4. Advanced Measurement Approach, continued
The AMA Promotes this following:
• The quantification of operational risks, which supports fundamental
business needs
• The focus on measurement, control, and management of OR
• Supervisory approval based on qualitative and quantitative standards
• Consistently sound and rapidly evolving industry practice
• Improved operational risk management
• Innovation (ability to design your own approach)
• Reflection of the specifics of the bank’s operational risk profile
• Encouragement and rewards for better for ORM
• Active role of the board and senior management
• Regular management reporting of risk profile
• Bank wide and consistent loss data collection
• Integration with other risk management process
• Regular scenario analysis
• Comprehensive documentation for the OR measurement framework
5. Advanced Measurement Approach, continued
The AMA Promotes this following:
• Regular reviews of ORM framework by internal or external audit
• Robust and representative internal operational risk data
• Minimum historical observation periods of three years
• Use of external risk data when deemed necessary
• Regular validation of complete operational risk measurement process
• Appropriate systems information infrastructure capable of identifying
and gathering data and of supporting analytics
• Preventive, reactive, and detective management processes
• Identification of risk mitigation
• Operational risk assessment for key indicators
• Causal analysis
• Day-to-day efficient process management
• Operational risk monitoring, reporting, and profiling
• Business continuity planning
• Management follow-up and action
7. AMA Measuring System, continued
Business Lines
1. Corporate Finance
2. Trading and Sales
3. Retail Banking
4. Commercial Banking
5. Payment and Settlement
6. Agency Services and
Custody
7. Asset Management
8. Retail Brokerage
Loss Event Types
1. Internal Fraud
2. External Fraud
3. Employment Practices and
Workplace Safety
4. Clients, Products, and
Business Practices
5. Damage to Physical Assets
6. Business Disruption and
System Failures
7. Execution, Delivery, and
Process Management
OR Types
People
External
Events
People
Organization
External
Events
Systems
Processes
Mapping the Operational Risk Types to the Seven Loss Event
Types & to the eight Business Lines
8. AMA Measuring System, continued
Internal Risks External Risks
People Processes Systems External Physical
Employee
collusion/fraud
Employee error
Employee
misdeed
Employer liability
Employment law
Health and
Safety
Industrial action
Lack of
knowledge/skills
Loss of key
personnel
Accounting error
Capacity risk
Contract risk
Misselling/ suitability
Product complexity
Project risk
Reporting error
Settlement/ payment
error
Transactions error
Valuation error
Data quality
Programming
errors
Security breach
Strategic risks
(platform/suppliers)
System capacity
System
compatibility
System delivery
System failure
System suitability
Legal
Money
laundering
Outsourcing
Political
Regulatory
Supplier risk
Tax
Fire
Natural disaster
Physical security
Terrorism
Theft
Operational Risk Classification
Source: British Bankers’ Association Survey in Jorion 2005, 579.
9. AMA Measuring System, continued
Financial Risks
(Interest Rate, Market, Credit)
Operational Risks
Consciously and willingly faced Unavoidable
“Speculative” risks, implying losses or
profit
Pure risks, implying losses only
Consistent with an increasing
relationship between risk and expected
return
Not consistent with an increasing
relationship between risk and expected
return
Easy to identify and understand Difficult to identify and understand
Comparatively easy to measure and
quantify
Difficult to measure and quantify
Large availability of hedging instruments Lack of effective hedging instruments
Comparatively easy to price and transfer Difficult to price and transfer
OR Peculiarities
Source: Resti & Sironi 2007, p516.
10. AMA Measuring System, continued
PEOPLE SYSTEMS PROCESSES EXTERNAL EVENT
Fraud, collusion and other
criminal activities
IT Problems (hardware
or software failures,
computer hacking or
viruses, etc.)
Execution, registration,
settlement and
documentation errors
(transaction risk)
Criminal activities (theft,
terrorism or vandalism)
Violation of internal or external
rules (unauthorized trading,
insider dealing, etc.)
Unauthorized access to
information and systems
security
Errors in models,
methodologies and mark to
market (model risk)
Political and military
event (wars or
international sanctions)
Errors related to management
incompetence or negligence
Unavailability and
questionable integrity of
data
Accounting and taxation
errors Inadequate
formalization of internal
procedures.
Compliance issues
Changes in the political,
legal, regulatory and tax
environment (strategic
risk)
Loss of important employees
(illness, injury, problems in
retaining staff, etc.)
Telecommunications
failure
Breach of mandate Natural events (fire,
earthquake, flood, etc.)
Violations of systems security Utility outages Inadequate definition and
attribution of
responsibilities
Operational failure at
suppliers or outsourced
operations
Source: Resti & Sironi 2007, p515
Operational risk and its main factors
11. AMA Measuring System, continued
7. Estimating OR capital at risk (CaR)
6. Estimating unexpected loss – Unexpected Loss (UL)
5. Estimating expected loss – Expected Loss (EL=EI x PE x LGER)
4. Estimating loss in case of events (severity) – Loss Given Event (LGE and LGER)
3. Estimating probability of occurrence of the risky events – Probability of Event (PE)
2. Estimating exposures to the risk factors – Exposure Indicator (EI) (mapping business process)
1. Identification of the risk factors
Source: Resti & Sironi 2007, p519
The different phases of the OR measurement process
12. AMA Measuring System, continued
Business
Unit
Business Line Activity
Exposure
Indicator
(EI)
Risk Factors
People Technology Processes
External
Events
Investment
Banking
Corporate
Finance
Merchant Banking, Advisory
Services, Securities u/w&
placement
TR X X X
Securities u/w &
placement GI X X X
Trading & Sales Proprietary Trading, Sales,
Mkt Making GI X X X
Banking
Retail Banking Retail Banking, Cards,
Private Banking GI X X X
Corporate
Banking
Corporate lending, Project
Finance GI X X
Payment and
Settlement
Payment and Settlement GI X X
Agency Services Corporate Agency, Custody TR X X
Asset
Management
Unit trusts, segregated
accounts AM X X X
Insurance Life & Causality Insurance TP
Retail Brokerage Retail Brokerage GI X X
Mapping Business Units to Risk Factors
Legend: TR = total revenue, GI = gross operating income, AM = assets under management, TP = total premiums. Source: Resti & Sironi 2007, p520
13. Probability of event (PE) Loss given event (LGE)
Internal audit reports
Internal historical events data
Management reports
Experts’ opinion (Delphi
techniques)
Vendors’ estimates
Budgets
Business plans
Management interview
Internal historical loss data
Historical loss data from other
banks or consortium data series
Industry benchmark
External estimates (consultants,
data providers, vendors, etc.)
Information sources for the measurement of OR
AMA Measuring System, continued
Source: Crouhy, Galai. Mark 2000 in Resti & Sironi, 2007, p523.
14. AMA Measuring System, continued
Risk Factor Cause Effect Information source
People Loss of key human
resources acquired by
competitors
Variance in revenues
and profits (recruiting &
training expenses,
negative impact on the
existing HR)
Delphi technique
Process Productivity decrease
due to an unexpected
increase in the
business volume
Variance in process
costs with respect to
the expected levels
Historical series
External estimates
Technology Cost related to the
updating of information
systems
Variance in
technological
resources
management and
maintenance costs
Historical series
External estimate
Industry benchmarks
OR risk factors: example of causes, effect and information sources
Source: Resti & Sironi 2007, p523
15. AMA Measuring System, continued
Internal Measurement Approaches (IMAs) (1)
The measure and collect data inputs for specified set of business lines
and risk types:
• An operational risk exposure indicator (EI) within each business line –
the amount of risk for different business lines
• A parameter representing the probability that a loss event (PE) occurs
• A parameter representing the losses given such events (LGE)
The expected loss (EL) is given as the product of EI, PE, and LGE
EI * PE * LGE = Expected loss (EL) for each business line/loss type
combination.
Note: For bank, to calculate the capital charge, the bank will apply to the
data it has collected a fixed percentage (“gamma factor”) for each
business line.
16. EL
Expected
Loss
x x
=
Berapa
kemungkinan
nasabah gagal
bayar (default)
Berapa ekposur
pada saat
nasabah
default
Berapa kerugian
pada saat
nasabah default
(setelah recovery
dari upaya
penagihan,
penjualan agunan
atau garansi)
Risiko Fasilitas Risiko Peminjam
PD
Probability of
Default
EAD
Exposure at
Default
LGD
Loss Given
Default
Risk Rating Outstanding
Fasilitas
%
Outstanding
unrecovered
= 1 – recovery
rate
PERHITUNGAN EXPECTED LOSS PADA KREDIT: PARAMETER UTAMA
17. x x
= 5,0% Rp. 1 miliar 30%
EL PD EAD LGD
= x x
PD sesuai Rating
nasabah mengacu
pada lembaga
pemeringkat
Limit = Rp. 1 miliar
Ditarik penuh
Estimasi bank
bagian yang
tertagih hanya
70%
Kredit jangka panjang sebesar Rp. 1 miliar kepada perusahaan dengan peringkat BB,
jangka waktu tiga tahun, tanpa agunan (unsecured), pelunasan sekaligus (no
amortization)
Rp. 15 juta
CONTOH PERHITUNGAN EXPECTED LOSS PADA KREDIT
18. Exposure Recovery
Loss Given
Default
Volatilitas
Default Rates
Expected
Loss
Unexpected
Loss
dicover oleh pricing
& PPAP
dicover oleh
Economic Capital
EXPECTED LOSS dan UNEXPECTED LOSS
CONTOH Tahun
1
Exposure a 1.000
Rata-2 default rate tahunan (%) b 2%
Deviasi dari default rate (%) c 6%
EXPECTED LOSS a x b 20
UNEXPECTED LOSS a x c 60
Default Risk
Rata-Rata
Default Rates
19. AMA Measuring System, continued
Internal Measurement Approaches (IMAs) (2)
The overall capital charge for a particular bank is the simple sum of all the
resulting products. This can expressed as in following equation :
Where i is the business line and j is the risk type.
20. Risk-event type PE
%
LGE
USD
EL (EIxPExLGE)
USD million
Internal fraud 0.0002 1000 0.13
External fraud 0.0008 1000 0.52
Employment practices and workplace
safety
0.0020 500 0.65
Clients, products and business
practices
0.0100 100 0.65
Damage due to physical assets 0.0004 500 0.13
Business disruption and system failures 0.0250 50 0.81
Execution, delivery and process
management
0.0400 50 1.30
Internal Measurement Approach – example
Exposure Indicator (EI) = USD65mio
For its retail banking business line, Bank AA would have a total of USD 4.19
million in expected losses.
AMA Measuring System, continued
21. Loss Distribution Approaches (LDAs)
Banks need calculated two distributions: one for frequency and one
for event severity:
• Frequency severity distributions are usually binomial, negative
binomial, or Poisson
• Event severity distributions are wider in choice: log normal,
Pareto, Weibull, or inverse Gaussian.
• Estimate the mean and the 99.9 percentile from the resulting
distribution (1 year value at risk),means is the expected loss.
• Difference between 99.9 percentile value at risk and expected
loss equal to unexpected loss, equals to capital charge
LDAs menggunakan dasar analisis statistik atas kejadian kerugian atau
loss experience (baik data internal maupun data eksternal).
1. Mapping pada data historis internal/eksternal untuk tiap lini bisnis dan
jenis risiko
2. Selanjutnya data dikonversi menjadi loss severity (LSD) dan frequency
distribution (FD) u/ masing2 lini bisnis/jenis risiko, menghasilkan
distribusi kerugian
3. Distribusi kerugian dapat disimulasi dengan Monte Carlo.
22. AMA Measuring System, continued
Coefficient Derivative With Respect
Delta () First Underlying asset’s price (S)
Gamma () Second
Vega () First Volatility ()
Theta () First Residual maturity (T)
Rho () No Interest rate (r)
Options’ Greeks
23. AMA Measuring System, continued
Penerapan Standar yang berlaku di industri lain:
• Definisi yang tidak tegas telah menyebabkan sebagian bank menerapkan
standar yang berlaku di industri lain
• Standar alternatif dapat memilki definisi risiko operasional yang berbeda
dengan yg terdapat pada Basel II.
• Perhitungan modal pada bank hanya mencakup definisi yang ditetapkan oleh
Basel II
• Committee of Sponsoring Organization of the Treadway Commission
(COSO) telah menyusun suatu Enterprise Risk Management – Integrated
Framework (ERM)
• COSO/ERM dimaksudkan untuk membantu perusahaan2 dan lembaga
lainnya dalam menyempurnakan sistem pengendalian internal dengan
menetapkan komponen, prinsip-prinsip, dan konsep enterprise risk
management (ERM) yang penting.
• Contoh dari meningkatnya regulasi setelah kejadian risiko dikeluarkannya
Sarbanes-Oxley Act di AS 2002 merupakan ketentuan perundang-undangan
untuk akuntabilitas korporasi (setelah kasus skandal akuntansi pada Enron
dan WorldCom).
24. Loss Distribution Approaches (LDAs)
Kerangka Kerja COSO terdiri dari delapan komponen yang saling
terkait:
• Faktor-faktor internal
• Penetapan sasaran
• Penilaian risiko
• Respon terhadap risiko
• Aktivita pengendalian
• Informasi dan komunikasi
• Monitoring
25. terimakasih
References:
Akkizidis, Ioannis S., dan Vivianne Bouchereau. 2006.
Guide to Operational Risk & Basel II, Aurbach
Publication.
Resti, Andrea and Andrea Sironi. 2007. Risk
Management and Shareholders’ Value In Banking:
From Risk Measurement Models to Capital Allocation
Policies. Jon Wiley & Sons Ltd.
Jorion, Philippe. 2005. Financial Risk Manager
Handbook. GARP, Risk Management Library.
BSMR (Badan Sertifikasi Manajemen Risiko). 2008
Workbook Tingkat 3, Jakarta