Operational Risk for Bank
-
Upload
rahmat-mulyana -
Category
Business
-
view
936 -
download
1
description
Transcript of Operational Risk for Bank
OR 101
Introduction
OH 1-2
Module 1 Objectives
At the end of this module:
You will have reviewed the course objective and had an overview of the entire course.
Made personal introductions.
OH 1-3
Course Objective
Operational Risk 101 is designed to introduce
participants to a number of the key aspects of
operational risk; what it is, the importance of
controlling it, the techniques employed, how to
approach quantifying it, as well as to outline the
expected regulatory framework.
Why Operational Risk?
Importance of OR
“Traditional approach of firms has been to tolerate OR – to see it as a cost of being in business. Wrong to say that it has not been managed – it has, but in an ad hoc way, with responsibility delegated to line management who in turn have leant heavily on other functions, such as internal audit and human resources. Focus has been ex-post rather than ex-ante – how to deal with control problems rather than how to identify control weaknesses. But this is changing. Why? Undoubtedly high-profile losses are one reason. We have had sadly had too many reminders over recent years of the losses that different forms of OR can generate across different sectors and activities. These show that, contrary to the old wisdom, OR can be an unacceptably high, or indeed catastrophic, cost of doing business. Secondly, there has been increased regulatory attention. True that Basel has led to an increased focus on OR. This is good. What would not be good is focus on OR purely to meet regulatory requirements. If this happens, then both the industry and we as regulators will have missed a trick somewhere. Thirdly, the wider regulatory environment – increased emphasis on corporate governance and transparency. Lastly, a growing recognition of the business benefits for better OR assessment and management - that as with any other form of risk OR that goes unnoticed and unmanaged will lead to volatility of earnings. Mention of OR might not get the FD to sit up and listen. Volatility of earnings certainly will”
Michael Foot, Managing Director of Financial Services Authority, UK
Why Operational Risk?
Since the mid-1990s, the topics of market risk and credit risk have been the subject of much debate and research, with the result that financial institutions have made significant progress in the identification, measurement and management of both these forms of risk.
Globalization and deregulation in financial markets, combined with increased sophistication in financial technology, have introduced more complexities into the activities of banks and therefore their risk profiles. These reasons underscore banks' and supervisors' growing focus upon the identification and measurement of operational risk.
Events such as the September 11 terrorist attacks, rogue trading losses at Societe Generale, Barings, and the Y2K scare serve to highlight the fact that the scope of risk management extends beyond merely market and credit risk.
The list of risks (and, more importantly, the scale of these risks) faced by banks today includes fraud, system failures, terrorism and employee compensation claims. These types of risk are generally classified under the term 'operational risk'.
The identification and measurement of operational risk is a real and live issue for modern-day banks, particularly since the decision by the Basel Committee on Banking Supervision (BCBS) to introduce a capital charge for this risk as part of the new capital adequacy framework (Basel II).
Why Operational Risk?
Scope
Types
Magnitude
OH 1-8
0
5
10
15
20
25
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
Ag
gre
gat
e L
oss
Am
ou
nt
(US
$ B
illi
on
s)
0
30
60
90
120
150
Eve
nt
Co
un
t >
US
$1m
m
Aggregate Loss
Event Count
US Financial Services Sector Operational Risk Losses >USD$1mm
Improved Risk Management Can Influence Results
VALUE
"Natural Path"
"Improved Risk Management"
Ad-hoc Risk Management Systematic Approach Dynamic Risk Management
Source: Fitch Risk; Analysis JPMorgan Chase Courtesy JPMorgan Chase
Enron/Worldcom Settlements
OH 1-9
Basel II Operational Risk Contents
Basel II Pillars
1. Capital adequacy: Basic
Standardized Advanced Measurement Approaches
2. Supervision
3. Disclosure
Basel Sound Practices: Sound Practices for
the Management and Supervision of Operational
Risk, February 2003
10
30%
38%
59%
67%
71%
74%
75%
0% 20% 40% 60% 80% 100%
Clients, products and business practices
Damage to physical assets
Execution, delivery andprocess management
External fraud
Business disruption andsystem failure
Internal fraud
Employment practices and workplace safety
RMA Survey 2003
Operational Risk Types Ranking
11
36%
44%
51%
52%
66%
70%
73%
83%
0% 20% 40% 60% 80% 100%
Protecting against loss of reputation
Meeting Basel II regulatory requirements
Reducing operational losses
Improving performance
Increasing accountability andimproving governance
Optimizing the allocation of capital
Combating the threat of businessdisruption, including terrorism
Meeting Sarbanes/Oxley requirements
RMA Survey 2003
ORM Strategic Choices Ranking
OH 1-12
How Does a Leading Bank Look at Operational Risk? JP Morgan’s strategy for Operational Risk:
1. Increase understanding of key drivers
of operational risk
2. Develop user-friendly, cost effective tools that are
business oriented and risk specific
3. Create a “no surprise” attitude driving continuous self improvement
4. Improve financial performance through lower losses, reduced volatility, efficient capital usage
5. Integrate with other comparable efforts, e.g., anti-money laundering, Business Continuity
6. Satisfy regulatory requirements
“Four Components of Value”1. Reduce OR Losses2. Improve Profitability3. Reduced Probability of Tail Events4. Enhance Capital efficiency
OH 1-13
101 - Course Outline
Overall Risk Rating - Moderate
Processing Risk - Q3 Loss ReportDetailed Report - FX
Q4 2001 Q1 2002 Q2 2002 Q3 2002 Roll 12M Budget Variance %Chg
Execution Losses - HF 1.5 1.9 2 2.1 7.5 6.0 (1.5) 5%
Execution Losses - non HF 2.1 2.0 1.4 1.2 6.7 3.0 (3.7) -14%
Settlement Losses - All 1.9 2.2 2.4 2.5 9.0 7.5 (1.5) 4%
Fees 0.7 0.9 0.9 1.0 3.5 3.0 (0.5) 11%
Total FX 6.2 7.0 6.7 6.8 26.7 19.5 (7.2) 1%
Volatility Total 1.0 1.2 1.2 1.2 1.15 0%
Action Item Alert
Open FX High Risk Action Items
• FX Management committed to automate thecapture of hedge fund payment instructions.
• FX Management to monitor the impact of HFclient take on rate on processing infrastructure witha view to moderate / halt if risk levels rise further.
Losses
Approval
Environmental Factors (EFs)
Q3 2002 FX Customer Satisfaction
0
10
20
30
40
50
60
70
80
1001
1101
1201
0102
0202
0302
0402
0502
0602
0702
0802
0902
Customer Satisfaction
Q3 2002 FX Hedge Fund Clients
0
5
10
15
20
25
30
35
40
45
1001 1101 1201 0102 0202 0302 0402 0502 0602 0702 0802 0902
Hedge Fund Clients
As at As at 12 Month Risk Rating6/30/2002 9/30/2002 Average
Customer Satisfaction 55 45 57.5 MODHedge Fund Clients 32 42 27.8 MOD
Q3 2002 FX Confirmations
0
1000
2000
3000
4000
5000
6000
7000
1001
1101
1201
0102
0202
0302
0402
0502
0602
0702
0802
0902
Outstanding Confirmations
Q3 2002 Unmatched Payments
0
100
200
300
400
500
600
700
100111011201 01020202030204020502 0602070208020902
Unmatched Payments
Key Risk Indicators (KRIs)
As at As at 12 Month Risk Rating6/30/2002 9/30/2002 Average
Outstanding Confirmations 4100 5900 4262.5 HIGHUnmatched Payments 610 630 534.6 MOD
Commentary CommentaryNumbers of outstanding confirmations increased significantly in Sept, taking them just intothe high risk band. Hedge funds account for the majority of the increase.Payment mismatches remain moderate with little impact felt from the IT changes.
Market EF’s continue to show pressure building on the infrastructure. HF take on is aheadof plan and looks set to continue. Client satisfaction continues to weaken. The technologyenvironment is stable with hedge fund enhancements anticipated in in Q4. Rework withinOperations has increased on settlement problems, overtime is increasing but the risk isunder control.
Business Mgmt Risk Mgmt
Status
Overdue and Open
Current and Open
Module
3 –
Regula
tory
La
ndsc
ape
(Base
l II)
Module 7 - Measuring OR
Modules 5 OR Tools
Module 4 - ORM & Organization
Module 2 - What is OR?
Risk Identification
RiskPolicy
RiskManagement& Reporting
RiskManagement
& Analysis
RiskMitigation
PerformanceMeasurement
ProcessRisks
ConductRisks
ExternalRisks
Module 6 – Case Study
14
Creating a No Surprise
Environment
Improving Financial
Performance
Pursuing Active Management
of Risk
Three simple standards to measure excellence:
Question: How are we doing against these standards?
Excellence in Operational Risk
From Joe Sabatini: GORF Presentation 1/2005
15
Creating a No Surprise
Environment
Improving Financial
Performance
Pursuing Active Management
of Risk
Current State
• Loss events, negative audits routinely identify ‘new’ risks / control weaknesses
• Self assessments are comprehensive, but can lack granularity and precision
• Hand-offs and interdepartmental dependencies not fully understood
• Control weaknesses can vary with business cycles
• Metrics not in place to quantify control effectiveness or provide early warnings
• Transparency and escalation of issues not always adequate
Excellence in Operational Risk
From Joe Sabatini: GORF Presentation 1/2005
16
Creating a No Surprise
Environment
Improving Financial
Performance
Pursuing Active Management
of Risk
Desired State
• Risk issues / control gaps well known prior to losses / audits
• Metrics in place to track trends; provide early warnings
• Interdepartmental dependencies well understood and tracked
• Issues are appropriately transparent and escalated
• Risks are taken and managed on fully informed basis
Excellence in Operational Risk
From Joe Sabatini: GORF Presentation 1/2005
17
Creating a No Surprise
Environment
Improving Financial
Performance
Pursuing Active Management
of Risk
Current State
• Size and volatility of losses can materially impact business performance
• Some businesses cannot estimate or accurately budget for losses
• Large losses / risk events impact reputation, may compress share price & P/E ratios
• Manual nature of data management, reporting and compliance unnecessarily costly
• Nonstandard tools, processes and methodologies in place across each business
• Regulatory initiatives (e.g. Basel II, SOX) pursued as independent projects
Excellence in Operational Risk
From Joe Sabatini: GORF Presentation 1/2005
18
Creating a No Surprise
Environment
Improving Financial
Performance
Pursuing Active Management
of Risk
Desired State
• Size and volatility of losses track within predictable / budgetable parameters
• Strong risk performance and reputation commands premium P/E ratio
• Data aggregation and reporting automated using single source of information
• Single processes / tools leveraged for multiple purposes
• Regulatory requirements embedded in BAU processes and tools
• Resources dedicated to control improvements
Excellence in Operational Risk
From Joe Sabatini: GORF Presentation 1/2005
19
Creating a No Surprise
Environment
Improving Financial
Performance
Pursuing Active Management
of Risk
Current State
• Full costs of op risk not fully measured or understood
• Cost of op risk not fully reflected in business P/L
• Op risk information and insurance purchases not integrated / coordinated
• No understanding of correlation between market / credit risk and op risk
• No understanding of impact of external factors, business cycles, etc.
• No concept of portfolio risk management applied to operational risk
Excellence in Operational Risk
From Joe Sabatini: GORF Presentation 1/2005
20
Creating a No Surprise
Environment
Improving Financial
Performance
Pursuing Active Management
of Risk
Desired State
• Costs of operational risk fully understood and reflected in business P/L
• Correlations with other risks, external factors etc. well understood
• Insurance coverage closely integrated with internal measures of risk
• Tools and products exist to transfer / mitigate operational risk on a portfolio basis
• Enterprise Risk Management becomes a reality
Excellence in Operational Risk
From Joe Sabatini: GORF Presentation 1/2005