Operational risk management (orm)


Published on

Published in: Economy & Finance
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Operational risk management (orm)

  1. 1. 5/22/2011 Bushra Angbeen 1
  2. 2. What is Risk? Risk may be viewed as :  Trade off between “Higher Rewards” that potentially come with OPPORTUNITY and “Higher Risks” that have to be borne as a consequence of DANGER  Deviation of actual returns from the expected returns5/22/2011 Bushra Angbeen 2
  3. 3. Risk Management - Defined  Risk management can be defined as: “The process by which organizations identify, assess, control, monitor and measure their significant risks from all sources for the purpose of increasing short and long term value to stakeholders.”  Risk Management is a continuous activity that aggregates and integrates risk management activities across all types of risk in order to achieve maximum risk-adjusted returns.5/22/2011 Bushra Angbeen 3
  4. 4. Structure of the Basel AccordThe New Basel Capital Accord consists of three mutually enforcing pillars. All threepillars need to be applied by banks. Pillar 1 Pillar 2 Pillar 3 Minimum Capital Supervisory Review Market Discipline Requirements Process Increases the Expands the content and Establishes minimum responsibilities and levels improves the standards for of discretion for transparency of financial management of capital supervisory reviews and disclosures to the on a more risk-sensitive market, with disclosure controls covering: of: basis and specifically • Processes for capital addresses: and risk profile • Description of risk management management • Credit risk • Capital adequacy approaches • Operational risk • Level of capital charge • Levels of capital • Market Risk • Proactive monitoring of • Analysis of risk capital levels and exposures and ensuring remedial capital by businesses / segments action
  5. 5. The pervasive scope of risk points to the need for a bank-wide, comprehensive riskmanagement strategy, supporting structure , monitoring and control, andmeasurement processes which encompass all key elements of risk Risk Management – Needed due to pervasive scope of risk Operational Risk • Internal fraud • External fraud Credit Risk • Employment practices • Corporate Market Risk and workplace safety • Consumer • Underwriting • Clients, products & • Counterparty • Liquidity business practices • Sovereign • Market Price • Damage to physical • Model • Trading and ALM assets • Insurance • Model • Business disruption & system failure • Execution, delivery & process management Risk and Control Culture 5/22/2011 Bushra Angbeen 5
  6. 6. Focus of Basel II Market RiskPillar I of Basel Accord – Minimum Capital Requirements focuses onthree major categories of Risk Credit Risk Operational Risk Market Risk The risk that a The risk of loss borrower may not arising from the be able to repay a The risk of loss fluctuating prices of loan. resulting from investments as they inadequate or are traded in the failed internal global markets. processes, people and systems or from external events.
  7. 7. The Basel II Accord and RBI’s Draft Guidance Note on Management of Operational Risk,defines operational risk as:What is operational risk ?“The risk of loss resulting from inadequate or failed internalprocesses, people and systems, or from external events.”The definition includes legal risks but excludes strategic andreputation risks. Examples of operational risks in retail branch (illustrative)  Internal processes: KYC guidelines not observed resulting in fraud  People related : Inadequate training to handle products and customer complaints resulting in loss of business  Systems related : Inadequate systems to handle voluminous transactions  External events : Natural disasters resulting in disruptions of operations5/22/2011 Bushra Angbeen 7
  8. 8. Features of Operational Risk Pervasive Embedded and inherent in internal processes, activities, people and systems across the entire Bank Cannot quantify / measure in the same manner as Measureme credit or market risk nt is a challenge  quantifying individual events is a challenge. For e.g. system downtime, loss of customers, business disruption  approach to be adopted for quantifying overall capital charge is a challenge Dynamic With continuous changes in operations, processes, technology, external environment of the Bank, nature of operational risk undergoes changes all the time Ownership Being pervasive in nature, who should own its –a management poses a challenge challenge 5/22/2011 Bushra Angbeen 8
  9. 9. Why is Operational Risk receiving increased attention ?  Growing complexity in the banking industry (products, services, technology, globalization, acquisitions/mergers, etc.)  Several large and widely publicized operational losses in recent years eg. Barings Bank, Sumitomo Corp, Diawa Bank (NY) Societe Generale  Rapid pace of innovation  Increased focus on corporate governance  Increased global competition  A changing regulatory capital regime.5/22/2011 Bushra Angbeen 9
  10. 10. Approaches to minimum capital Requirement Basel II provides bank with a menue of approaches for quantifying the different type of risk under pillar one: Basel II Menu • Credit Risk – Standardised Approach (a modified version of the existing Basel 1 approach) – Foundation Internal Ratings Based Approach – Advanced Internal Rating Based Approach • Market Risk (unchanged from Basel 1) – Standardised Approach – Internal Models Approach • Operational Risk – Basic Indicator Approach – Standardised Approach – Advanced Measurement Approach 5/22/2011 Bushra Angbeen 10
  11. 11. Operational Risk Capital : Basic Indicator Approach  Use of Basic indicator or Standardised Approach for some risks and AMA for others is permitted.  Cannot revert to a simpler approach if an advanced approach has been permitted, without supervisory approval. Basic Indicator Approach (BIA) KBIA = GI x α KBIA = Capital charge under Basic Indicator App. GI = average annual gross income last 3 yrs. α = 15% Gross income= net interest income + net non-interest income as laid down by supervisors/ national accounting stds. (i) gross of any provisions (e.g. for unpaid interest- intt. Suspense a/c); (ii) exclude realised profits/losses from sale of securities in banking book (HTM and AFS) (iii) exclude extraordinary/ irregular items/ Insurance Income5/22/2011 Bushra Angbeen 11
  12. 12. The Standardized Approach (TSA)  Banks activities mapped to 8 business lines framework  Capital charge for each business line calculated by multiplying an indicator by a factor assigned to that business line  Indicator: annual gross income (as described in BIA)  Factor: beta () established by the BCBS  Total capital charge is based on the 3 year average of the simple summation of the regulatory capital charges across each of the business lines in each year5/22/2011 Bushra Angbeen 12
  13. 13. The Standardised Approach (TSA)  Qualifying criteria established by the Basel Committee plus additional criteria by national supervisors  Key Basel Committee criteria for international active banks:•Core for  Adequate governance framework and risknon management systeminternation  Policies and documented criteria for mappingal activebanks business lines & activities into the standardised framework  Independent operational risk management function  Track operational risk data (including material losses) by•Recommend business lineed for non international Report operational risk exposures to business unitactive banks management, senior management and board  Validation and regular independent review of operational risk assessment system 5/22/2011 Bushra Angbeen 13
  14. 14. The Standardised Approach (TSA)  More refined than basic indicator approach  8 business lines.  Gross income for each business line, not the whole institution.  Gross income for a business line- same definition as in Basic Indicator Approach.  Capital charge- multiply gross income by a factor (beta) assigned to that business line.  Total capital charge, KTSA = Σ(GI1-8 x β1-8 )  KTSA= capital charge The Std. App.  GI = Gross Income  β = multiplication factor5/22/2011 Bushra Angbeen 14
  15. 15. Operational Risk Capital: The Standardized Approach (TSA)Business Lines Average Gross Beta factor Capital Income of 3 years chargeCorporate Finance 200 18 % 36Trading & sales 100 18 % 18Retail Banking 200 12 % 24Commercial Banking 200 15 % 30Payments & settlements 200 18 % 36Agency services 100 15 % 15Asset Management 100 12 % 12Retail Brokerage 100 12 % 12Total 1200 1835/22/2011 Bushra Angbeen 15
  16. 16. OR Capital : BIA vs TSA  Basic Indicator Approach Year BIA TSA Diff. and Standardised require much larger capital for operational risk than AMA 2008 3280 3710 430  There is little difference between the capital needs 2009 3528 4070 542 under BIA and TSA: both are high. 2010 3982 4594 612  TSA provides little relief, because of the very nature of our business composition. 2011 4883 5634 751 (chart: Rs cr) 2012 6105 7043 938 •16•Bushra Angbeen •5/22/2011
  17. 17. Advanced Measurement Approach Cap Required = risk measure generated by bank’s internal operational risk measurement system.  Bank must fulfil qualitative & quantitative criteria  Supervisory approval reqd. for using AMA  Initial monitoring by supervisor for determining whether the approach is credible & appropriate.  Supervisory approval reqd. for using AMA  Initial monitoring by supervisor for determining whether the approach is credible & appropriate.5/22/2011 Bushra Angbeen 17
  18. 18. General Qualification Requirements for AMA  Overall : Rigorous process consistent with internal risk management & MIS: appropriate infrastructure  Risk Management : independent Operational Risk Management function  Data & Assessment Systems : ability to assess risks & data consistent with activities & profile; transparent, systematic, credible and verifiable processes that incorporate the four data elements5/22/2011 Bushra Angbeen 18
  19. 19. General Qualification Requirements for AMA Cont’d  Required Data Elements : -Internal Loss data -External Loss data -Scenario Analysis -Business Environment & Internal Control Factors (BEICF)  Quantification Systems  Data management & Maintenance : systems to support data collection, storage, analysis monitoring & validation  Control, Oversight & validation : governance& oversight, periodic review, model validation & independent verification & documentation of all material aspects5/22/2011 Bushra Angbeen 19
  20. 20. Internal Loss Data Definition  Any data on exposures held in a bank’s existing or historical portfolios, including data provided by third parties  Systematic process for capturing & using Operational loss data  Operational losses must be mapped to 7 event types and 8 business lines  Threshold for data collection , banks to demonstrate that no important loss data is excluded  Operational losses related to credit risk will continue to be classified as credit risk  Operational losses related to market risk will be treated as operational risk  Internal loss data is used for direct input to Op.risk capital model. Also as input in scenario analysis & BEICF5/22/2011 Bushra Angbeen 20
  21. 21. External Loss Data  External loss event data means gross operational loss occurring at organizations other than the bank  Obtained from vendors, newspapers, court records, insurance companies, data consortia, etc  Multiple Uses i) Management reports ii) Direct input into capital model, iii) Supplement the lack of internal loss data iv) better understanding of severe but infrequent loss “tail”events.5/22/2011 Bushra Angbeen 21
  22. 22. Business Environment & Internal Control Factors (BEICF)  The indicators of an institution’s operational risk profile that reflect a current and forward looking assessment of its underlying risk factors  Tools Used to support BEICF Requirement - Risk Control Self-Assessment s (RCSA) - Key Risk Indicators - Process mapping5/22/2011 Bushra Angbeen 22
  23. 23. Scenario Analysis  Nothing new, historically used for Business Continuity Planning; being expanded for use in capital  Scenarios usually focus on developing the “severity” of losses on larger events for use in the tail  Where scenarios are used:  Qualitative adjustment  Supplement Data  Use of scenarios varies widely among institutions5/22/2011 Bushra Angbeen 23
  24. 24. Operational Risk Events Categories Operational risk categories (Level I risk categories) defined by Basel II and RBI: Internal fraud External fraud Employment practices and workplace safety Clients, products & business practices Damage to physical assets Business disruption & system failure Execution, delivery & process management5/22/2011 Bushra Angbeen 24
  25. 25. Operational Risk Events Categories Level 1 Level 2 Examples (Level 3) • transactions not Unauthorized reported intentionally Internal fraud activity • sanctioning unauthorized activities Theft and • Embezzlement/ bribes fraud • Misappropriation of assets External fraud Theft • Forgery/ check kitting and Fraud • Theft/ Robbery • Hacking damage Systems security • Theft of information5/22/2011 Bushra Angbeen 25
  26. 26. Operational Risk Events Categories Level 1 Level 2 Examples (Level 3) Employment • Organized labour activity Practices & Employee • Compensation, benefit, Workplace safety relations termination issues • Workers’ compensation Safe • Employee health & safety environment rules Diversity and • All discrimination types discrimination Suitability, • Misuse of confidential Clients, products & information business practices Disclosure, and • Suitability / disclosure Fiduciary issues (KYC etc.) • Model errors/ product Product flaws defects 5/22/2011 Bushra Angbeen 26
  27. 27. Operational Risk Events Categories Level 1 Level 2 Examples (Level 3) Clients, products & Improper • Insider trading business business • Money laundering practices….contd. practices Selection, • Exceeding client exposure sponsorship limits/ failure to investigate and exposure clients as per guidelines Advisory • Disputes over performance activity of advisory activities • Natural disaster losses Damage to physical activities Disasters and • Human losses from external other events sources (terrorism etc) • Hardware/ software Business disruption and systems failure Systems • Telecommunications/ Utility disruptions5/22/2011 Bushra Angbeen 27
  28. 28. Operational Risk Events Categories Level 1 Level 2 Examples (Level 3) Execution, delivery Transaction • Data entry error and process capture, execution • Delivery failure management & maintenance • Failed mandatory reporting/ Monitoring & inaccurate external reporting reporting Customer intake • Incomplete/ missing documents & documentation • Unapproved access given to Customer client account / client account management • Negligent loss to client’s assets Trade • Non-client counterparty counterparties disputes Vendors & • Vendor disputes suppliers5/22/2011 Bushra Angbeen 28
  29. 29. Management of Operational risk is taken to mean: What is Operational Risk “Management” ?Identification Assessment Monitoring Mitigation reporting Measuremnt Traditionally, Banks have always emphasized:  prevention of frauds  maintenance of integrity of internal controls  reduce errors in transaction processing  safeguard the data and systems of the Bank and so on….. Then what is new ?? To view operational risk management as a comprehensive practice comparable to the management of credit risk and market risk To set aside a adequate capital charge to meet operational risks 5/22/2011 Bushra Angbeen 29
  30. 30. Objectives of Operational Risk ManagementReduce Impact Enable the Bank reduce the probability andand Probability of potential impact of losses through theEvents introduction of “good practices” Enable the businesses and functional areas toImprove Controls improve controls and mitigation of significantand Mitigate Risks operational risks throughout the organization.Awareness Develop a common understanding of operational risk across the Bank involving every employee at all levels for pro-active management of operational risks.Risk Ownership Ensure that there is clear ownership for each element of operational risk and assign clear responsibility for related day to day risk management and mitigation. * These objectives of operational risk management have been formalized by SBI in its OR policy5/22/2011 Bushra Angbeen 30
  31. 31. Objectives of Operational Risk Management Meet or exceed the regulatory requirementsRegulation Help in meeting the capital adequacy requirements set out by regulators andBetter Capital develop awareness of capital efficiency so asManagement to help the Bank meet its capital performance objectivesReward for better Create awareness of the level of risk incurredrisk management and ensure that product pricing compensates for the levels of risks undertaken. Explore the range of alternatives for risk mitigation and choose the most cost effective solution to address the operational risk incurred.Quality of Service Improve the overall quality of the bank’s products, processes, and services to customers5/22/2011 Bushra Angbeen 31
  32. 32. Pillars of operational risk managementPolicy Lays down the scope, objectives and overall guidelines for bank- wide ORM implementationGovernance Lays down the position, roles/ responsibilities and reportingstructure lines of the personnel involved in ORMProcess Involves risk identification, validation/ assessment, mitigation, measurement and reporting envisaged by Basel II and RBI for effective risk managementTechnology Required for collection of loss data and assessment results, aggregation of risk information and reportingTraining For structured dissemination of ORM process across the bank and creating robust risk management environment These requirements are based on guidance of Sound Practices for the Management and Supervision of Operational Risk (SPOR) issued by Basel II recommended by RBI in Guidance note on ORM for development of an appropriate risk management environment in the bank5/22/2011 Bushra Angbeen 32
  33. 33. Title Author Publisher Suggested Reading An introduction to Operational Risk Kaiser & Kohne Risk Books Operational Risk Jack L. King Wiley Finance Managing Operational Risk Douglas G. Hoffman Wiley Finance Sound Practices for the Mgmt & Basel BIS Publication Supervision of Operational Risk Operational Risk Modelling & Analysis M.Cruz Risk Books Control & Self-Assessment for Risk Ed : Wade & Wyne Mgt & other Practical Applications Integrating market, Credit & Lampros Kalyvas, Risk Books Operational Risk I.Akkizidis Operational Risk with Excel & VBA Nigel Da Costa Wiley5/22/2011 Bushra Angbeen 33
  34. 34. Thank You.....!!!!!5/22/2011 Bushra Angbeen 34