Lalimma Reports

8/12/2019 Lalimma Reports

1/45


2/45

2

OPERATIONAL RISK

MANAGEMENT

By

Lalima Arora

Under the guidance of

Shri R.S. NEGI Dr. K.S. SujitChief Manager Assistant ProfessorBank of Baroda IMT, Ghaziabad

May, 2013


3/45

3

Certificate of Approval

The following Summer Project Report titled "Risk Management" is hereby approved as a certified study

in management carried out and presented in a manner satisfactory to warrant its acceptance as aprerequisite for the award of Post-Graduate Diploma in Management for which it has been submitted.It is understood that by this approval the undersigned do not necessarily endorse or approve any statementmade, opinion expressed or conclusion drawn therein but approve the Summer Project Report only for thepurpose it is submitted.

Summer Project Report Examination Committee for evaluation of Summer Project Report

Name Signature

1. Faculty Examiner DR. K.S.Sujit ___________________

2. PG Summer Project Co-coordinator Shree R.S. Negi ___________________


4/45

4

Certificate from Summer Project Guides

This is to certify that Ms. Lalima Arora, a student of the Post-Graduate Diploma in Management,hasworked under our guidance and supervision. This Summer Project Report has the requisite standard andto the best of our knowledge no part of it has been reproduced from any other summer project,monograph, report or book.

Dr. K.S. Sujit Shree R.S. NegiAssistant Professor Chief ManagerIMT, Ghaziabad Bank of Baroda

Address: Bur DubaiDate Date


5/45

5

Abstract

Operational Risk in Banking Sector

By

Lalima Arora

Operational risk is a daily and continuous 24 X7 X365 process. It is a way of life, not an event or ameeting at the end of the quarter. Each person and stakeholder at you organization or institution isresponsible for it and should live each day embracing it.(Operationalrisk.blogspot.com)

Operational risk is a major concern in the banking sector but it is not accorded sufficient importance.Operational risk has the potential to ruin the bank overnight. Researchers often place it after Credit andMarket Risk. In 1988, the BCBS in Basel, Switzerland, published a set of recommendations on bankinglaws and regulations called Basel I. The Basel I accord dealt with only, credit risk in a simple mannerwhile market risk was an afterthought; operational risk was not dealt with at all.

Events such as the September 11 terrorist attacks, rogue trading losses at Socit Gnrale, Barings, AIBand National Australia Bank serve to highlight the fact that the scope of risk management extends beyondmerely market and credit risk. Clubbed with the increasing risk due to advanced technology woke theBanking world to operational risk. The growing importance of Operational Risk was soon realized andBasel came out with a second accord that provided guidelines that dealt with operational risk, under 3pillars.

This study uses the Basel framework and my personal experience under the guidance of my mentor ShreeR.S. Negi to understand the operational risk present in the banking sector, how it is dealt and measures tomitigate it. The research site was Bank of Baroda, Zonal Office, Dubai. The perspective assumed was of

the top management of these firms.

The clinical methodology used consisted of three phases:

i) A pilot study of the bank for two months along with, including a visit to the various

departments of the bank to understand the working of the bank. It is imperative to

understand the business for a better understanding of operational risk

ii) Study of secondary data sources and

iii) Use of excel and palisade software for calculation of charge on data provided by bank

The practices were examined for three likely audiences:

i) Researchers in management

ii) Managers in bank

iii) Public policy makers in developing countries.

.


6/45

6

The major findings are:

1. The importance of Operational Risk Management has increased manifold with increasingsophistication of technology. Access to technology is widespread, easy and cheap.

Fraud and theft has evolved from gun men looting the bank to highly organized rings of best &

brightest minds using technology. Internet and ATMs are the most in-use tools for hefty and quick

frauds, involving losses equal to Millions of Dollars.

2. The Basel II prescribes 3 methods to calculate charge, which is capital to be set aside for unexpected

losses:

2.1.Basic Indicator Approach

2.2.Standardized Approach

2.3.Advanced Measurement Approach

These techniques are discussed further in this project. As the bank moves to a moresophisticated technique it cannot revert back to a simpler technique. The more sophisticatedthe technique is, generally lesser is the charge to be kept aside.

3. The Basel II framework places emphasis on calculation of charge and not on corporate governance.

Though it mentions sound policies for the management, it doesnt place sufficient emphasis on

Corporate Governance. Without proper governance the calculation of charge is of no real use.

4. It is important to plan and prevent losses than to just keep aside capital for unexpected losses. Proper

planning and sound practices help mitigate risk. Regular external audits and internal checks are anintegral part of mitigating risk. It is pertinent that top management is aware of the risk involved in the

activities performed at the ground level. They should ensure that a proper framework for mitigating

risk is formulated and adopted by the staff.


7/45

7

Acknowledgement

This research paper would not have been possible without the support of many people. I would like toexpress my gratitude to Shree R.S. Negi, who offered invaluable assistance, support and guidance.I would like to thank Baral sir, our internship co-ordinator, and Sujit sir, my college project mentor fortheir constant support.

Deepest gratitude also to:

Shukla sirSME, Zonal OfficeRaghav sirDiera branchManjula maam, JP sir, Ritika & Bindu maam Operations, Dubai Office

H.K SinghNRE desk, Dubai OfficeAmrit and Veena maamTreasury, Zonal OfficeKamlesh sirTrade Finance, Zonal OfficeSunil sirDebt Syndication, Zonal OfficeKatkar sirHR departmentHardeep sirIT department


8/45


9/45

9

List of Figures

Figure No. Description PageFIGURE 1: BARTER SYSTEM .......................................................................................................................................... 13FIGURE 2: GOLDSMITH ................................................................................................................................................ 13FIGURE 3: RECEIPT FOR DEPOSIT ................................................................................................................................. 14FIGURE 4: GOLDSMITH BANKER .................................................................................................................................. 14FIGURE 5: CENTRAL BANK LOGO ................................................................................................................................. 17FIGURE 7: IMPORTANCE OF OPERATIONAL RISK ......................................................................................................... 25FIGURE 8: RISK MANAGEMENT ................................................................................................................................... 28FIGURE 9: METHODS TO CALCULATE CHARGE ............................................................................................................ 32FIGURE 10: EL, UL AND VAR AT 99.9% CI ..................................................................................................................... 36FIGURE 11: LOSS DISTRIBUTIONS ................................................................................................................................ 38FIGURE 12: SOUND PRACTICES .................................................................................................................................... 40

FIGURE 13: SOUND PRACTICES - BOD .......................................................................................................................... 41FIGURE 14:SOUND PRACTICES - SENIOR MANAGEMENT ............................................................................................ 42FIGURE 15: TECHNIQUES TO CALCULATE CHARGE ...................................................................................................... 44


10/45

10

List of Tables

Figure No. Description Page

TABLE 1: BOB FACT SHEET ........................................................................................................................................... 18TABLE 2: STRUCTURE OF BOB ...................................................................................................................................... 19TABLE 3: TYPES OF RISK ............................................................................................................................................... 20TABLE 4: TIMELINE OF OPERATIONAL FAILURE IN BANKS ........................................................................................... 22TABLE 5: CAUSES, EVENTS AND CONSEQUENCES ....................................................................................................... 26TABLE 6: CAUSES OF OPERATIONAL RISK .................................................................................................................... 27TABLE 7: 3 PILLARS OF BASEL II ................................................................................................................................... 30TABLE 8: SA- BUSINESS LINES ...................................................................................................................................... 34TABLE 9: POISSON DISTRIBUTION FOR FREQUENCY ................................................................................................... 38TABLE 10: PARETO DISTRIBUTION FOR SEVERITY ........................................................................................................ 39TABLE 11: COMBINED DISTRIBUTION .......................................................................................................................... 39


11/45

11

Abbreviations

AMAAdvanced Measurement ApproachBCBABasel Committee for Banking SupervisionBIABasic Indicator ApproachBISBank for International SettlementBOBBank of BarodaLDALoss Data AnalysisSAStandardised ApproachSLRCRRLIBOREBORETFM/MnMillionB/BnBillionVaRValue at Risk


12/45

12

Reference

Books

Basel II accords, issued by BCBS, BIS

Government Publication

Central Bank of UAE website,

http://www.centralbank.ae/en/pdf/bsed/1-1-LB%20br.%20List%2031-10-2010_english.pdf

Journal Paper

Ali Samad Khan, Assessing & Measuring Operational Risk, OpRisk Advisory

Sven Muehlenbrock, Head of Financial Risk Management, Francesca Messini, FRM, Financial RiskManagement, Bertrand Segui, Actuary, Financial Risk Management: Operational Risk BusinessDialogue, KPMG

Article in a Newspaper

Indian outsourcing business under scanner after $45-mn global ATM heist, The Indian Express, May 10 th,2013

Websites

www.bankofbaroduae.aewww.youtube.comwww.bionicturtle.comwww.wikipedia.comwww.bis.org
http://www.centralbank.ae/en/pdf/bsed/1-1-LB%20br.%20List%2031-10-2010_english.pdfhttp://www.centralbank.ae/en/pdf/bsed/1-1-LB%20br.%20List%2031-10-2010_english.pdfhttp://www.bankofbaroduae.ae/http://www.bankofbaroduae.ae/http://www.youtube.com/http://www.youtube.com/http://www.bionicturtle.com/http://www.bionicturtle.com/http://www.wikipedia.com/http://www.wikipedia.com/http://www.bis.org/http://www.bis.org/http://www.bis.org/http://www.wikipedia.com/http://www.bionicturtle.com/http://www.youtube.com/http://www.bankofbaroduae.ae/http://www.centralbank.ae/en/pdf/bsed/1-1-LB%20br.%20List%2031-10-2010_english.pdf


13/45

13

CHAPTER 1: HISTORY OF BANKING:

In the medieval age there were no banks and people relied on barter system for exchange of goods and

services. This system has been used for centuries and was functional long before money was invented.People exchanged their goods and services for goods and service offered by others.

Figure 1: Barter System

Need for a common unit of exchange was realized due to:

Absence of common measure of value Need for presence of double coincidence of wants Indivisibility of certain goods Lack of standards for deferred payments

Difficulty in storing wealth

This problem was solved by using Gold and Silver bullion.

Figure 2: Goldsmith


14/45

14

At that time, disposable wealth was usually held in the form of gold or silver bullion. For safety, suchassets were kept in the safe of the local goldsmith, he usually being the only individual who had a vaulton his premises.

The goldsmith would issue a receipt for the deposit and, to undertake financial transactions, the buyerwould withdraw his gold and give it to the seller, who would then deposit it again, frequently with the

same goldsmith. As this was a time-consuming process, it became common practice for people to simplyexchange smiths' receipts when conducting financial transactions.

Figure 3: Receipt for Deposit

Meanwhile, the goldsmith had another business. He lent out his own gold charging interest. As theindustry expanded more and more people asked for a loan. This gave the goldsmith an idea. He decided,as the depositors hardly ever came to remove their gold and they never came at the same time, he couldget away with lending against the depositors gold as long as lenders repaid.For a long time the goldsmith got richer and richer, earning interest on depositorsgold and he flaunted it.

Figure 4: Goldsmith Banker


15/45

15

The depositors soon became suspicious, and threatened to withdraw their gold if the goldsmith didntcome clean, but they checked that their gold was safe with goldsmith and demanded that they be paid apart of the share of interest he earned. Thus the goldsmith became their banker.

This was the beginning of banking. The banker paid a low interest rate on deposits of other peoples

money that he then loaned out at a higher interest rate. The difference covered the banks operational costand the profit.

A bank is a financial institution that accepts deposits as source of its funds and applies these deposits forlending and investing purpose. Banks act as intermediaries providing a link between people with excessand shortage of funds. But modern day banking is not limited to this definition. Let us consider thegoldsmiths tail further.

The goldsmith banker was not satisfied with the income left after paying off interest to depositor and thedemand for credit grew fast as Europeans spread out across the world. But the gold in the vault waslimited, thats when the goldsmith got an even bolder idea, since no one except himself knew what was inthe vault. He could lend out claim cheques on gold that was not even there. As long as all the depositors

didntcome to claim their real gold at the same time no one would even find out. This scheme workedvery well, and the banker became enormously wealthy, earning interest on wealth that didnt even exist.

The idea that the banker would create money out of nothing was too outrageous for anyone to believe andthe flaw did not occur to people. But the power to invent money went to the bankers head.In time, the magnitude of bankers loan and his ostentatious wealth triggered suspicion in the mind ofpeople. Some borrowers started to demand real gold instead of paper representations. Rumors spread andsuddenly several wealthy depositors showed up to remove their gold. But the goldsmith didnt haveenough gold to pay back the claim cheques he had put in their hands (Liquidity Risk).

This phenomenon is called a run on the bank and it ruins public confidence in all bankers (ReputationalRisk).

The run on the bank and the damage of goldsmiths reputation was caused by the goldsmiths ambition ofearning higher profits, lack of system check and proper processes (Operational Risk).

Due to huge demand of credit, this practice of creating wealth out of nothing was legalized and regulated.Bankers agreed to abide by limits for the fictional money they could create. Fractional Reserve Systemwas introduced and the ratio was estimated at 9(fictional money) is to 1(real money). The central bankwas set up to regulate local banks and enforce limits by surprise inspections. In case of a run, the centralbank would support local bank with emergency infusions of gold.

Thus the concept of local bank or commercial banks supported by a Central Bank was introduced.


16/45

16

CHAPTER 2: BANKING SECTOR IN UAE

There are total 51 banks in UAE, out of which 23 are local banks incorporated in the UAE and 28 areforeign banks.

UAE is a federation of 7 emirates, namels Abu Dhabi, Dubai, Sharjah, Ajman, Ras Al Khema, Umm AlQuwain and Fujeirah. The banking sector in UAE is managed by Central Bank of the UAE. The mainresponsibility of the Central Bank is formulation and implementation of banking, credit and monetarypolicies, to ensure the growth of the national economy of the UAE in a balanced manner.

Locally incorporated Banksin the UAE

1. National Bank of Abu Dhabi2. Abu Dhabi Commercial Bank3. Al Masraf (erstwhile ARBIFT)4. Union National Bank

5. Commercial Bank of Dubai6. Dubai Islamic Bank PJSC7. Emirates NBD Bank8. Emirates Islamic Bank9. Mashreq Bank PSC10.Sharjah Islamic Bank11.Bank of Sharjah PSC12.United Arab Bank PJSC13. InvestBank PLC14.The National Bank of R.A.K or

RAKBANK15.Commercial Bank International

16.National Bank of Fujairah PSC17.National Bank of U.A.Q PSC18.First Gulf Bank19.Abu Dhabi Islamic Bank20.Dubai Bank21.Noor Islamic Bank22.Al Hilal Bank23.Ajman Bank

Foreign Banks in the UAE

1. National Bank of Bahrain2. Rafidain Bank3. Arab Bank PLC4. Banque Misr5. El Nilein Bank6. National Bank of Oman

7. Credit Agricole - Corporate andInvestment Bank

8. Bank of Baroda9. BNP Paribas10.Janata Bank11.HSBC Bank Middle East Limited12.Arab African International Bank13.Al Khaliji (France) S. A.14.Al Ahli Bank of Kuwait15.Barclays Bank PLC16.Habib Bank Ltd.17.Habib Bank A.G Zurich

18.Standard Chartered Bank19.CitiBank N.A.20.Bank Saderat Iran21.Bank Meli Iran22.Blom Bank France23.Lloyds TSB Bank PLC24.The Royal Bank of Scotland N.V.25.United Bank Ltd.26.Doha Bank27.Samba Financial Group28.National Bank of Kuwait.


17/45

17

The Central Bank is also working tomaintain a fixed exchange rate of the dirhamagainst the U.S. dollar and to ensure the freeconvertibility of the national currency intoforeign currencies, in addition to its roleas "Bank of Banks" and the Government's

bank and its financial adviser.

The largest bank in UAE is Emirates NBD,with a total of 129 branches, followed byAbu Dhabi National Bank with 119 branches.

Among the foreign banks HSBC ranks no. 1, followed by standard chartered and Bank of Baroda standsat the third position with a share market share of 7%.

Figure 6: UAE Currency

Figure 5: Central Bank Logo


18/45

18

CHAPTER 3: BANK OF BARODA

Bank of Baroda is Indias only International Bank, present in UAE for the past39years, with over 32 branches till date.

Table 1: BOB Fact Sheet


19/45

19

Structure of Bank of Baroda, Zonal office:

Table 2: Structure of BOB

Front Office

Account Opening,issue of chequebook/ATM card

NRI Desk

Account Closing

Cash deposit/withdrawal

Back Office

Debt Syndication

SME

Retail department

Trade Finance

Treasury

Risk Management


20/45

20

CHAPTER 4: TYPES OF RISK

Table 3: Types of Risk

1. Operational Risk:

Operational risk arises from the people, processes and the system through which a company

operates and risk arising due to external factors. It is the risk involved in the day to day

functioning of the bank. It involves:

Delay in services, long waiting lines, etc

Fraud, theft

Mistakes

Laws and Legal regulations/ Documentation

Environmental Risk

Concentration Risk a bank should invest in a diversified portfolio to avoid the risk of

concentration of investment in one single industry. Country Riskthe risk of entering transaction with banned countries.

Risk

Operational Market Credit Reputational


21/45

21

2. Credit Risk:

It is the risk of default by the borrower due to:

Death

Insolvency

Illness

Bankruptcy

Downturn of economy

Willful default

3. Market Risk:

Liquidity Riskthis is the risk of bank not being able to meet unexpected demand ofcash. For this purpose the bank needs to maintain adequate liquid assets and funds in the

form of SLR and CRR with the central bank.

Currency Risk it arises when more than one currency is involved and the rate of

exchange fluctuates.

Interest Rate Riskit is the risk of changing interest rates. LIBOR, EBOR, etc.

4. Reputational Risk:

It is the risk arising due to negative publicity of the bank. All failures of the bank create a

negative image in the eyes of the customer and hamper the business of the bank. All other

risks, operational risk in particular, may spoil the image of the bank and break the

stakeholders trust leading to reputational risk.


22/45

22

CHAPTER 5: INTRODUCTION TO OPERATIONAL RISK

5.1. Introduction to Operational Risk

Table 4: Timeline of Operational Failure in Banks

BARINGS BANK:

Barings bank, one of the oldest banks in UK failed due to rogue trading by Nick Leeson, thederivates manager of the bank. He was appointed the General Manager of new operation infuture markets on SIMEX (Singapore International Monetary Exchange).

Leeson made unauthorized speculative trades that at first earned large profits for the bankamounting to 10 Million, which accounted for 10% of Barings Banks annual income.Leeson earned a bonus of 130,000 on his salary of 50,000 and also the trust of his seniors andfreedom to undertake any transaction. This ultimately led to the failure of the bank.

1994

USD 1.4

BILLION

BARINGSBANK

ROGUE

TRADER - NICK

LEESON

2008

USD 7.2 BILLION

SOCGEN

ROGUE TRADER -JEROME KERVIEL

2008

BANK RUN

NORTHERN BANK

SUBPRIMEMORTAGAGE CRISIS

2011

USD 2.3 BILLION

UBS

ROGUE TRADER -

KWEKU ADOBOLI

2012

USD 45 MILLION

RAK BANK & BANK

OF MUSCAT

HACKING


23/45

23

Management at Barings allowed Leeson to remain Chief Trader along with being responsible forsettling his trades (jobs usually done by two different people). This made it very easy for Leesonto hide losses from his superiors. Leeson used one of Baring Banks error accounts to hide hislosses, and by the end of 1992, the losses exceeded 2M. By the end of 1994 ballooned to

200M by the end of 1994.

By the end of 1992, the account's losses exceeded 2 million, which ballooned to 208 millionby the end of 1994.

The beginning of the end occurred on 16 January 1995, when Leeson placed a short straddle inthe Singapore and Tokyo stock exchanges, essentially betting that the Japanese stock marketwould not move significantly overnight. However, the Kobe earthquake hit early in the morningon 17 January, sending Asian markets, and Leeson's trading positions, into a tailspin. Leesonattempted to recoup his losses by making a series of increasingly risky new trades (using a Long-Long Future Arbitrage), this time betting that the Nikkei Stock Average would make a rapid

recovery. However, the recovery failed to materialize.Leeson left a note reading "I'm Sorry" and fled Singapore on 23 February. Losses eventuallyreached 827 million (US$1.4 billion), twice the bank's available trading capital. After a failedbailout attempt, Barings was declared insolvent on 26 February.

This is a huge operational failure arising due to lack of proper supervision of employees andreporting process and this could have been avoided if anyone had checked the authenticity of thetransactions undertaken by Leeson.

SOCIATES GENERAL:

Similarly 0n January 24, 2008, Sociates General bank announced that a single futures trader,Jerome Kerviel fraudulently lost the bank 4.9 billion (equivalent to $7.2billion). He entered intoa series of bogus trades. He always closed the deal within 2-3 days, just before the banks internalcontrol system would trigger notice. Some analysts suggest that unauthorised trading of this scalemay have gone unnoticed initially due to the high volume in low-risk trades normally conductedby his department. The bank said that whenever the fake trades were questioned, Kerviel woulddescribe it as a mistake then cancel the trade, after which he would replace that trade withanother transaction using a different instrument to avoid detection.

NORTHERN ROCK BANK:

Northern Rock bank failed due to its innovative lending techniques that first led to its growth. Itfollowed a process called securitization, wherein, it extended mortgage loans to its customersand based on this funding, sold these mortgages in the International Capital Markets. Due to thesubprime mortgage crisis in the US in 2008, the demand for the mortgage fell in the market andthe bank faced liquidity problems, even though its assets were greater than its liabilities. Thebank borrowed from the Bank of England in September 2008, to replace the funds they were notable to raise from the money market.


24/45

24

This led to panic among individual depositors, who feared that their savings might not beavailable should Northern Rock go into receivership. The result was a bank runthe UK's firstin 150 years where depositors lined up outside the bank to withdraw all of their savings asquickly as possible, particularly since everyone else was doing the same.

The main cause of the bank run was Journalists like BBcs Robert Peston, who broke the news ofthe borrowing from Bank of England.

UBS BANK:

On September 15, 2011, UBS became aware of a massive loss, estimated at US$2.3 billion, dueto unauthorized trading. Adoboli is suspected to have used the fact that some ETF transactions inEurope are not issued confirmations until after settlement has taken place. The exploitation ofthis process allows a party to transaction to receive payment for a trade before the transaction hasbeen confirmed. While the cash proceeds in this scheme cannot be simply retrieved, the sellermay still show the cash on their books and possibly use it in further transactions.

RAK BANK & BANK OF MUSCAT:

More recently, a major worldwide pre-paid card heist occurred, involving RakBank in UAE andBank of Muscat in Oman. A gang of criminals stole an astounding total of $45Million in a matterof hours by hacking into the database of prepaid cards. These banks outsourced the processing ofcards to India.

The theft was a well planned attack and involved hacking the database of the bank in India andUS and compromise data of RakBank and Bank of Muscat to:

1. Copy the account data and to create access codes that was loaded on plastic cards, like,old hotel keys and expired credit cards with a magnetic stripe.

2. Eliminate the withdrawal limits on pre-paid cards.3. Increase the balance amounts of customers by using funds held by banks that back up

prepaid credit cards.

A network of operatives then fanned out to rapidly withdraw money in cities of Japan, Russia,Romania, Egypt, Colombia, Britain, Sri Lanka, Canada and many other countries. This moneywas then laundered to the ringleader through expensive purchases or shopped in wholesale.

With rapid advancement in technology, the operational system is being exposed to increasingrisk of cybercrime. A large attack like this awakens the cybercrime community and they findinnovative ways to find loopholes in the system.


25/45

25

5.2. Importance of Operational Risk:

Figure 7: Importance of Operational Risk

Operational Risk can contribute to other types of risks and is interlinked with all functions of the

bank. It is pervasive at all levels of the bank, starting from the ground level to higher level and in all

departments of the bank.

A failure by the staff to provide satisfactory service for its client may severely hamper the reputationof the bank. A fraud or theft caused due to negligence of the management will shatter the trust of the

customers and bring down the image of the bank.

A mistake while calculating the Credit Rating of a customer may lead to credit risk. If, say the actual

rating of a client is BBB and the officer gives it a rating AA, the actual risk of lending to the

customer is higher than that calculated by the banking official and a default by BBB client is more

likely.

A US report claims that 60% of all frauds and data breach are by insiders.

Rogue Traders have the potential to bring down the bank overnight. In the above cases we

have seen that banks like Barings and Northern Rock were liquidated due to operational

failure.

OperationalRisk

Credit Risk

Market Risk

Reputational

RiskStrategic Risk

Liquidity Risk


26/45

26

5.3. Operational Risk : Causes, Events & Consequences

Table 5: Causes, Events and Consequences

Inadequatesegregation of duties

Insufficeient training

Lack of managementsupervision

Inadequate securitymeasures

Inadequate auditingprocedures

Poor systems designPoor HR policies

Events Internal Fraud

External Fraud

Employment Practices& Workplace Safety

Clients, Products andBusiness Practices

Damage to PhysicalAssets

Business Distruption &

Stystem FailuresExecution, Delivery &

Process Management

C

onsequences Legal Liability

Regulatory,Compliance andTaxation Penalties

Loss or Damage toAssets

Restitution

Loss of Recourse

Write Down

Reputation

Business Interuption

EffectsMonetaLosses

OtherImpactForegoIncome


27/45

27

5.4. Operational Risk:

The definition adopted by Basel II states:

Operational risk is defined as the risk of loss resulting from inadequate or failed internal

processes, people and systems from external events. This definition includes legal risk, but

excludes strategic and reputational risk. Strategic and reputational risk is not included in this

definition for the purpose of a minimum regulatory operational capital charge.

It Includes:

Table 6: Causes of Operational Risk

Transactions

Information

People

ExecutionInadeqauateSupervision

Relationship

Rogue

Trader

Criminal Theft

Fraud

Customer

Insufficient

Training

Poor

Management

Theft

Technology

Lack ofResources Compliance

Legal

Regulations

Reputation


28/45

28

CHAPTER 6: RISK MANAGEMENT

Risk management is the identification, assessment, prioritization and mitigation of riskassociated to the business to ensure that the risk is attuned to the risk taking appetite of the

organization. The Process of Risk Management includes:

Figure 8: Risk Management

Identifying Risk includes:

1. Analysis of workflows and processes

2.

Listing all the possible risks and their causes

Assessing The Risk Involves:

1. Assesing the likelihood of risk.

2. Assessing the impact of risk

Identify Risk

Assess theRisk

Select RiskControl

Measures

ImplementRisk ControlMeasures

Monitor &Review


29/45

29

LIKELIHOOD*IMPACT = RISK

Selecting Risk Control Measure:

1. Identify control choices

2. Determine priorities

3. Make control decisions

Implementing Risk Controls:

1. Establish authority and responsibility

2. Define Structure

3. Define processes and procedures

Monitoring and Review:

1. Define Monitoring

2. Define the structure

3. Monitor processes

4. Review processes


30/45

30

CHAPTER 7: BASEL II

7.1. Intoduction

The Basel Committee on Banking Supervision (BCBS) was established to issue the banking

supervision accords that deal with banking laws and recommendations, called BASEL Accords

and it has issued 3 accords till date. The Basel II deals with operational risk, credit risk and

market risk.

The Basel I I has 3 pill ars

Table 7: 3 Pillars of Basel II

1. The Fir st pillarThe first pillar deals with maintenance of regulatory capital calculated for

three major components of risk that a bank faces: credit risk, operational risk and market risk.

Other risks are not considered fully quantifiable at this stage.


31/45

31

2. The Second Pill ar It provides better tools and guidelines to the management for regulating

and mitigating risk. Banks can review their risk management system and develop a supervisory

review policy.

3. The Thir d Pill ar This pillar aims to complement the minimum capital requirements and

supervisory review process by developing a set of disclosure requirements which will allow the

market participants to gauge the capital adequacy of an institution.


32/45

32

7.2. BASEL II : First Pillar

Regulatory Capital Called Operational Risk charge is to be calculated. The charge represents the amount

of capital that a bank should maintain as a cushion against losses arising from operational risk.

The Basel II suggests 3 methods to calculate charge:

Figure 9: Methods to Calculate Charge

Bank of Baroda follows the Basic Indicator approach to calculate Capital Requirements. I have

used Excel to calculate charge using Basic Indicator Approach and Standardized approach on

banks actual data provided to me. I have calculated VaR using Palisade software @risk

through Loss Data Approach under Advanced Measurement Approach.


33/45

33

1. Basic Indicator Approach (BIA)

Banks using the basic indicator approach must hold capital for operational risk equal to the average over

the previous three years of a fixed percentage of positive annual gross income multiplied by a fixed factor

called alpha.

3

(GI*Alpha)/3i=1

Figures for any year, in which, annual gross income is negative or zero should be excluded from both the

numerator and denominator when calculating the average.

The fixed percentage alpha is typically 15 percent of annual gross income.

I calculated the charge to be 88912.45(all figures in 1000AED) or AED 88.912 Million through BIA, as

seen in the table below

This technique is simple to use and easy to understand. Most banks use this technique for calculation of

charge.

But the charge calculated is not accurate, as the risk is not always directly proportional to the income.

This technique fails to take into account the system and processes in place in the bank. For an efficientbank, were risk mitigation and control systems are followed the risk is likely to be less.

Basic Approach

Gross Income Alpha Factor GI*Alpha

March, 2011 520005 15% 78000.75

March, 2012 624254 15% 93638.1

March, 2013 633990 15% 95098.5

88912.45


34/45

34

2. STANDARDISED APPROACH (SA)

Banks activities are divided into eight business lines. Within each business line, gross income is a broad

indicator that serves as a proxy for the scale of business operations and thus the likely scale of operational

risk exposure within each of these business lines.

The capital charge for each business line is calculated by multiplying gross income by a factor (denoted

beta) assigned to that business line. Beta serves as a proxy for the industry-wide relationship between the

operational risk loss experience for a given business line and the aggregate level of gross income for that

business line.

Business Line Beta Factor

Corporatefinance 18%

Trading and sales 18%

Retail banking 12%

Commercial banking 15%

Payment and settlement 18%

Agency services 15%

Asset Management 12%

Retail Brokerage 12%

Table 8: SA- Business lines


35/45


36/45

36

3. AMA

Under AMA the banks are allowed to develop their own empirical model to quantify required capital for

operational risk. Banks can use this approach only subject to approval from their local regulators. Once a

bank has been approved to adopt AMA, it cannot revert to a simpler approach without supervisory

approval.

Also, according to section 664 of original Basel Accord, in order to qualify for use of the AMA a bank

must satisfy its supervisor that, at a minimum:

Its board of directors and senior management, as appropriate, are actively involved in the oversight of

the operational risk management framework;

It has an operational risk management system that is conceptually sound and is implemented with

integrity; and

It has sufficient resources in the use of the approach in the major business lines as well as the control

and audit areas.

The most common approach under AMA is the Loss Distribution Approach to calculate Value at Risk and

Economic Loss.

Value at Risk is the potential loss a bank can suffer through its people, process, system and external

events.

Economic Capital is the amount a bank should keep aside to cover unexpected losses for operational risk.

Unexpected loss is the difference between VAR and expected loss, as figure below shows. This is the

amount of capital that the institution should establish to cover unexpected losses for operational risk

corresponding to the desired confidence level.

Expected loss is equal to mean of the loss distribution.

Confidence level (CI) is a type of interval estimate of a population parameter and is used to indicate the

reliability of an estimate.

Figure 10: EL, UL and VaR at 99.9% CI


37/45

37

For calculation of VaR, data of operational losses occurring internally in the bank are recorded andclubbed with external loss data.

Frequency and Severity components of the loss distribution are taken into account separately and thencombined through convolution.

Frequency refers to how often a loss event happens, and is measured in terms of number of events pertime units. It is described by a discrete distribution.

Severity depends on the monetary impact of the event, and is described by a continuous distribution. Inoperational risk both components have to be considered separately

To establish the appropriate level of capital to cover unexpected losses due to operational risk one firsthas to establish an adequate confidence level. Obviously, one would like to establish confidence levelsclose to 100 %. In practice, however, this is not possible since loss distributions are never perfectlyidentified using (usually incomplete) historical data, and even if we could perfectly identify these lossdistributions, the level of capital required would be too high (and costly). Nevertheless, the confidencelevels used in risk management usually lie in the range from 95 % to 99 % and higher

Once we have defined the confidence level at which we would like to cover unexpected losses, thecalculation of the corresponding amount of capital involves the following steps:

i) Frequency and severity distributions are identified from the data;ii) Both distributions are combined to obtain an aggregate loss distribution;iii) Operational Value at Risk (VAR) is obtained by taking the percentile of the aggregate loss distributionat the desired confidence level.

The main difficulty of the procedure described above, however, lies in step in the combination or

aggregation of the frequency and severity distributions obtained from the data.

As mentioned above, both distributions consist of a completely different nature, since the first is a discrete

distribution, expressed in terms of number of events per time units (eg. number of frauds per month),

while the second is a continuous distribution, expressed in monetary units (eg. dollars). Hence both

distributions are not directly additive or multiplicative.

To combine both types of distributions closed form solutions involve solving analytical formulas. For theproblem at hand the most straightforward closed form solution is to combine distributions by means of a(mostly theoretical) mathematical operation, called convolution, represented by the * (star) symbol.Thisoperation usually involves solving complicated integrals.I used the software @risk by palisade for the purpose of calculating Value at Risk (VAR) through

convolution.


38/45

38

Figure 11: Loss Distributions

I used the loss data of bank combined with operational loss data of other banks in UAE, available in news

clippings on google for calculating VAR through Palisade Software. I fixed the confidence interval at

99% and then calculated the Poisson distribution for frequency, followed by Pareto distribution for

severity of loss.

I combined these two through Monte Carlo simulation to arrive at Value at Risk.

I got the following results (All figures are in Lakhs of Rupess).

Table 9: Poisson Distribution for frequency


39/45

39

Table 10: Pareto Distribution for Severity

Table 11: Combined DistributionAs per the results of simulation using @risk, the VAR=Rs149600 (AED 9973), Expected Loss=Rs110195

(AED7346), Economic Charge=VAR-EL=39405 (AED2627)

It is a very small fraction of charge calculated through either BIA or SA. Though it is a complex

technique to implement, it is a scientific technique to calculate charge and is accurate for all banks as it

takes into view the actual risk faced by the bank in the past. The past may not always correspond with the

future findings. But the capital tied down is the least through this technique.


40/45

40

7.3. BASEL II : Second and Third Pillar

RISK MANAGEMENTSOUND PRACTICES & DISCLOSURE

The Basel II identifies 4 level of concern by identifying role of Board of Directors, Senior Management,

Supervisors and Staff:

Figure 12: Sound Practices

SoundPractices

Role of Boardof Directors

Role of SeniorManagement

Role of

Advisors

Role ofDisclosure


41/45


42/45

42

2. Senior Management:

Senior Management should develop a clear, effective and robust governance structure well defined,

transparent and consistent lines of responsibility. Senior Management is also responsible for implementing

Operational risk management framework and develop activities, policy, procedure, process, system andmaterials for managing operational risk in all of banks activities, products, policy, process, systems to make

sure the inherent risks and incentives are well understood. This is an ongoing process in a bank taking place

for all activities at all levels on daily basis.

Figure 14:Sound Practices - Senior Management

2.1. Identifying and Assessing Operational Risk senior management should

ensure the identification and assessment of the operational risk inherent in all

material products, activities, processes and systems to make sure the inherent

risks and incentives are well understood.2.2. Monitoring and Reporting Operational RiskThey should implement a process

to regularly monitor risk profiles and material exposures to losses. Appropriate

reporting mechanisms should be in place at the board, senior management and

business line levels that support proactive management of operational risk.

2.3. Controlling and Mitigating Operational Risk Banks should have a strong

control environment that utilises policies, processes and systems; appropriate

internal controls; and appropriate risk mitigation and transfer strategies.

RiskManagement

Activies bySenior

Management

Identifying andAssessing

OperationalRisk

Monitoring andReporting

OperationalRisk

Controlling and

MitigatingOperational

Risk

Contingencyand Business

Continuity Plan


43/45

43

2.4. Contingency and Business Continuity Plan Banks should have business

resiliency and continuity plans in place to ensure an ability to operate on an

ongoing basis and limit losses in the event of severe business disruption.

3. Role of Supervisor:

3.1. Supervisory Review Framework Banking supervisor should ensure that all

banks have an effective system to identify and assess, monitor, control and

mitigate all operational risk.

3.2. Independent Evaluation Supervisor must conduct regular and independent

evaluation of the bank policies, procedures and practices related to operation risk.

4. Role of Advisors

4.1. Public Disclosure (Pillar III) bank should make sufficient public disclosure

to allow its stakeholders to assess its approach to operational risk management.


44/45

44

CHAPTER 8: CONCLUSION AND RECOMMENDATIONS:

1. As the business of the bank and risk sensitivity increases, the bank can move to a more sophisticated

approach. As the sophistication of the technique increases, the capital set aside and tied down for

unexpected losses decreases. As we see in the above example that using AMA the charge is equal to

AED2627, as compare to charge calculated through BIA 88912 and SA 96914.The bank would benefit greatly by moving to Advanced Measurement Approach.

Figure 15: Techniques to calculate charge

2. More importantly these methods to calculate charge only help keep aside capital for future unexpected

losses, but they dont do anything to control these losses. Mitigating risk is the most important part of

Risk Management and it requires Corporate Governance.Bank of Baroda is Indias first public sector bank to be rated for Corporate Governance. It has an ICRA

rating of GR2.

CORPORATEGOVERNANCE

INDEPENDENTFUNCTIONING OF RISKMANAGEMENT AND

AUDIT DEPARTMENTS

TRAINING FOR SENIORMANAGEMENT AND

BOARD OF DIRECTORS

TRANSPARENTCOMMUNICATION AND

FULL DISCLOSURES

AWARENESS AND

IMPLEMENTATION OFLATEST AND SCIENTIFIC

FRAMEWORKS FORMANAGEMENT OF RISK


45/45

3. The departments like risk management, compliance and inspection & audit should have an

independent structure and not come under the Chief Managing Director of the branch, but should

be independent and should report directly to head office.

4. Management teams have a duty to understand fully the businesses they manage. Responsibility

for each business activity must be clearly established. Clear segregation of duties is fundamental

to any effective risk control system. Effective, independent and regular audits to ensure

compliance and effectiveness of framework are necessary to ensure that the framework designedand implemented for management of risk is suitable and sufficient for the organisation.

BOARD OFDIRECTORS

SUB COMMITTEE OFASSET LIABILITY

MANAGEMENT ANDRISK MANAGEMENT

INSPECTION ANDAUDIT

RISK MANAGEMENT COMPLIANCE

Date post:	03-Jun-2018
Category:	Documents
Upload:	pragati-garg
View:	214 times
Download:	0 times

Lalimma Reports

Documents