Operational risk can result in losses from internal failures or external events. It is classified based on frequency and impact of events. Management typically focuses on low frequency/high impact events and high frequency/low impact events. The Basel Accords define three approaches to operational risk capital requirements: Basic Indicator, Standardized, and Advanced Measurement. The Standardized Approach divides business activities into eight lines and assigns a beta multiplier to each line's gross income. The Advanced Measurement Approach uses banks' internal models to calculate regulatory capital.

1. OPERATIONAL RISK MANAGEMENT
07/03/20
14
1

2. What is Operational Risk?

The risk of loss resulting from inadequate or failed
internal processes, people and systems or from
external events (The Basel II Capital Accord)

FORMERLY any risk but market and credit risks

It is NOT a brand new stuff and it is the risk that affects
all businesses

Operational risk is inherent in carrying out a process/
operational activity.
07/03/20
14
2

3. Classification of Operational Risks
High
Frequency
Frequency
High
Frequency
Low
Impact
Low
Low
Frequency
Frequency
Low
High
Impact
Operational risk events are
classified by two factors:
High
Impact

Impact

frequency – how often the
event occurs

impact – the amount of
the losses resulting from
the event
Impact
07/03/2014
3

4. Classification of Operational Risks

Generally, operational risk management focuses on only
two of these event types:



Low frequency / high impact (LFHI)
High frequency / low impact (HFLI)
Why?
07/03/20
14
4

5. Classification of Operational
Risks

High frequency/low impact events are managed to
improve business efficiency. These events tend to be
readily understood and are viewed as ‘the cost of doing
business’.

Examples?
07/03/20
14
5

6. Expected loss verses unexpected loss

Expected loss is the loss incurred as a bank conducts its
normal business.

Can be simply defined as the cost of doing business

The only way to totally prevent them is to cease doing
business.
07/03/20
14
6

7. Expected loss versus
unexpected loss

A bank uses statistical methods to predict its expected
losses.

In short, the firm uses past data and experience to
predict the future.

A simple method of calculating expected loss is to
compute the mean (average) of the actual losses over a
given time and accept this as the likely future level.
07/03/20
14
7

8. Expected loss verses unexpected
loss

A firm may also attempt to ‘predict’ its unexpected
losses using statistics, much like the way that is used to
predict expected losses.

The problems are the past data may not available and
therefore to calculate unexpected loss a firm uses:

available internal data

external data from other firms

data from operational risk scenarios
07/03/20
14
8

9. Operational risk event
categories

The simplest way of understanding operational risk in banks
is to categorize it as anything but credit risk or market risk.

However, this is a very broad definition and does not help
manage operational risk.

Generally, operational risk events can be subdivided into:

internal process risk

people risk

systems risk

external risk

legal risk
07/03/20
14
9

10. Internal Process Risk

Internal process risk is defined as the risk associated
with the failure of a bank’s processes or procedures.

During a bank’s day-to-day operations, staff follow
preset working practices.

These procedures and policies will include all the
checks, and controls required to ensure that customers
are correctly served and the bank remains within the
laws and regulations by which it is governed
07/03/20
14
10

11. Internal Process Risks

Internal process risk events include:


lack of controls

marketing errors

misselling

money laundering

incorrect or insufficient reporting (e.g. regulatory)


documentation – inadequate, insufficient or wrong
transaction error
Reviewing and improving a bank’s internal processes as part of
operational risk management can improve its efficiency. Errors often
occur when a process is complicated, disorganized or easily
circumvented, all of which are also inefficient business practices.
07/03/20
14
11

12. Risk Management Process Feedback Loop
1. Identify, assess and
prioritize risks
6. Revise
policies and
procedures
2. Develop
strategies to
measure risk
5. Test
effectiveness
and evaluate
results
3. Design policies and
procedures to mitigate risks
4. Implement
and assign
responsibility 07/03/20
14
12

13. There are four fundamental steps to managing operational risk, with
each step leading to improvements in management & control quality
and greater economic profit
REPORTING
• Integrated MIS
reporting
Economic Profit
MEASUREMENT
PROCESSES
• Loss data collection
FRAMEWORK
• Risk indicator data
collection
• Risk
strategy, tolerance
• Control selfassessment
• Roles and
responsibilities
• Estimation of scores
representing quality
of internal controls
• Workflow
• Risk definition and
categorization
• Estimation of VaR –
risk capital
• Risk assessment and
analysis
• Policies and
procedures
• Estimation of annual
losses – cost of
operational failure
• Follow up action
• Automatic notification
Management & Control Quality
• Awareness of
exposures
• Knowledge of
controls quality
• Cost benefit analysis
• Improved risk
mitigation and
transfer strategy

14. The universe of operational risks spans causes, events and consequences
CAUSES
EVENTS
Inadequate
segregation of duties
Insufficient training
Lack of management
supervision
Inadequate
auditing procedures
Inadequate security
measures
•
•
•
Poor systems
design
CONSEQUENCES
Legal Liability
Internal
Fraud
Regulatory, Compliance
& Taxation Penalties
External
Fraud
Loss or Damage
to Assets
Employment Practices
& Workplace Safety
Restitution
Clients, Products
& Business Practices
Loss of Recourse
Damage to
Physical Assets
Write-down
Business Disruption
& System Failures
Reputation
Execution, Delivery &
Process Management
Business Interruption
Poor HR
policies
EFFECTS
Monetary
Losses
OTHER
IMPACTS
Forgone
Income

15. Using internal and external loss data can calculate Value at Risk
RISK MATRIX FOR
LOSS DATA
INDIVIDUAL
LOSS EVENTS
LOSS
DISTRIBUTIONS
74,712,345
74,603,709
74,457,745
74,345,957
74,344,576
•
INTERNAL
FRAUD
Corporate Finance
Number
Mean
EXTERNAL
FRAUD
EMPLOYMENT
PRACTICES &
WORKPLACE
SAFETY
CLIENTS,
PRODUCTS &
BUSINESS
PRACTICES
DAMAGE TO
PHYSICAL
ASSETS
EXECUTION,
DELIVERY &
PROCESS
MANAGEMENT
BUSINESS
DISRUPTION AND
SYSTEM
FAILURES
TOTAL
36
3
25
36
33
150
2
315
35,459
56,890
56,734
1,246
89,678
44,215
52,056
3,456
Standard Deviation
5,694
8,975
3,845
7,890
3,456
245
23,543
6,976
Number
Mean
Standard Deviation
50
53,189
8,541
4
78,084
13,463
35
5,184
5,768
50
85,335
11,835
46
85,101
5,184
210
1,869
368
3
134,517
35,315
441
66,322
10,464
Retail Banking
Number
45
4
32
45
42
189
3
397
47,870
70,276
4,666
76,802
76,591
1,682
121,065
Mean
7,687
12,116
5,191
10,652
4,666
331
31,783
Number
Mean
Standard Deviation
41
43,083
6,918
3
63,248
10,905
28
4,199
4,672
41
69,121
9,586
37
68,932
4,199
170
1,514
298
2
108,959
28,605
37
3
26
37
34
153
2
3
4
321
38,774
56,923
3,779
62,209
62,039
1,363
98,063
48,349
Standard Deviation
6,226
9,814
4,205
8,628
3,779
268
25,744
7,628
Agency Services
Number
Mean
Standard Deviation
44
46,529
7,472
4
68,308
11,777
31
4,535
5,045
44
74,651
10,353
40
74,446
4,535
184
1,635
321
2
117,675
30,893
386
58,018
9,154
Asset Management
Number
Mean
•
2
357
53,721
8,476
Number
1
9,417
Commercial Banking
0
59,690
Standard Deviation
Payment & Settlements
167,245
142,456
123,345
113,342
94,458
TOTAL LOSS
DISTRIBUTION
Frequency
of events
Trading & Sales
•
VAR
CALCULATION
40
3
28
40
36
165
2
347
41,876
61,477
4,081
67,186
67,002
1,472
105,908
52,217
Standard Deviation
6,725
10,599
4,541
9,318
4,081
289
27,804
8,238
Retail Brokerage
Number
Mean
Standard Deviation
48
50,252
8069
4
73,773
12719
33
4,898
5449
48
80,623
11182
44
80,402
4898
198
1,766
347
3
127,090
33365
417
62,660
9886
Insurance
Number
Mean
43
4
30
43
39
179
2
66,395
4,408
72,561
72,362
1,589
114,381
56,394
7,262
11,447
4,904
10,063
4,408
312
30,028
8,897
435
45,653
7,331
36
67,021
11,555
302
4,450
4,950
435
73,245
10,158
399
73,044
4,450
1,812
1,604
315
24
115,459
30,311
Severity
of loss
375
45,226
Standard Deviation
Number
Mean
Standard Deviation
3,806
56,926
8,981
Mean
Total
VaR
Calculator
e.g.,
Monte
Carlo
Simulation
Engine
Mean
99th Percentile
Annual Aggregate Loss ($)
0-10
1020
2030
3040
4050

16. Composite control assessment/indicator scores can be used to modify
capital figures
VAR
CONTROL
ASSESSMENT/INDICATOR
SCORE
CAPITAL
Adjustment for
Quality of
Current Control
Environment
210
190
100
Current score
Previous score
50
0
Linking capital to changes in the quality of internal controls provides an incentive for
desired behavioral change

17. What does it tell us?
07/03/20
14
17

18. Basel II Approaches on Operational Risk
•Basic Indicator
•Standardized
•Advanced Measurement
•OPERATIONAL
•Standardized
•Foundation IRB
•Advanced IRB
•CREDIT
07/03/20
14
18

19. The Basic Indicator Approach

Banks using the Basic Indicator Approach must hold
capital for operational risk equal to the average over
the previous three years of a fixed percentage (denoted
alpha) of positive annual gross income.

Figures for any year in which annual gross income is
negative or zero should be excluded from both the
numerator and denominator when calculating the
average.
07/03/20
14
19

20. The charge may be expressed as follows:
07/03/20
14
20

21. The Standardized Approach

In the Standardized Approach, banks’ activities are divided into eight
business lines: corporate finance, trading & sales, retail
banking, commercial banking, payment & settlement, agency
services, asset management, and retail brokerage.

Within each business line, gross income is a broad indicator that serves
as a proxy for the scale of business operations and thus the likely scale
of operational risk exposure within each of these business lines.

The capital charge for each business line is calculated by multiplying
gross income by a factor (denoted beta) assigned to that business line.

Beta serves as a proxy for the industry-wide relationship between the
operational risk loss experience for a given business line and the
aggregate level of gross income for that business line.

It should be noted that in the Standardized Approach gross income is
measured for each business line, not the whole institution, i.e. in
corporate finance, the indicator is the gross income generated in the
corporate finance business line
07/03/20
14
21

22. Standardized Approach
07/03/20
14
22

23. Standardized Approach
07/03/20
14
23

24. Mapping Business Lines
07/03/20
14
24

25. Advanced Measurement Approaches (AMA)

Under the AMA, the regulatory capital requirement will
equal the risk measure generated by the bank’s internal
operational risk measurement system using the
quantitative and qualitative criteria.

Use of the AMA is subject to supervisory approval.

A bank adopting the AMA may, with the approval of its
host supervisors and the support of its home
supervisor, use an allocation mechanism for the purpose
of determining the regulatory capital requirement
07/03/20
14
25

26. List of reference

Basel II: Revised international capital framework.
Bis.org. Retrieved 2013-06-06.

Jump up Solvency - European Commission.
Ec.europa.eu. 2012-11-26. Retrieved 2013-06-06
07/03/20
14
26