1 / 44

Operational Risk Management

Operational Risk Management. Compliance and Beyond Nordic Capital Markets Forum, March 8, 2007 Soren Plesner, CFA, BASISPOINT. Outline. The Landscape of Banking Risk Key Global Risks 2007 At Closer Look at Operational Risk What is it? Reasons for the Increased Focus on Operational Risk

job
Download Presentation

Operational Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operational Risk Management Compliance and Beyond Nordic Capital Markets Forum, March 8, 2007 Soren Plesner, CFA, BASISPOINT

  2. Outline • The Landscape of Banking Risk • Key Global Risks 2007 • At Closer Look at Operational Risk • What is it? • Reasons for the Increased Focus on Operational Risk • Types of Operational Risk • A Couple of OP Risk War Stories • The Compliance Motive for Managing OP Risk • Operational Risk under the Basel II/Solvency Frameworks • Beyond Compliance • An ERM Framework for Managing OP Risk • Making Money from Proactive Risk Management • Capital Allocation, Product Pricing and Performance Measurement

  3. The Landscape of (Banking) Risks Today, we’ll be focusing on this risk category – but don’t forget that …..

  4. Operational Liquidity Liquidity Liquidity Liquidity Risk Risk Risk Risk Risk Market Risk Market Risk Market Risk Market Risk Credit Risk Credit Risk Credit Risk Credit Risk Counterparty Counte Counte Counte r r r party & party & party & Settlement Risk Settlement Risk Settlement Risk Risk …. Risks Are Integrated! Reputational and Business Risk

  5. Risks Are Integrated/Correlated! Source: Global Risks 2007. World Economic Forum Report

  6. A Closer Look at Operational Risk • What IS Operational Risk? • Why Has It Become More Important? • What Types of OP Risk Exist, and How Do they Materialize? • How Is Operational Risk Measured? • How Can OP Risk Be Mitigated and Managed?

  7. Operational Risk - Definition • Basel Definition: • “The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events” Trouble spots: Internal Processes: errors, complexity, policy, internal fraud, capacity People: integrity, competence, management, communication, security Systems: integrity, confidentiality, availability, capacity External: external fraud, legislation, reliance on third parties, competition, reputation, natural disasters, terrorism

  8. OP Risk – from Hazard to Loss Hazard Event Loss Effect of hazard Cause of event Cause of loss Effect of event Ex. - Inadequate employee management - Obsolete information systems Ex. - Unauthorized activity - Systems failure - Transaction error - Natural disaster Ex. - Write down - Loss of recourse - Restitution - Legal liability

  9. Reasons for the Increased Focus on Operational Risk • Internal Market Pressures • consolidation in global financial services industry • stronger correlation between markets • complexity of financial instruments • increased use of technology • => increased risk of “blowing up” the organization - and the entire financial system! • Plenty of “landmark” cases here! • Regulatory Initiatives • Basel II & Solvency II  separate capital charge for operational risk! • MiFID, Market Abuse Directive etc. • Personal Accountability in Some Jurisdictions • E.g. SOX • External Events • E.g. September 11, 2001

  10. Landmark Operational Loss Cases • Bank of Credit and Commerce • Fraud => collapse in 1991. $ 1.3 billion • BCCI treasury function used series of cover-up techniques to conceal speculative losses • Lax supervision, auditing and accounting • Bankers Trust • BT lost $150 million because of dispute over complex instrument with Procter & Gamble • Sales practices, breach of contract, lack of transparency, misrepresentation, derivatives risk

  11. Landmark Operational Loss Cases (continued) • Barings • 1995: Loss of £860 million on excessive speculation i Nikkei futures • Lack of control (no segregation of duties) • Failure to question excess profitability (“unengaged critical faculties”) • Metallgesellschaft • Lost $1.5 billion in 1993 on oil futures • Improper supervision, lack of transparency in control structures • Morgan Grenfell Asset Management • 1997: Fine of £ 2 million + unspecified loss of business following unauthorized investments by Peter Young • Unauthorized actions, negligence, breach of regulatory policy

  12. Landmark Operational Loss Cases (continued) • Natwest Markets • 1997: Loss of £77 million because of options mis-pricing • “Model Risk”, concealment of evidence, accounting and auditing, lack of checks and balances • Kidder Peabody • Lost $350 million in “STRIPS” and “RECONS” • Trader created fictitious profits • Improper supervision, poor judgement, week accounting and audit controls • Other Cases • Daiwa, Sumitomo, Orange County, LTCM, Deutsche Bank…... • Your name here? __________________________

  13. Why Should You Manage Operational Risk? • You must • Compliance (Basel II, Solvency II) • To cover your a.. • Personal accountability, e.g. SOX • You should • Risk management adds value • Why? We explain this later

  14. The 3 Pillars of Basel II Stable Banking System Min. capital requirement Credit risks Supervisory Review Market Discipline Market risks Operati- onal risk National Laws EU Directives Basel Proposal

  15. The Capital Ratio – New Accord Eligible capital sum of risk-weighted assets compiled for credit risk purposes + capital charge for market risk x 12.5 + capital charge for operational risk x 12.5

  16. Capital Ratio - Example • Risk weighted assets of $875 million • Market risk charge of $10 million • Operational risk charge of $20 million • ”Eligible capital” (all tier one) of $120 million

  17. Basel OP Risk Categories and Business Lines

  18. Three Measurement Methods in Basel 2 • Basic Indicator Approach (the alpha) • Standardized Approach (the betas) • Advanced Measurement Approach (AMA) • Which Approach to Choose? • Banks are encouraged to move along the spectrum of available approaches as they develop more sophisticated operational risk measurement systems and practices. • Internationally active banks and banks with significant operational risk exposures are expected to use an approach that is more sophisticated than the Basic Indicator Approach and that is appropriate for the risk profile of the institution. • A bank will be permitted to use the Basic Indicator or Standardized Approach for some parts of its operations and an AMA for others • “One Way Street”!

  19. Stage 1 Stage 2 Stage 3 Basic Standardised Advanced Indicator Measurement Approach Approach Approaches One size fits all Risk based - - No incentives for Incentive to - - better ORM manage risks Simple Simplicity Sophisticated Low Granularity High Less reflective of actual risk Risk sensitivity More reflective of actual risk Three Measurement Methods (Stages) in Basel 2

  20. Independent ORM and control processes including OR policies • Polices are reviewed by directors and senior management • Track loss & incident data collection by business line • Regular reporting of data to management • Regular internal audit review Advanced Measurement Approach (AMA) Criteria for approaches No criteria, but doubtful if National supervisors will allow international active banks to use such an approach The Basic Indicator Approach The Standardized Approach • All points as in the standardised approach • Risk Management system is implemented • Analysis of internal and external data • Quantitative standards • Risk measurement integrated into the day-to-day risk management processes • Review of ORM processes and measurement systems by independent auditors • Availability of 5 years internal loss data (3 years to start with • External data to benchmark internal data • Scenario analysis to evaluate the exposure to high severity events • Internal control factors to provide forward looking risk assessment • Qualitative standards • Defined ORM methodology used for reporting, identifying, measuring, monitoring & controlling OR • Board and management involvement • Information from system is integrated into the process • Regular scenario analysis is conducted • Validation by external auditors • Data flows and processes are transparent

  21. Advanced Measurement Approaches Determine Expected Loss based on a proxy for risk exposure e.g. volume of trades Assumes a fixed relationship between Expected and Unexpected losses Not widely adopted due to difficulty in calibrating parameters based on industry data Internal Measurement Statistical analysis of historical loss event data Use of VaR methodology to determine Unexpected Loss for given confidence interval Considered to be most risk sensitive approach Loss Distribution Use of Risk Scorecards to allocate capital to operating units Introduces forward looking component through assessments of future exposure Provides increased understanding of risks, and incentive to improve control environment Scorecard

  22. Scorecard Approach Lines of Business Determine total capital per LOB Total Capital calculated using combination of LDA, TSA, Benchmarks etc. Risks Allocate capital to each Risk type and LOB combination Weight risks through a risk scoring process – ‘Scorecards’ Business Units / Risks Allocate capital to Business Units for each Risk type Associate volume scalars or key risk indicators to Risk Type Allocate capital by weighted risk score and volume scalars Business Units Sum across Risk Types for each Business Unit

  23. Components of the Balanced Scorecard Mission statement and charter The overall purpose of the firm Goals and Objectives Measurable performance targets necessary to meet the mission (KPI) Constraints Business and operational constraints imposed by regulation or corporate policies Measurable conditions, including the constraints, necessary to meet the KPI (KRI) Critical Success Factors The implementation plan to meet the KPI and the KRI Strategic Plan

  24. KRI2 KRI1 KPI1 KPI3 KRIn KPIn KRI3 KPI2 The Recursive Relationship between KRI and KPI Bank Mission statement Goals and Objectives Business Line Mission statement Constraints Goals and Objectives Critical Success Factors ….. Constraints Strategic Plan Critical Success Factors Strategic Plan

  25. Loss Distribution Approaches • Banks estimate the likely distribution of operational risk losses over some future horizon • Capital charge is based on a high percentile of the loss distribution • Distribution is typically generated based on assumptions about the likely frequency and severity of operational risk loss events • Aims to assess unexpected losses directly rather than via an assumption about the relationship between expected loss and unexpected loss • No need for a multiplication (gamma) factor

  26. Monte Carlo simulations Loss Distribution Approach Fit loss event data to independent frequency and severity distributions Bank’s internal loss event data does not contain enough high impact events to reflect worst case scenarios % % Severity Frequency Supplement with external losses to represent events that could occur N $ Generate the annual loss distribution for each Basel Business Line / Risk Category combination Monte Carlo simulations create ‘fat tailed’ behaviour to determine unexpected loss Unexpected Loss at 99.9% confidence = Economic Capital % $ Unexpected Loss

  27. Modelling Issues Relatively easy to model, losses are provisioned for Not necessary to model – bank will probably not survive anyway Loss frequency Medium risk Small losses, high frequency Extreme risk Large losses, high frequency Low risk Small losses, low frequency High risk Large losses, low frequency Loss severity Relevant for capital allocation, but difficult to model No problemos!

  28. The Basel II Supervisory Review Process

  29. Ways of Managing OP Risk • Avoiding/Reducing Risk • Complying with rules, regulation, education, sound procedures,… • Transferring • Insurance • Derivatives • Risk securitization (“cat bonds”) • Diversification • Self-Insurance • Economic Capital!

  30. The Principles of Operational Risk Management Performance Measures • RAROC / EVA • Earnings Volatility 8 ACTIVE Risk Optimization • Insurance • Securitisation • Causal Analysis 7 Risk Management • Day to day control • Process • Prioritization / Resolution 6 DEFENSIVE Risk Analysis • Define limits/target • Drivers and causes • Education 5 4 Risk Reporting • Indicators v Benchmarks • Losses v Benchmarks PASSIVE 3 Risk Measurement • Methodology • Simulation of historical data 2 1 Risk Policy • Define risk management process • Set risk appetites and stress limits 0 Risk Identification • Definition desegregation • Boundary agreement

  31. The ERM Framework (COSO) • Four categories of business objectives • Eight elements • Considers activities at all levels of the organization

  32. Information Flows in ERM

  33. Motives for ERM Source: SAS Institute

  34. Important Factors in ERM Source: SAS Institute

  35. Active Risk Management • Strategic Business Decisions • Internal Capital Allocation • Performance Measurement • Identifying where shareholder value is being added • Avoiding ”moral hazard” problems in incentive systems • Difficult? • You bet! • But the process itself always leads to improvements!

  36. Economic Capital • Economic capital is the amount of risk capital that a bank must hold to maintain a certain solvency (to obtain a target rating) • ”Generalized Equity Concept” • Amount of capital set aside to ”self-insure” against risks • Takes into account the complexity and leverage of financial products and institutions • Makes it possible to evaluate activities that require no or little up-front capital but which may create significant contingent liabilities

  37. Required Economic capital • Required Economic Capital can be defined as the capital required to support a business with a certain probability of default. • It should be noted that this capital is “required” from an economic point of view rather than from a regulatory point of view. • While regulatory capital requirements are moving towards economic capital-type definitions in many countries, these requirements are certainly not identical.

  38. Self-Insurance with Economic Capital Frequency 99.95% Confidence Level Expected Loss Unexpected Loss Stress Loss Loss Operating Expense Economic Capital Transfer/accept Value-at-Risk

  39. Available Economic Capital • “Available Economic Capital” can be defined as the excess of the value of the company’s assets over the value of its liabilities on a realistic or market-consistent basis. • This definition is closely related to the European Embedded Value (eev) standard.

  40. Different Views of Capital Fair Value of Liabilities + Allowance for Cost of Capital Market Value of Assets MARKET CAPITALISATION Statutory Value of Assets Statutory Value of Liabilities Value of Goodwill Economic Franchise Value Value of in Force Available Economic Capital Excess Capital Net Asset Value Value of in Force Net Asset Value Required Economic Capital STATURARY BALANCE SHEET ECONOMIC BALANCE SHEET

  41. And How Can You Make Money from Active Risk Management? • Improved strategic business planning • More aggressive product pricing • Lower costs • Lower losses • Less capital •  Improved risk-adjusted return on capital

  42. Using Economic Capital in Business Planning Expected Return Target risk-return profile Increase Asset management Corporate Finance Retail lending Corporate lending Reduce Retail brokerage Improvement of risk-return trade-off through: - Hedging (risk transfer) - Diversification - Risk-adjusted pricing Current state Target state Economic Capital (“Capital at Risk”)

  43. The Road to Improved RAROC “Market Discipline”  lower funding costs More competitive product pricing Lower loss provisioning Hedging, diversification, strong control system etc.  need for less EC

  44. Bottom Line • Risk management really pays off • But it’s a lot of work, and expensive • Would be much easier not to take ANY risks • But this would be the biggest risk of all!

More Related