variety and complexity of hedging products and strategies . and advances in technology have increased complexity Complex.s Operational Risk Increasing? eregulation.
Is Operational Risk Increasing? New technologies create new risks > Automated back office processing systems increase risk of system failure > Hedging strategies reduce market and credit risk but create additional operational risks > E-banking and E-commerce increase risk of fraud and create new and unknown risks > Outsourcing creates new risk exposures .
egulatory and Rating Firm Response asel Committee Incorporates a charge for operational risk in its Basel Capital Accord Established guiding principles for the management of operational risk ating firms (Moody's. Standard & Poor's) will consider operational risk in assigning firm financial . Fitch.
little systematic information exists on the extent and impact of operational risk Existing evidence is mostly anecdotal Basel Committee survey mostly sketchy and does not identify specific firms or events .Motivation for Study In spite of increasing attention to operational risk.
What Is Operational Risk? Until the Basel Committee's deliberations. no consistent definition existed Basel Committee definition: "Operational risk is the risk of loss resulting from inadequate or failed internal processes. and systems. producing goods and services for customers . or from external events" Operational risks arise from the breakdown of the production processes that constitute a financial institution's value chain. people.
What Is Operational Risk II? Operational risk does not include > > > > > Strategic risk Reputational risk Systemic risk Market risk or Credit risk .
Basel Committee: Op Risk Event Types Employment practices and workplace safety — losses from violations of health or safety laws. personal injury claims Internal fraud — losses from fraud. discrimination in employment. misappropriation of property. circumvention of regulations involving an internal party External fraud — fraud by an external party Clients. products. and business practices unintentional or negligent failure to meet professional obligation to clients (including fiduciary violations) or from the nature or design of a product .
Basel Committee: Business lines Basel Committee also classifies events into standard business lines (for banks): > Corporate finance > Trading and sales > Retail banking > Commercial banking > Payment and settlement > Agency services > Asset management > Retail brokerage .
etc. > Transaction processing and counterparty risk Fraudulent misrepresentations to customers .Can Operational Risk Be Insured? Some operational risks can be insured > > > > Bankers blanket bond covers internal fraud Property insurance: natural & man-made disasters Liability insurance covers some types of negligence Limited coverage available for systems failure Many op risks are "catastrophic" & uninsurable > Catastrophic system failure > Rogue traders.
Small activities can be very risky high risk. • OR can be very unstable and grow exponentially in a short period.g. – Hidden risk • The costs due to OR are difficult to trace or anticipate since most are hidden in the accounting framework. information security). leading to additional damage in the form of damage to reputation. • Leads to underestimation of the risk (e. – Unstable risk • Not linearly linked to the size of the activities.I. . and vice versa. – Reputation risk • A second order risk. Definition • The Specific Nature of Operational Risk – Embedded risk • Not a transaction-risk but a risk embedded in processes. people and systems and due to external events. – Inherent risk • A large part of operational risk is inherent to the business in which we are engaging and inherent to management processes.
Definition Underlying causes of operational losses : processes .I. Legal risk included . Product & Business Practices Internal fraud External fraud Employment practices & workplace safety Damage to physical assets Business disruption & system failures : ORM : ORM : Inspection / ORM : Inspection : Security : Security : Security . Delivery & Process Management Clients. strategic and reputation risk excluded.people . Appropriate manager per category of operational event : Execution.systems or external events.
formulas and calculations – Pillar Two : Supervisory Review Process . Outlines of the Basle Reform • General Objective : – Define rules and procedures for banks to properly cover their different types of risks due to business activity.information disclosure .adjustment of supervision to individual risks profiles – Pillar Three : Market Discipline .II. • Three Pillars – Pillar One : Capital Adequacy .
estimated via QIS on a sample of 29 institutions.II. Outlines of the Basle Reform • • • Regulatory Capital for OR introduced for the first time Rule of thumb : OR capital = 12% of minimum capital requirement Basic indicator approach (BI ): – OR capital function of gross income (15%) – Gross income = interest margin + fees + other revenues • Standardised approach (β ) – Only accessible to local banks – OR capital function of gross income per business line – Beta factor between 12% and 18% of gross income. .
corporate trust) Bêta factor 18% 18% 12% 12% 15% 18% 12% 15% .Business lines Business line Corporate Finance Trading & Sales Retail Brokerage Retail Banking Commercial Banking Payment & Settlement Asset Management Agency services (custody. Outlines of the Basle Reform Standardised approach (β ) .II. corporate agency.
II. Outlines of the Basle Reform Advanced Measurement Approach (AMA ) in Basle II: • Banks are free to model their OR capital themselves • Strongly recommended for internationally active banks • Floor capital at 75% (so far) of the capital level under the Standardised Approach. . active day-to-day OR management. written policies and procedures. and 9% of total regulatory capital • Submitted to quantitative and qualitative standards. such as: incident reporting history of 5 years. mapping of risks and losses to regulatory categories independent ORM function. implication of the senior management. minimum 3 years.
II. Outlines of the Basle Reform Advanced Measurement Approach (AMA ) in Basle II: • Several types of models admitted by the Committee: Loss Distribution Approach (LDA) : purely quantitative Scorecard approach :mainly quantitative : assessment of risk level and quality of risk management based on different dimensions Mix of the two : capital calculations based on incident data + adjustments to account for risk management quality .
Both distributions are combined by Monte Carlo simulations.III. Modelling Operational Risk Quantitative approach : LDA (Loss Distribution Approach) • Frequency distribution of losses per business line : Poisson distr. • Severity distribution of losses per business line : logN distr. .
per business line • Internal data : to model to body of the distribution • External data : to model extreme events (tail of the distribution) Frequency Body region Tail region Loss amount Internal data External data 99.III. Modelling Operational Risk LDA • Modeling of frequency and of severity distribution of losses.9% = Required Capital Cut-off mix .
Data collection needed for active ORM reasons.III. . Modeling Operational Risk Remaining issues on : √ the cut-off mix √ the relevant data to include (different processes in each firm) Crucial data choice in the capital determination Paradox of the incident data collection : • Data collection is mandatory. • But external data essentially drive the capital amount.
Managing Operational Risk Four Dimensions of Operational Risks Risk & Control Self-Assesment (RCSA) Key Risks /Key Performance Indicators Dashboards .Dynamic risk analysis Internal Reporting : Mapping of losses .IV.
Date 2. Recovery amount : via insurance / other 8.Dimension One : Incident Reporting Incident reporting tool : Free to define. Comment : nature of the event 6. Event type : codification of Basle categories 4. Actions taken : preventive / corrective 9. Business line : codification of Basle categories 5. > 1000 € loss Internal control when encoding Fields to include per event : 1. Reporter coordinates. . Gross Loss amount 7. often Access based Full reporting tool. Event localisation : BU. for management purposes. department. service 3.
Frequency • “Low Frequency. Min. small.Dimension One : Incident Reporting • First exploitation possibilities of an incident database – Summary statistics of the losses – ! Matching the organisation chart rather than the Basle categories – Total losses. Low Severity” events – Recurrent. Max. similar events – May signal a breach in control – Could be inherent to the activity (to be included in pricing) . High Severity” events – Identification of the potential “uncapped” risks – Top loss analysis – Examples? • “High Frequency.
3. 5. 5. 3. 2. . 2. 4. 4. Average Loss/Income % TOP 5 amounts 1.Dimension Two : Dynamic Loss Analysis Dashboards Periodic reporting (monthly/quarterly) of KRI’s Early warning: timely identification of changes in control level : change in the trend Example UNIT Q1 Q2 Q3 Q4 PER TYPE Type x Number Amount Q1 Q2 Q3 Q4 TOTAL ALL Number Amount Average Loss/Income % TOP 5 amounts 1.
project-planning-overruns Risk Category Transaction Recording/ Processing Transaction Recording/ Processing Trade Settlement KRI Front/Back Office reconciling items Measures Required* No >1 day. client complaints. Systems: logs of downtimes. manual bookings. duration of total fails . Value Tolerance Actual Levels Score Indicator Management Action Net marginal cost of interest Value charging Trade Fails % of month's trades. overtime. absenteeism Processing: outstanding confirmations. hacking-attempts. failed & overdue settlements. reversals Accounting: volumes & lead-times suspense-accounts. claims & complaints. reversals. (status/duration of) reconciliation.Dimension Three : Key Risks & Key Performance Indicators People: turn-over. temporary staff.
Dimension Three : KRIs & KPIs • Headlines : – Regular KRI reporting for all businesses and functions – Green. Amber and Red thresholds for all KRI’s – Develop new/better KRI’s on on-going basis – Discuss all KRI reports in OR committee – Immediate management response to red and amber KRI’s – Trend analysis and local lessons learnt program .
Dimension Four : RCSA Identification Assessment Ac p b r s c e ta le isk Mitigation ID N IF D E T IE R K IS S C NR L OTO KY E R K IS S U id n d n e tifie r s isk UACPAL NCET BE R K IS S TASE R NF R AO V ID .
.Dimension Four : RCSA Identification Incident reporting analysis Check list from the key risks library Prioritization list with the line management Orientation questionnaires with selected people from the department.
with the support of ORM RCSA processes for all key businesses and functions High level management driven identification of key risk areas Apply & document the analytic RCSA process Report & discuss the outcomes of a RCSA in ORC Implementation & progress-tracking of mitigating actions and key risk indicators (KRI) Line management is responsible and key for the output .Dimension Four : RCSA • RCSA performed by local management.
Transfer : insurance policies / merge of activities. . Avoidance : activity suppression / outsourcing / automation.Dimension Four : RCSA Mitigation of uncapped or significant risks via : Better controls : process control / supervision / training.