Post on 17-Dec-2015
transcript
Operational Risk:
A Multi-Layered ProblemPresented to the
London Chapter of
The Professional Risk Managers’
International Association
and International Swaps and Derivatives Association
London, EnglandMarch 7, 2005
Presented by
David M. Rowe, Ph.D.Executive Vice President for Risk Management
SunGard
Basel Capital Accord – Brief History
0.0%
2.0%
4.0%
6.0%
8.0%
10.0%
12.0%
14.0%
1935 1945 1955 1965 1975 1985 1995
Tota
l E
qu
ity
Cap
ital
to
To
tal A
sset
sU.S. Bank Capital Ratios – 1935 - 1988
Depression thru WWII
Post-War Recovery thru early 1960s
Mid-60s thru Mid-70’s
Mid-70s thru Late-80’s
Basel Capital Accord – Brief History
Basel 1
Proposed: 1986Effective: 1988
CreditRisk
Overview of risk weights
The Basel I Approach
Claim
Sovereigns
Assessment
Corporates
Comm. Banks
OECD Non-OECD
0% 100%
20%
20%
100%
100%
OECD Non-OECD All
50%
Multi-National Development Banks
All
Secured ResidentialMortgages
Required data could largely be from financial reporting systems.
Basel Capital Accord – Brief History
0.0%
2.0%
4.0%
6.0%
8.0%
10.0%
12.0%
14.0%
1935 1945 1955 1965 1975 1985 1995
Tota
l E
qu
ity
Cap
ital
to
To
tal A
sset
sBank Capital Ratios – 1935 - 1988
Depression thru WWII
Post-War Recovery thru early 1960s
Mid-60s thru Mid-70’s
Mid-70s thru Late-80’s
Basel Capital Accord – Brief History
0.0%
2.0%
4.0%
6.0%
8.0%
10.0%
12.0%
14.0%
1935 1945 1955 1965 1975 1985 1995
Tota
l E
qu
ity
Cap
ital
to
To
tal A
sset
sBank Capital Ratios – 1935 - 1998
Depression thru WWII
Post-War Recovery thru early 1960s
Mid-60s thru Mid-70’s
Mid-70s thru Late-80’s
Late-80s forward
Basel Capital Accord – Brief History
Basel 1.5
Proposed: 1993Effective: 1998
CreditRisk
+
MarketRisk
Basel 1
Proposed: 1986Effective: 1988
CreditRisk
Basel Capital Accord – Brief History
April, 1993 – Initial “prescriptive” proposal.
April, 1995 – Proposed allowing use of internal market risk models for calculation of regulatory capital (subject to supervisory review and approval.)
Jan 1, 1998 - Market risk amendment took effect with internal VaR models as a major source of risk estimates.
Basel I
Market Risk Amendment
Basel Capital Accord – Brief History
Basel 1.5
Proposed: 1993Effective: 1998
CreditRisk
+
MarketRisk
Basel 1
Proposed: 1986Effective: 1988
CreditRisk
Basel 2
Proposed: 1999Effective: 2007
CreditRisk
(Enhanced)
+
MarketRisk
(No change)
+
Op Risk(New)
Key sources of required work for affected banks. Op Risk
(New)
Men of Influence
Jack WelchLong-time CEO of GE
W. Edwards Deming1902 - 1993
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
Loss Data Collection
4.
Analytics5.
The Operational Risk Pyramid
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
Loss Data Collection
4.
Analytics5.
Operational Processes
Money Transfer,ATMs, Deposit
Processing
Statement Preparation
Trade Processing
Market VaR Calculation
Credit Decisions
P&L Calculation
FrontePI
Collateral Manager Adaptiv Reech
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
Loss Data Collection
4.
Analytics5.
Control & Risk Self-Assessment
The Deming Perspective
• Special Causes - these are often easily assignable: changes of operator, shift, or procedure, for example. They can often be identified, and sometimes solved by local operators.
• Common Causes - remain after special causes have been eliminated. They are due to the design, or the operation of the process or system. They may be identified by the operators, but only management authority can eliminate them.
Self-Assessment – One Model
Define Process Quality Objectives
(Elective or Mandated)
Define Threats to Achievement
Document Control Portfolio
Evaluate Risk Transfer/Insurance
Estimate Residual Risk of Loss
Acceptable? Optimal?Yes
No
Re-examine objectives and/or control design & risk transfer: develop action plan
Yes Monitor and Review Periodically
No
Based on the CARDdecisions, Inc. Model
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
Loss Data Collection
4.
Analytics5.
Key Risk Indicators
Commensurable - capable of being
measured by a common standard.
Appropriate - suitable for a particular
condition, occasion or place.
An important challenge of risk management
is balancing the conflicting needs for both
commensurable and appropriate risk
measures.
Commensurable Versus Appropriate Measures
Commensurable Versus Appropriate Measures
The trade-off between commensurable and
appropriate risk measures is quite severe.
0
1
2
3
4
5
6
7
8
9
10
0 1 2 3 4 5 6 7 8 9 10
Commensurability
Ap
pro
pri
aten
ess
Unexpected
Loss
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
Loss Data Collection
4.
Analytics5.
Key Risk Indicators (Appropriate Metrics)
Staff Turnover
Settlement Failures
¥
?€
Computer Breakdowns
Customer Complaints
Electronic Security Breaches
Internal Limit Violations
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
Process is Under Control
68.2% 27.2% 4.3% 0.3%
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
Any One Point in the Red Zone
68.2% 27.2% 4.3% 0.3%
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
Two Out of Three Points in the Orange Zone
68.2% 27.2% 4.3% 0.3%
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
Four Out of Five Points Beyond the Green Zone
68.2% 27.2% 4.3% 0.3%
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
Eight or More Points on One Side of Zero
68.2% 27.2% 4.3% 0.3%
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
Six or More Points With a Common Trend
68.2% 27.2% 4.3% 0.3%
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
14 or More Points That Oscillate Up and Down
68.2% 27.2% 4.3% 0.3%
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
Eight or More Points Outside the Green Zone
68.2% 27.2% 4.3% 0.3%
-4
-3
-2
-1
0
1
2
3
4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Time
Per
form
ance
15 or More Points Inside the Green Zone
68.2% 27.2% 4.3% 0.3%
Key Risk Indicators (Appropriate Metrics)
Define relevant Key Risk Indicators www.KRIeX.org (Risk Management Association)
Map these to broad OpRisk causesCompare performance across similar operations
Monitor KRIs over time using Statictical Process Control techniques as an early warning system.
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
Loss Data Collection
4.
Analytics5.
Loss Data Collection
Loss Data Collection
• Loss data are not the only, or even the most important, source of early warning signals.
• Such data are necessary for evaluating the aggregate potential losses from operational failures.
• They need to be collected using a carefully controlled process to:
– Assure reconciliation to financial statements.– Enrich the loss amounts with control failure
details.
Reports
0
102030
405060
7080
90
1st Qtr 2nd Q tr 3rd Qtr 4th Qtr……..
Controls
……..……..……..
ComplianceManager
Controls
……..……..……..
Op RiskManager
FinancialAccounting
Execution Desk
Asset Manager
Payment Dept.
Credit Dept.
LOSS DATABASE
INCIDENTPart
CONTROLLING Part
Archiving
…
Reports
0
102030
405060
7080
90
1st Qtr 2nd Qtr 3rd Qtr 4th Qtr…
Send e-mail xy@xy.com
Recordingcompleted X
……..……..……..
Incidents
Actions
GroupManagement
Front Departments Front Management Group Management
1
2
3
4 5 6Reports
0
102030
405060
7080
90
1st Qtr 2nd Q tr 3rd Qtr 4th Qtr……..
Reports
0
102030
405060
7080
90
1st Qtr 2nd Q tr 3rd Qtr 4th Qtr……..
Controls
……..……..……..
ComplianceManager
Controls
……..……..……..
ComplianceManager
Controls
……..……..……..
Op RiskManager
Controls
……..……..……..
Op RiskManager
FinancialAccounting
Execution Desk
Asset Manager
Payment Dept.
Credit Dept.
LOSS DATABASE
INCIDENTPart
CONTROLLING Part
Archiving
…
Reports
0
102030
405060
7080
90
1st Qtr 2nd Qtr 3rd Qtr 4th Qtr…
LOSS DATABASE
INCIDENTPart
CONTROLLING Part
Archiving
…
Archiving
…
Reports
0
102030
405060
7080
90
1st Qtr 2nd Qtr 3rd Qtr 4th Qtr…
Reports
0
102030
405060
7080
90
1st Qtr 2nd Qtr 3rd Qtr 4th Qtr…
Send e-mail xy@xy.com
Recordingcompleted X
……..……..……..
Incidents
Send e-mail xy@xy.com
Recordingcompleted X
Send e-mail xy@xy.com
Recordingcompleted X
……..……..……..
Incidents
Actions
GroupManagement
Front Departments Front Management Group Management
1
2
3
4 5 6
Loss Database - Workflow Process
1 Line employee (problem owner) accesses via Intranet
1
2 Loss Events are written to the DB.
2
3 Immediate notice to dept. management; triggers action
3
4 Reconciliation with Accounting (Compliance Officer)
4
5 Op Risk Manager does analysis, categorization and events control5
6 Op Risk Reports are periodically distributed to management
6
Dept. Management
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
4.
Analytics5.
Analytics
Loss Data Collection
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
Loss Data Collection
4.
Analytics5.
Analytics
Expected loss
Unexpected loss
Stress loss
Loss Distribution Approach
EXTERNAL LOSSES
Operational Processes1.
Control & RiskSelf-Assessment
2.
Key Risk Indicators3.
Loss Data Collection
4.
Analytics5.
The Operational Risk Pyramid
Principle 10 - Banks should make…… sufficient public disclosure to allow market participants to assess ... (the banks’) operational risk exposure and the quality of … (the banks’) operational risk management ...
Basel Committee - Sound Practices
Principle 3 - Information flows
... reporting flows should enable senior management to monitor the effectiveness of the risk management system for operational risk …
Principle 6 - Banks should implement…
… a system to monitor, on an on-going basis, operational risk exposures and loss events by major business lines …
Level 2 - Control and Risk Self-Assessment
Level 3 - Key Risk Indicators Level 4 - Loss Data Collection
Three Approaches
One Aggregate Indicator(Aggr. Gross Revenue)
Basic Indicator Approach
RCOp 12%
Multiple Indicators(Gross Revenue by Bus. Unit)
Standardised Approach
RCOp < 12%
RCOp << 12% Banks‘ Internal Data and ModelsAdvanced
Measurement Approaches
Operational Risk Capital Requirement
Advanced Measurement Approaches
Internal MeasurementApproach
Scorecard Approach
• All AMA‘s include: • Controlled collection of loss data• Meeting of qualitative regulatory requirements• Regulatory review and approval of the capital model
• Quantitative requirements: multi-year loss data series.
• Qualitative requirements: periodic review of data quality and a disciplined approach to process quality control.
Expected loss
Unexpected loss
Stress loss
Loss Distribution Approach
Comply and minimize the regulatory burden/cost:
– Minimize and justify minimum economic/regulatory capital
– Don’t want to stand out vs. what everybody else is doing
– Avoiding regulatory criticism / regulatory pressure is key
These banks tend to use:
– LDA (single most important number in terms of bank cost)
– Internal LDB (you need to know where you’ve been)
– Scenarios (in order to complement analysis where the LDA stops)
What Motivation Is Driving ORM Development?
What Motivation Is Driving ORM Development?
Genuine commitment to change the op risk profile of the organization:
– avoid “Wall Street Journal events”
– belief that ORM will lead to substantial performance improvement
– strong internal conviction how things should be done
– Desire and will to make a fundamental cultural change
These banks tend to use:
– C&RSA (beginning of a cultural change)
– Scorecard Appr. (incentives drive desired behaviour)
– KRI / KPI
We are where we are - but what measures can warn of potential future events?
These banks tend to use:
– KRI (as an early warning system)
– Formal statistical process control methods
– Scenario analysis
– Stress-testing
– Attempt to correlate losses with early warning indicators.
What Motivation Is Driving ORM Development?
ScorecardApproach
LDA ScenarioAnalysis
LDCExt. losses
Control & Risk SA
KRI & Loss Correlation
Influence Behaviour
Assess Future Potential Risk
Comply &
Minimize Cost
Motivation
Data, systems, organizational requirements
Business Continuity / DR
Motivations and Strategies
Fu
nctio
nal L
ayers
Identification
Assessment
ReportsEvolution of ApproachesExecution
Recovery
Senior Mgt. Engagement
ORM Heatmap
Conclusions
• The operational risk capital charge began as a means of preventing lower aggregate capital requirements despite lower credit risk capital.
• Regulators quickly came to see it as a means of forcing improved process control on banks (most of which badly need it.)
• The OpRisk capital charge is likely to look rather like Pillar II with the teeth of Pillar I.
• That is, the actual charge is likely to reflect substantial supervisory discretion based on demonstrable improvements in process controls and disciplined execution.