Operational Risk for Bank

OR 101

Introduction

OH 1-2

Module 1 Objectives

At the end of this module:

You will have reviewed the course objective and had an overview of the entire course.

Made personal introductions.

OH 1-3

Course Objective

Operational Risk 101 is designed to introduce

participants to a number of the key aspects of

operational risk; what it is, the importance of

controlling it, the techniques employed, how to

approach quantifying it, as well as to outline the

expected regulatory framework.

Why Operational Risk?

Importance of OR

“Traditional approach of firms has been to tolerate OR – to see it as a cost of being in business. Wrong to say that it has not been managed – it has, but in an ad hoc way, with responsibility delegated to line management who in turn have leant heavily on other functions, such as internal audit and human resources. Focus has been ex-post rather than ex-ante – how to deal with control problems rather than how to identify control weaknesses. But this is changing. Why? Undoubtedly high-profile losses are one reason. We have had sadly had too many reminders over recent years of the losses that different forms of OR can generate across different sectors and activities. These show that, contrary to the old wisdom, OR can be an unacceptably high, or indeed catastrophic, cost of doing business. Secondly, there has been increased regulatory attention. True that Basel has led to an increased focus on OR. This is good. What would not be good is focus on OR purely to meet regulatory requirements. If this happens, then both the industry and we as regulators will have missed a trick somewhere. Thirdly, the wider regulatory environment – increased emphasis on corporate governance and transparency. Lastly, a growing recognition of the business benefits for better OR assessment and management - that as with any other form of risk OR that goes unnoticed and unmanaged will lead to volatility of earnings. Mention of OR might not get the FD to sit up and listen. Volatility of earnings certainly will”

Michael Foot, Managing Director of Financial Services Authority, UK


Since the mid-1990s, the topics of market risk and credit risk have been the subject of much debate and research, with the result that financial institutions have made significant progress in the identification, measurement and management of both these forms of risk.

Globalization and deregulation in financial markets, combined with increased sophistication in financial technology, have introduced more complexities into the activities of banks and therefore their risk profiles. These reasons underscore banks' and supervisors' growing focus upon the identification and measurement of operational risk.

Events such as the September 11 terrorist attacks, rogue trading losses at Societe Generale, Barings, and the Y2K scare serve to highlight the fact that the scope of risk management extends beyond merely market and credit risk.

The list of risks (and, more importantly, the scale of these risks) faced by banks today includes fraud, system failures, terrorism and employee compensation claims. These types of risk are generally classified under the term 'operational risk'.

The identification and measurement of operational risk is a real and live issue for modern-day banks, particularly since the decision by the Basel Committee on Banking Supervision (BCBS) to introduce a capital charge for this risk as part of the new capital adequacy framework (Basel II).


Scope

Types

Magnitude

OH 1-8

0

5

10

15

20

25

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010

Ag

gre

gat

e L

oss

Am

ou

nt

(US

$ B

illi

on

s)

0

30

60

90

120

150

Eve

nt

Co

un

t >

US

$1m

m

Aggregate Loss

Event Count

US Financial Services Sector Operational Risk Losses >USD$1mm

Improved Risk Management Can Influence Results

VALUE

"Natural Path"

"Improved Risk Management"

Ad-hoc Risk Management Systematic Approach Dynamic Risk Management

Source: Fitch Risk; Analysis JPMorgan Chase Courtesy JPMorgan Chase

Enron/Worldcom Settlements

OH 1-9

Basel II Operational Risk Contents

Basel II Pillars

1. Capital adequacy: Basic

Standardized Advanced Measurement Approaches

2. Supervision

3. Disclosure

Basel Sound Practices: Sound Practices for

the Management and Supervision of Operational

Risk, February 2003

10

30%

38%

59%

67%

71%

74%

75%

0% 20% 40% 60% 80% 100%

Clients, products and business practices

Damage to physical assets

Execution, delivery andprocess management

External fraud

Business disruption andsystem failure

Internal fraud

Employment practices and workplace safety

RMA Survey 2003

Operational Risk Types Ranking

11

36%

44%

51%

52%

66%

70%

73%

83%

0% 20% 40% 60% 80% 100%

Protecting against loss of reputation

Meeting Basel II regulatory requirements

Reducing operational losses

Improving performance

Increasing accountability andimproving governance

Optimizing the allocation of capital

Combating the threat of businessdisruption, including terrorism

Meeting Sarbanes/Oxley requirements

RMA Survey 2003

ORM Strategic Choices Ranking

OH 1-12

How Does a Leading Bank Look at Operational Risk? JP Morgan’s strategy for Operational Risk:

1. Increase understanding of key drivers

of operational risk

2. Develop user-friendly, cost effective tools that are

business oriented and risk specific

3. Create a “no surprise” attitude driving continuous self improvement

4. Improve financial performance through lower losses, reduced volatility, efficient capital usage

5. Integrate with other comparable efforts, e.g., anti-money laundering, Business Continuity

6. Satisfy regulatory requirements

“Four Components of Value”1. Reduce OR Losses2. Improve Profitability3. Reduced Probability of Tail Events4. Enhance Capital efficiency

OH 1-13

101 - Course Outline

Overall Risk Rating - Moderate

Processing Risk - Q3 Loss ReportDetailed Report - FX

Q4 2001 Q1 2002 Q2 2002 Q3 2002 Roll 12M Budget Variance %Chg

Execution Losses - HF 1.5 1.9 2 2.1 7.5 6.0 (1.5) 5%

Execution Losses - non HF 2.1 2.0 1.4 1.2 6.7 3.0 (3.7) -14%

Settlement Losses - All 1.9 2.2 2.4 2.5 9.0 7.5 (1.5) 4%

Fees 0.7 0.9 0.9 1.0 3.5 3.0 (0.5) 11%

Total FX 6.2 7.0 6.7 6.8 26.7 19.5 (7.2) 1%

Volatility Total 1.0 1.2 1.2 1.2 1.15 0%

Action Item Alert

Open FX High Risk Action Items

• FX Management committed to automate thecapture of hedge fund payment instructions.

• FX Management to monitor the impact of HFclient take on rate on processing infrastructure witha view to moderate / halt if risk levels rise further.

Losses

Approval

Environmental Factors (EFs)

Q3 2002 FX Customer Satisfaction

0

10

20

30

40

50

60

70

80

1001

1101

1201

0102

0202

0302

0402

0502

0602

0702

0802

0902

Customer Satisfaction

Q3 2002 FX Hedge Fund Clients

0

5

10

15

20

25

30

35

40

45

1001 1101 1201 0102 0202 0302 0402 0502 0602 0702 0802 0902

Hedge Fund Clients

As at As at 12 Month Risk Rating6/30/2002 9/30/2002 Average

Customer Satisfaction 55 45 57.5 MODHedge Fund Clients 32 42 27.8 MOD

Q3 2002 FX Confirmations

0

1000

2000

3000

4000

5000

6000

7000

1001

1101

1201

0102

0202

0302

0402

0502

0602

0702

0802

0902

Outstanding Confirmations

Q3 2002 Unmatched Payments

0

100

200

300

400

500

600

700

100111011201 01020202030204020502 0602070208020902

Unmatched Payments

Key Risk Indicators (KRIs)

As at As at 12 Month Risk Rating6/30/2002 9/30/2002 Average

Outstanding Confirmations 4100 5900 4262.5 HIGHUnmatched Payments 610 630 534.6 MOD

Commentary CommentaryNumbers of outstanding confirmations increased significantly in Sept, taking them just intothe high risk band. Hedge funds account for the majority of the increase.Payment mismatches remain moderate with little impact felt from the IT changes.

Market EF’s continue to show pressure building on the infrastructure. HF take on is aheadof plan and looks set to continue. Client satisfaction continues to weaken. The technologyenvironment is stable with hedge fund enhancements anticipated in in Q4. Rework withinOperations has increased on settlement problems, overtime is increasing but the risk isunder control.

Business Mgmt Risk Mgmt

Status

Overdue and Open

Current and Open

Module

3 –

Regula

tory

La

ndsc

ape

(Base

l II)

Module 7 - Measuring OR

Modules 5 OR Tools

Module 4 - ORM & Organization

Module 2 - What is OR?

Risk Identification

RiskPolicy

RiskManagement& Reporting

RiskManagement

& Analysis

RiskMitigation

PerformanceMeasurement

ProcessRisks

ConductRisks

ExternalRisks

Module 6 – Case Study

14

Creating a No Surprise

Environment

Improving Financial

Performance

Pursuing Active Management

of Risk

Three simple standards to measure excellence:

Question: How are we doing against these standards?

Excellence in Operational Risk

From Joe Sabatini: GORF Presentation 1/2005

15


Environment

Improving Financial

Performance


of Risk

Current State

• Loss events, negative audits routinely identify ‘new’ risks / control weaknesses

• Self assessments are comprehensive, but can lack granularity and precision

• Hand-offs and interdepartmental dependencies not fully understood

• Control weaknesses can vary with business cycles

• Metrics not in place to quantify control effectiveness or provide early warnings

• Transparency and escalation of issues not always adequate



16


Environment

Improving Financial

Performance


of Risk

Desired State

• Risk issues / control gaps well known prior to losses / audits

• Metrics in place to track trends; provide early warnings

• Interdepartmental dependencies well understood and tracked

• Issues are appropriately transparent and escalated

• Risks are taken and managed on fully informed basis



17


Environment

Improving Financial

Performance


of Risk

Current State

• Size and volatility of losses can materially impact business performance

• Some businesses cannot estimate or accurately budget for losses

• Large losses / risk events impact reputation, may compress share price & P/E ratios

• Manual nature of data management, reporting and compliance unnecessarily costly

• Nonstandard tools, processes and methodologies in place across each business

• Regulatory initiatives (e.g. Basel II, SOX) pursued as independent projects



18


Environment

Improving Financial

Performance


of Risk

Desired State

• Size and volatility of losses track within predictable / budgetable parameters

• Strong risk performance and reputation commands premium P/E ratio

• Data aggregation and reporting automated using single source of information

• Single processes / tools leveraged for multiple purposes

• Regulatory requirements embedded in BAU processes and tools

• Resources dedicated to control improvements



19


Environment

Improving Financial

Performance


of Risk

Current State

• Full costs of op risk not fully measured or understood

• Cost of op risk not fully reflected in business P/L

• Op risk information and insurance purchases not integrated / coordinated

• No understanding of correlation between market / credit risk and op risk

• No understanding of impact of external factors, business cycles, etc.

• No concept of portfolio risk management applied to operational risk



20


Environment

Improving Financial

Performance


of Risk

Desired State

• Costs of operational risk fully understood and reflected in business P/L

• Correlations with other risks, external factors etc. well understood

• Insurance coverage closely integrated with internal measures of risk

• Tools and products exist to transfer / mitigate operational risk on a portfolio basis

• Enterprise Risk Management becomes a reality



Operational Risk for Bank

Business

Transcript of Operational Risk for Bank