2. OPERATIONAL RISK
Operational risk is defined as
“ the risk of loss resulting from inadequate or failed internal proses, people and
systems, of from external event. The definition include legal risk, but excludes
strategic and reputational risk”
Cause Risk Event Impact
Internal
(people, process
and systems)
• Fraud
• Human error in processing transactions
• Missing a control step
• Disruption or system failures (hardware, software,
telecommunications)
• Act of sabotage or vandalism from an employee
• Not compliance with law and regulatory requirements
• Dispute with employee due to discrimination or
harassment
• New service and/or change in the current processes
Customer’s claim
Near misses
Forgone Revenue Repurchase
of stuff fine from authority
Exeternal • Fraud
• Act of terrorism and sabotage
3. Operational Risk Management Process Identification
Identify an operational risks means at the same time identify its root cause
Internal Fraud Losses due to acts of a type intended to defraud, misappropriate property or
circumvent regulations, the law or company policy, excluding diversity/discrimination
events, which involves at least one internal party
External Fraud Losses due to acts of a type intended to defraud, misappropriate property
or circumvent the law, by a third party (theft, hacking damage, etc.)
Employment Practices
and Workplace Safety
Losses arising from acts inconsistent with employment, health or safety laws
or agreements, from payment of personal injury claims,
or from diversity / discrimination events diversity
Clients, Products and
Business Practices
Losses arising from an unintentional or negligent failure to meet a professional
obligation to specific clients (including fiduciary and suitability requirements), or from
the nature or design of a product.
Damage to Physical
Assets
Losses arising from loss or damage to physical assets from natural disaster or other
events (terrorism, vandalism).
Business Disruption and
System Failures
Losses arising from disruption of business or system failures (hardware,
software, telecommunications)
Execution, Deliver
y and Process
Management
Losses from failed transaction processing or process management, from relations with
trade counterparties and vendors (miscommunications, wrong data entry/ handling,
delivery failures, negligent loss of clients assets, etc.)
4. Assessing Operational Risk – Comparison of Approaches
top-down approaches
bottom-up approaches
which attempt to model aggregate operational losses without
giving attention to underlying operational process
which attempt to model losses by mapping the operational
process to predetermined risk components.
Bottom-up model start at the individual business unit or process
level. The result are then aggregated to determine the risk
profile of the institution
Tool used to manage operational risk can be classified into six categories :
1. Audit oversight
2. Critical self-assessment
3. Key risk indicator
4. Earning volatility
5. Causal networks
6. Actuarial models
5. Assessing Operational Risk –
Actuarial Model : Loss Distribution Approach (LDA)
Loss distribution approach (LDA) is a borrowed technique from actuarial industry which has being used to model
insurance losses for many years. Similar to IMA, LDA categorize the risk events on a matrix by business line and
event type. But rather than compute the expected losses, LDA estimates two separates distributions for frequency of
losses and severity of losses for each risk cell using internal data.
Actuarial models assess objective distribution of losses from the historical data and are widely used in banking and
insurance industry. Such models combine two types of distribution: The loss frequency and the loss seriousness. The
distribution of the loss frequency describes the number of events that caused the loss over a certain period of time,
called the Loss Distribution Approach (LDA).
In the further analysis we can calculate the loss frequency distribution by the variable n, which represents the number
of loss repetitions over a period of time. The density function is as follows :
p.d.f. loss frequency = f (n), n = 0,1,2
This can be described with several analytical functions such as binominal, Poisson, negative binominal or geometric,
all of which require n to be a positive integer. If x (or X) represents the loss severity when a loss appears, its density
can be defined as follows:
p.d.f. loss strength = g (x / n =1), = x ≥ 0
6. Assessing Operational Risk –
Actuarial Model : Loss Distribution Approach (LDA)
EXAMPLE
Prequency Distribution
Probability Number
0,6
0,3
0,1
0
1
2
Expectation 0,5
Severity Distribution
Probability Loss
0,5
0,3
0,2
$1,000
$10,000
$100,000
Expectation $23,500
Number First Second Total Sorted Cumulative
Of losses Loss ($) Loss ($) Loss ($) Probability Losses Probability
- - - - 0,600 0 60,00%
1 1.000 0,150 1.000 75,00%
1 10.000 0,090 2.000 77,50%
1 100.000 0,060 10.000 86,50%
2 1.000 1.000 2.000 0,025 11.000 89,50%
2 1.000 10.000 11.000 0,015 20.000 90,40%
2 1.000 100.000 101.000 0,010 100.000 96,40%
2 10.000 1.000 11.000 0,015 101.000 98,40%
2 10.000 10.000 20.000 0,009 110.000 99,60%
2 10.000 100.000 110.000 0,006 200.000 100,00%
2 100.000 1.000 101.000 0,010
2 100.000 10.000 110.000 0,006
2 100.000 100.000 200.000 0,004
lebih besar dari 95% --- > 100.000 dengan probabilitas 96,40%
expected loss --> 0,5 x 23.500 = 11/750
unexpected loss --> 100.000 - 11.750 (0,5 x 23.500) = $88.250
7. Assessing Operational Risk –
Actuarial Model : Loss Distribution Approach (LDA)
EXAMPLE 25.8 : FRM EXAM 2007 – QUESTION 33
Suppose you are given the following information about the operational risk losses at your bank. What is the estiate of
the var at the 95% confidandence level, including expected loss (EL) :
Prequency Distribution
Probability Number
0,5
0,3
0,2
0
1
2
Severity Distribution
Probability Loss
0,6
0,3
0,1
USD 1,000
USD 10,000
USD 100,000
Number First Second Total Sorted Cumulative
Of losses Loss ($) Loss ($) Loss ($) Probability Losses Probability
- - - - 0,500 0 50,00%
1 1.000 0,180 1.000 68,00%
1 10.000 0,090 2.000 75,20%
1 100.000 0,030 10.000 84,20%
2 1.000 1.000 2.000 0,072 11.000 91,40%
2 1.000 10.000 11.000 0,036 20.000 93,20%
2 1.000 100.000 101.000 0,012 100.000 96,20%
2 10.000 1.000 11.000 0,036 101.000 98,60%
2 10.000 10.000 20.000 0,018 110.000 99,80%
2 10.000 100.000 110.000 0,006 200.000 100,00%
2 100.000 1.000 101.000 0,012
2 100.000 10.000 110.000 0,006
2 100.000 100.000 200.000 0,002
Because Var should include EL, there is no need to compute EL Separetely. the
table shows that the smallest loss such that the cumulative probability is 95% or
more is $100,000
8. Managing Operational Risk–
Mitigating Operational Risk
Operational Risk can be minimized in a number of ways, through internal and
exsternal controls.
Internal control methods consist of :
Separation of function
Dual entries
Reconciliation
Tickler systems
Controls over amendments
External control methods consist of :
Confirmation
Verifications of prices
Authorization
Settlement
Internal and exsternal audit