Table of Contents for Managing Operational Risk
Managing Operational Risk - Table of Contents e. Introduction e.1 Operational risk - a universal maxim e.2 Operational losses e.3 Operational risks e.4 The emergent awareness of operational risk e.5 Operational risk - revolutionising the banking industry Table 1:New developments and new operational risks f. Definition and scope of operational risk f.1 Source of definition f.1.1 Risk Management Group (RMG) and Qualitative Impact Survey (QIS2) f.2 Casual definition f.3 Risks covered Table 2: The Basel Committee and operational loss types Table 3: Activity examples of operational loss events f.4 Exclusive of market and trade risk f.5 Legal and tax risk f.6 Risks excluded from the ambit of operational risk f.7 Direct and indirect loss f.8 Critique of definition f.9 Conclusion f.9.1 Link between credit, market and operational risk f.9.2 Operational risk - a multi-faceted concept f.9.3 Operational risk and business lines f.9.4 Operational risk and trading activities f.9.5 Arbitrary industry definitions g. Understanding operational risk g.1 Introduction Diagram 1:Operational risk model g.2 Understanding risk g.3 Understanding loss g.3.1 Definition g.3.2 Examples g.4 Understanding Probability g.4.1 Definition g.4.2 Examples g.5 Loss, probability and failure events- a symbiosis g.5.1 Analysed example g.6 Threats/causes g.6.1 Definition g.7 Risk profile g.7.1 Definition g.8 Dependency g.8.1 Example g.9 Scenarios g.10 Mitigation g.11 The Operational risk management life cycle and process g.11.1 Programme design g.11.2 Impact analysis g.11.3 Operational risk assessment g.11.4 Continuity planning g.11.5 Assurance g.12 Conclusion h. Why manage operational risk? h.1 Introduction h.2 Pre-emptive strike h.3 FSA and consultation paper (CP142) h.3.1 Introduction h.3.2 Maintaining market confidence h.3.3 Protecting consumer interests h.3.4 Reducing financial crime h.3.5 Heightening public and industry awareness h.4 Visiongain analysis and business/ consumer expectations h.5 Conclusion i. Operational risk management - the Basel Committee on Banking Supervision i.1 Introduction i.2 The Basel Accord and operational risk - a brief history i.2.1 The Basel Capital Accord 1988 Diagram 2:Original capital allocated risk i.2.1.1 Mirroring the realities of the banking industry i.2.2 "Core Principles for Effective Banking Supervision" 1997 i.2.3 "Operational Risk Management" - September 1998 Diagram 3: Capital recognition of operational risk i.2.4 "New Capital Adequacy Framework" - June 1999 Diagram 4: Capital allocation for operational risk i.2.4.1 Rationale for change i.2.5 "Core Principles Methodology"- October 1999 i.2.6 "Operational Risk" - January 2001 i.2.6.1 Introduction i.2.6.2 Defining operational risk i.2.6.3 Determining that only operational risk should be subject to a capital charge under Pillar 1 i.2.6.4 Creating three methods for calibrating the minimum regulatory capital requirement for operational risk i.2.6.5 Pillar 2 and risk management techniques i.2.6.6 Conclusion i.2.7 "Working Paper on Regulatory Treatment of Operational Risk" - September 2001 i.2.7.1 Introduction i.2.7.2 Refinement of the definition of operational risk that underpins the regulatory capital calculations i.2.7.3 Proposed reduction in the overall level of the operational risk capital charge i.2.7.4 Expansion of the Advanced Measurement Approach beyond the Internal Measurement Approach (IMA). i.2.7.5 Insurance as a mitigant of capital charges for operational risk i.2.7.6 Collection and analysis of loss data for operational risk management and regulatory capital purposes i.2.8 "The 2002 Loss Data Collection Exercise for Operational Risk” (LDCE) - June 2002 i.2.9 "Sound Practices for the Management and Supervision of Operational Risk" - February 2003 i.3 Conclusion j. The Basel Accord II - who is affected? j.1 Which countries does Basel apply to? j.1.1 The EU contingent j.1.2 The non-EU members j.2 Which institutions does Basel II apply to? j.3 What is the scope of the Committee's authority regarding breach of the Accord? Diagram 5: Implementation and enforcement of the Basel Accord k. Basel II Accord Pillar 1: Operational risk and capital charge allocation k.1 Introduction k.1.1 The Continuum concept Diagram 6: Pillar 1 approaches to operational risk associated capital charge k.1.2 Which approach? k.2 The Basic Indicator Approach (BIA) k.2.1 Gross income as the single indicator k.2.2 Capital charge equation k.2.3 Advantage of the Basic Indicator Approach k.2.4 Limitation of the Basic Indicator Approach k.3 The Standardised Approach (TSA) k.3.1 Introduction k.3.2 Business units/lines Table 4: Standardised approach - business units and lines k.3.3 Business mapping k.3.4 Indicators Table 5: Standardised approach - business units, lines and indicators k.3.5 The 'beta' factor k.3.6 Motivation for the Standardised Approach k.4 Advanced Measurement Approaches (AMAs)k.4.1 Introduction k.4.2 Internal Measurement Approaches (IMAs) k.4.2.1 Calculating expected losses k.4.3 Loss Distribution Approaches (LDAs) k.4.3.1 Parallels with IMAs k.4.3.2 Differences between LDAs and IMAs k.4.3.3 Future of LDAs k.4.4 Scorecard Approaches (SCAs) k.4.4.1 Parallels with IMAs and LDAs k.4.4.2 Differences between SCAs, IMAs and LDAs k.5 Conclusion k.6 Quantitative Impact Survey (QIS) and the calibration approaches for capital charge k.6.1 Introduction k.6.2 Ratio of operational risk economic capital to overall economic capital and to minimum regulatory capital Table 6: Ratio of operational economic capital to overall capital and to economic charge k.6.3 Analysis of ratio k.6.4 QIS study and Basic Indicator Approach k.6.4.1 Methodology k.6.4.2 Analysis k.6.4.3 BIA and 12% minimum regulatory capital Table 7: Analysis of QIS data: Basic Indicator Approach (based on 12% minimum regulatory charge) k.6.5 QIS and the Standardised Approach k.6.5.1 Methodology k.6.5.2 Analysis Table 8: Analysis of QIS data - The Standardised Approach (based on 12% regulatory capital) Table 9: Size ranking across three measures of “typical” beta by business lines k.6.5.3 Conclusions Graph 1:Corporate finance - dispersion of beta estimates by business lines Graph 2:Trading & sales- dispersion of beta estimates by business lines Graph 3:Retail banking - dispersion of beta estimates by business lines Graph 4:Commercial banking - dispersion of beta estimates by business lines Graph 5:Payment & settlement - dispersion of beta estimates by business lines Graph 6:Agency & custody - dispersion of beta estimates by business lines Graph 7:Retail brokerage - dispersion of beta estimates by business lines Graph 8:Asset management - dispersion of beta estimates by business lines k.6.6 Limitations of data k.6.6.1 Different measures and methodologies k.6.6.2 Content of the operational risk economic capital data k.6.6.3 Insurance cover and operational risk k.6.6.4 Sample size k.7 Approach eligibility criteria and operational risk management k.7.1 Introduction k.7.2 Basic Indicator Approach and qualification criteria k.7.3 Standardised Approach and qualification criteria k.7.3.1 Effective risk management and control k.7.3.2 Measurement and validation k.7.4 Advanced Measurement Approach and qualifying criteria k.7.4.1 Introduction k.7.4.2 General criteria k.7.4.3 Qualitative standards for internal operational risk measures k.7.4.3.1 Independent operational risk management function k.7.4.3.2 Role of board and senior management k.7.4.3.3 Operational risk measurement system as an integral part of the day-to-day risk management processes of the bank k.7.4.3.4 Incentives for improving operational risk management mechanisms k.7.4.3.5 Regular reporting of operational risk exposures and loss experience k.7.4.3.6 Regular program of scenario analysis k.7.4.3.7 Compliance regime for internal policies, controls and procedures k.7.4.3.8 Auditor reviews of operational risk management processes k.7.4.4 Quantitative Standards for Internal Operational Risk Measures k.7.4.4.1 The capital charge: risk measure or floor? k.7.4.4.2 Holding period and confidence level k.7.4.4.3 Capable of capturing impact of infrequent and potentially severe operational risk events k.7.4.4.4 Consistency with scope of operational risk as defined by supervisors k.7.4.4.5 Support of loss database systems consistent with agreed definition k.7.4.4.6 Appropriate systems information infrastructure for identifying and gathering operational risk loss data k.7.4.4.7 Criteria for assigning loss data k.7.4.4.8 Scaling internal loss data k.7.4.4.9 Use of external data in addition to internal loss data k.7.4.4.10 Periodic review of methodologies and data inputs k.7.4.4.11 Minimum historical observation period of 5 years k.7.4.4.12 Regular validation of parameters used in internal loss measurement systems k.7.4.4.13 Recognising empirical correlations in operational risk losses k.7.4.4.14 Recognising insurance as a mitigant of operational risk k.7.4.4.15 Qualitative adjustments or scorecards as a means of allocating and adjusting operational risk capital k.8 Conclusion k.8.1 Basic Indicator Approach k.8.2 Standardised Approach k.8.3 Advanced Measurement Approach k.8.4 The progressive approach k.8.5 Current and future l. Basel II Accord Pillar 2 and 3: Sound practices of operational risk management l.1 Introduction l.2 The relationship between Pillar 1 and Pillar 2 l.3 Sound Practices for Operational Risk Management (February 2003) - an introduction l.3.1 Approach to operational risk management l.3.2 Current industry practice l.3.3 Chapter objective l.3.3.1 Managerial understanding and an organisational culture l.3.3.2 Promotion of ethical behaviour l.3.3.3 Guidance and direction l.3.3.4 Defining operational risk l.3.3.5 Operational risk policies l.3.3.6 Management structure and delineation for implementation l.3.3.7 Regular auditing and review of framework l.3.3.8 Adequate internal audit coverage l.3.3.9 Autonomy of the audit function l.3.3.10 Translation of operational risk management framework into specific policies l.3.3.11 Qualified and experienced staff l.3.3.12 Effective communication with staff responsible for other risks, deferment of risk and insurance of risk l.3.3.13 Remuneration policies conducive with operational risk l.3.3.14 Quality of documentation controls and transaction-handling practices l.3.4.15 Industry compliance l.3.4.15.1 Industry awareness of operational risk l.3.4.15.2 Managerial structure operational risk management l.3.4.15.3 Assignment of formal responsibilities l.3.4.15.4 Incentive structure l.3.5 Operational risk identification l.3.5.1 Identification of risks that adversely affect achievement of banks objectives l.3.5.2 Operational risk assessment l.3.5.2.1 Tools for identifying and assessing operational risks l.3.5.2.1.1 Self- or Risk Assessment l.3.5.2.1.2 Scorecards l.3.5.2.1.3 Risk mapping l.3.5.2.1.4 Risk indicators l.3.5.2.1.5 Calculating exposures l.3.5.2.1.6 Current Industry assessment of operational risk l.3.5.2.1.6.1 Operational risk measurement vs credit and market risk measurement l.3.5.2.1.6.2 Capturing operational loss experience l.3.5.2.1.6.3 Measurement factors l.3.5.2.1.6.4 Historical loss experience l.3.5.3 Operational risk monitoring l.3.5.3.1 Benefit of operational risk monitoring l.3.5.3.2 Key risk indicators/ early warning indicators l.3.5.3.3 Monitoring as an integral part of banking practices l.3.5.3.4 Regular managerial reports l.3.5.3.4.1 Who should compose operational risk reports ? l.3.5.3.4.2 What should be the content of operational risk reports ? l.3.5.3.4.3 Maintaining value and reliability of reports l.3.5.3.5 Current industry practice l.3.5.4 Policies, processes and procedures to control and/or mitigate material l.3.5.4.1 Control activities l.3.5.4.1.1 Uncontrollable risks l.3.5.4.1.2 Compliance with control processes and procedures l.3.5.4.1.3 Strong control culture is a promotion of sound risk management l.3.5.4.1.4 Segregation of duties l.3.5.4.1.5 Internal practices l.3.5.4.1.6 Current industry practice l.3.5.4.1.6.1 Reinforcement of current controls l.3.5.4.2.6.2 Identification of critical business processes l.3.5.4.2.6.3 Periodic review l.3.5.4.3 Current Industry practice control and mitigation of operational risk l.3.6 Role of Supervisors l.3.6.1 Responsibility to encourage banks to develop operational risk management frameworks l.3.6.2 Duty to conduct regular independent evaluations of practices l.3.6.3 Ensure integration of operational risk management procedures across a financial group l.3.6.4 Addressing deficiencies l.3.6.5 Ensuring receipt of up-to-date information on operational risk management l.3.6.6 Encouraging ongoing internal development l.3.7 Visiongain analysis l.4. Role of Disclosure l.4.1 Operational risk disclosure - an undeveloped area l.5 Conclusion l.5.1 Supervision of operational risks - Basel Committee and visiongain viewpoint l.5.2 Operational, credit and risk management l.5.3 The emergence of new operational risk management structures l.5.4 Industry cooperation m. Financial Services Authority (FSA) - CP142 and operational risk management m.1 Introduction m.2 FSA - awareness of the significance of operational risk m.3 CP142 and operational risk management m.3.1 Benefits of CP142 m.3.1.1 Improve Transparency m.3.1.2 Comprehensive and flexible m.3.1.3 Competitive advantage m.3.1.4 Preventing financial crime m.3.1.5 Cost effective m.3.2 Who must comply with CP142? m.3.3 Content of CP142 guidance m.3.3.1 Senior Management Arrangement Systems and Controls (SYSC) 2, 3 and 3A m.3.3.1.1 Introduction m.3.3.1.2 Guidance m.3.3.2 Prag 6: Adequacy of operational risk management systems m.3.3.2.1 Documenting operational risk policy m.3.3.2.2 Compliance with PRAG 6.33 R(2) m.3.3.2.3 Threshold levels in operational risk policy m.3.3.2.4 Operational risk identification m.3.3.2.4.1 Identification of operational risk in a prudential context m.3.3.2.4.2 Immaterial operational exposures m.3.3.2.5 Operational risk assessment m.3.3.2.5.1 Expected and unexpected losses m.3.3.2.5.2 Qualitative and quantitative techniques m.3.3.2.6 Operational risk monitoring m.3.3.2.7 Risk control m.3.3.2.7.1 Introduction m.3.3.2.7.2 Record keeping m.4 Conclusion m.4.1 SYSC 3A - Operational Risk: Systems and Controls m.4.2 PRU 6.1 Operational Risk: Prudential Systems and Controls m.4.3 Extension of the Basel Accord ϲ. Corporate governance and operational risk management ϲ.1 Introduction ϲ.2 Governance and standards ϲ.3 The Turnbull Report (1999) ϲ.3.1 Introduction ϲ.3.2 Operational risk management ϲ.3.3 The role of the Financial Director/Controller ϲ.4 Conclusion ϳ. Costs of implementing operational risk management framework in UK ϳ.1 Introduction ϳ.2 IT costs ϳ.3 Staffing and consultancy costs ϳ.4 Total short-term implementation costs ϳ.5 Continuing costs of compliance ϳ.6 Possible future implementation costs ϳ.7 Conclusion ϴ. Conclusion
CMS, P&A House, Alma Road, Chesham, Bucks. HP5 3HB, UK
Tel: +44 (0)1494 771734
Fax: +44 (0)1494 778994
e-mail: keithw@cmsinfo.com
copyright © 2005 all rights reserved
For more information about us, visit CMSinfo.
