1 / 51

Institute of Operational Risk

Join the Institute of Operational Risk's 2nd Scottish Annual Conference to explore the importance of capturing accurate operational risk data. Learn about data sources, loss data thresholds, date of internal losses, grouped losses, review and validation processes, and key supervisory concerns. Enhance your risk frameworks and gain insights on the three lines of defense model. Don't miss this opportunity to improve your operational risk management decisions.

marca
Download Presentation

Institute of Operational Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Institute of Operational Risk 2nd Scottish Annual Conference 26th October 2012 (in conjunction with Glasgow Caledonian University)

  2. Institute of Operational Risk26 October 2012Data Capture, Accuracy and Recording of Operational Risk LossesAndrew Sheen (FIOR)Manager, FSARisk Frameworks team (PBU)

  3. Context Internal Data External Data Supervisory Concerns and Issues Relevant Papers

  4. Context Internal Data External Data Supervisory Concerns and Issues Relevant Papers

  5. The nature and outcome of operational risk data collected ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions. (Observed Range of Practice in Key Elements of AMA, BCBS, July 2009)

  6. So loss data collection is about: Risk management, including Risk events and impact RCSA Scenarios Risk measurement, including Scenarios AMA Pillar 2

  7. Context Internal Data External Data Supervisory Concerns and Issues Relevant Papers

  8. Context Internal Data External Data Supervisory Concerns and Issues Relevant Papers

  9. Data sources Consortium – May exclude key events (ie they did not happen to a member firm (rogue trading)) Limited supporting information Public data – Is the information accurate What about events that did not get into the press Issues include- Data quality Completeness Consistency Thresholds Scaling That could not happen here

  10. Context Internal Data External Data Supervisory Concerns and Issues Relevant Papers

  11. Loss definition Range of practice between firms using gross and net loss for AMA calculations For the firm to justify its choice Problems calculating the insurance allowance if using net loss

  12. Loss Data Thresholds Considerable variation in thresholds by firm and business line Influences the management and measurement of operational risk Should be based on statistical evidence showing items below the threshold are immaterial when calculating capital Should not omit operational risk loss event data that are material for operational risk exposure and for effective operational risk management Choice of threshold should not impact credibility

  13. Date of Internal Losses BIS does not provide any guidance - Banks have several reference dates Date of occurrence * Date of discovery * ‘ Date of contingent liability Date of accounting (first financial impact) * ‘ Date of settlement * Typically used by banks ‘ Most prudent Supervisory concern – can the selected date result in the omission of large internal losses and therefore significantly impact OR capital at a given point in time and over time Firms can select which date to use as long as material loss data is not omitted

  14. Grouped Losses Banks sometimes group a number of losses and treat the group as a single loss for recording, management and modelling purposes. Depending on the reasons for grouping the following different guidelines apply Losses caused by a common operational risk event should be grouped and entered into the loss calculation dataset as a single loss, unless the firm chooses to model causality or dependence among those losses in a different manner Small losses grouped with no causal relations for data collection and registration should be excluded from the calculation dataset

  15. Review and Validation Has the data collection process been reviewed and validated by Reconciling to the General Ledger Internal audit Third party Using loss data and events to inform: RCSA Scenarios KRIs

  16. Other Issues Near Misses What % of losses are missed Frequency How relevant is old data How are losses allocated across business lines Boundary Issues Losses, near misses and P2

  17. Context Internal Data External Data Supervisory Concerns and Issues Relevant Papers

  18. Key documents Enhancing frameworks in the Standardised Approach to Operational Risk, FSA, January 2011 http://www.fsa.gov.uk/library/policy/guidance/2011/gn11.shtml http://www.fsa.gov.uk/pages/Library/Policy/guidance_consultations/2011/11_17.shtml Operational Risk – Supervisory Guidelines for the Advanced Measurement Approaches, BCBS, June 2011 http://www.bis.org/publ/bcbs196.htm Observed Range of Practice in Key Elements of the Advanced Measurement Approaches, BCBS, July 2009 http://www.bis.org/publ/bcbs160.htm Results from the Loss Data Collection Exercise for Operational Risk, BCBS, July 2009 http://www.bis.org/list/bcbs/page_2.htm

  19. Andrew Sheen (FIOR) Risk Frameworks team (PBU) Financial Services Authority andrew.sheen@fsa.gov.uk

  20. Institute of Operational Risk 2nd Scottish Annual Conference 26th October 2012 (in conjunction with Glasgow Caledonian University)

  21. Institute of Operational Risk Scottish Conference 3 Lines of Defence George Clark, Glasgow, October 2012

  22. The 3 Lines of Defence • Internationally recognised go to model for financial services firms. • Referenced by: • ECIIA/FERMA – Guidance on the 8th EU Company Law Directive, Sept 2010 • Basel Committee on Banking Supervision – Sound Practices for the Management and Supervision of Operational Risk, December 2010 • COSO – Exposure Draft: Internal Control Integrated Framework, December 2011 • Key objective is sound internal governance but perhaps a better term is effective internal governance.

  23. The 3 Lines of Defence Model Board/Audit Committee Senior Management 1st Line of Defence 2nd Line of Defence 3rd Line of Defence Credit External Audit Internal Audit Operational Management Internal Controls Compliance Operational Risk Others

  24. Which in simple terms... Do Review Overview • The first line: • Identify, assess, control, mitigate and manage risk • Comply with risk framework • Ensure effective design, implementation and operation of controls • Escalate material threats and risk exposures • Operate good governance of the business function • The second line: • Provide policy and framework • Monitor, oversight of and challenge to 1st line • Support good Governance of the company • Report and escalate threats and risk exposures • The third line: • Independent assurance over the first two lines of defence • Quality assurance on the application of the framework • Evaluation of control adequacy

  25. Big 5 factors which influence success • Context and Environment • Roles and Responsibilities • Training, Education and Communication • Data • Culture

  26. Context and Environment • Capability • Complexity • Scale and spread • Retail • Wholesale • Automation

  27. Roles and Responsibilities • NOT about structures but about “real world” • Clear, documented, understood and agreed • There will be grey areas – embedded risk • Align risk management silos • Don’t forget Senior Management and Board • Challenge for risk to be both trusted advisor and policeman • Learn from others experience – HR and IT

  28. Training, Education and Communication • Awareness both initial and ongoing • Skill and capability • Build reliance and resilience • Align with company objectives and strategy • Don’t forget Senior Management and the Board nor the new entrant

  29. Data • Intelligence gathering • Monitoring • Relationship Management • Management information • Key measures of success • What gets checked gets done

  30. Culture “Banks in this country are “two decades behind” other keystone global industries like aviation and oil and gas in recognising the critical importance of individual behaviour and corporate culture in managing and minimising their operational risks. The dominant banking instinct is to “reach for the sticking plaster” rather than confront the root cause of risk failures” Source: The Back Office front line, Chartered Banker Magazine October/November 2012

  31. Culture • Tone from the top • Communication • Paradigms and environments • Influences and drives business outcomes, including the taking of risk and the quality of processing • Major failings during the global financial crisis

  32. The culture house Responsibility Accountability Spirit of the law Proportionate action Consistent action Willing to listen Leading by example Realistic Transparent Consequences

  33. Closing observations • Be proportionate and practical • Look for that “use test” • Ride out the storm, it gets worse before it gets better • Expect progress not perfection • Implementation is king

  34. Questions and Comments ??

  35. Institute of Operational Risk 2nd Scottish Annual Conference 26th October 2012 (in conjunction with Glasgow Caledonian University)

  36. Risk Culture + Behaviours Reflections From A Reformed Banker

  37. Scene Setting Culture and behaviours are highly prized and difficult to change They’re not all standard They’re not always rational. They shift for the better...and worse

  38. Culture & Behaviour Issues

  39. And it gets worse McKinsey Survey of 2,207 executives: 28% say the quality of strategic decisions were generally good? 60% say good and bad decisions occur in equal measure 12% say nearly all decisions are bad 51% say major risk decisions are attributed to a single function?!?!?

  40. Is it taken seriously?

  41. Ivory Tower? ACCA survey – 2012

  42. Where to start Root causes are ambiguous, multi faceted and outside your control Be practical so start @ home: It’s not someone else’s responsibility People or admin? Risk MI identification & integration

  43. Keep going Be mindful of barriers ‘2nd line of defence’ fear habit history Use internal and external audit Avoid orderly inaction Engage senior management in your thoughts

  44. Don’t Stop Don’t drop the ball Events, issues and actions MUST be complete, accurate and managed through to completion Learn from other firms hard earned lessons Map and assess the existence and design of the control environment Focus on positive assurance arrangements Keep communicating outcomes and next steps

  45. That’s just the start Review and amend governance arrangements Adequacy of performance Business engagement and ownership Don’t think this is a Co Sec responsibility; below Board/Exec level it’s often a gap Recruit talent and relocate tasks Build Risk IT capability Then the fun starts...

  46. The journey continues • Recruit and reallocate existing talent • Integrate IT and Op risk processes with business processes, including outsourcers • Evaluate organisational and e2e • process design • Use the Exec and Board using • ‘position papers’

  47. And continues • Maintaining credibility • Benchmark your Op Risk unit • Horizon scanning and increased engagement with ‘Corporate Change’ • Get a risk change budget! • Develop cross discipline expertise • Reward and recognition

  48. Questions and thanks alan.esson@swip.com; 0131 655 8809

More Related