Date post: | 03-Jun-2018 |
Category: |
Documents |
Upload: | pragati-garg |
View: | 214 times |
Download: | 0 times |
of 45
8/12/2019 Lalimma Reports
1/45
8/12/2019 Lalimma Reports
2/45
2
OPERATIONAL RISK
MANAGEMENT
By
Lalima Arora
Under the guidance of
Shri R.S. NEGI Dr. K.S. SujitChief Manager Assistant ProfessorBank of Baroda IMT, Ghaziabad
May, 2013
8/12/2019 Lalimma Reports
3/45
3
Certificate of Approval
The following Summer Project Report titled "Risk Management" is hereby approved as a certified study
in management carried out and presented in a manner satisfactory to warrant its acceptance as aprerequisite for the award of Post-Graduate Diploma in Management for which it has been submitted.It is understood that by this approval the undersigned do not necessarily endorse or approve any statementmade, opinion expressed or conclusion drawn therein but approve the Summer Project Report only for thepurpose it is submitted.
Summer Project Report Examination Committee for evaluation of Summer Project Report
Name Signature
1. Faculty Examiner DR. K.S.Sujit ___________________
2. PG Summer Project Co-coordinator Shree R.S. Negi ___________________
8/12/2019 Lalimma Reports
4/45
4
Certificate from Summer Project Guides
This is to certify that Ms. Lalima Arora, a student of the Post-Graduate Diploma in Management,hasworked under our guidance and supervision. This Summer Project Report has the requisite standard andto the best of our knowledge no part of it has been reproduced from any other summer project,monograph, report or book.
Dr. K.S. Sujit Shree R.S. NegiAssistant Professor Chief ManagerIMT, Ghaziabad Bank of Baroda
Address: Bur DubaiDate Date
8/12/2019 Lalimma Reports
5/45
5
Abstract
Operational Risk in Banking Sector
By
Lalima Arora
Operational risk is a daily and continuous 24 X7 X365 process. It is a way of life, not an event or ameeting at the end of the quarter. Each person and stakeholder at you organization or institution isresponsible for it and should live each day embracing it.(Operationalrisk.blogspot.com)
Operational risk is a major concern in the banking sector but it is not accorded sufficient importance.Operational risk has the potential to ruin the bank overnight. Researchers often place it after Credit andMarket Risk. In 1988, the BCBS in Basel, Switzerland, published a set of recommendations on bankinglaws and regulations called Basel I. The Basel I accord dealt with only, credit risk in a simple mannerwhile market risk was an afterthought; operational risk was not dealt with at all.
Events such as the September 11 terrorist attacks, rogue trading losses at Socit Gnrale, Barings, AIBand National Australia Bank serve to highlight the fact that the scope of risk management extends beyondmerely market and credit risk. Clubbed with the increasing risk due to advanced technology woke theBanking world to operational risk. The growing importance of Operational Risk was soon realized andBasel came out with a second accord that provided guidelines that dealt with operational risk, under 3pillars.
This study uses the Basel framework and my personal experience under the guidance of my mentor ShreeR.S. Negi to understand the operational risk present in the banking sector, how it is dealt and measures tomitigate it. The research site was Bank of Baroda, Zonal Office, Dubai. The perspective assumed was of
the top management of these firms.
The clinical methodology used consisted of three phases:
i) A pilot study of the bank for two months along with, including a visit to the various
departments of the bank to understand the working of the bank. It is imperative to
understand the business for a better understanding of operational risk
ii) Study of secondary data sources and
iii) Use of excel and palisade software for calculation of charge on data provided by bank
The practices were examined for three likely audiences:
i) Researchers in management
ii) Managers in bank
iii) Public policy makers in developing countries.
.
8/12/2019 Lalimma Reports
6/45
6
The major findings are:
1. The importance of Operational Risk Management has increased manifold with increasingsophistication of technology. Access to technology is widespread, easy and cheap.
Fraud and theft has evolved from gun men looting the bank to highly organized rings of best &
brightest minds using technology. Internet and ATMs are the most in-use tools for hefty and quick
frauds, involving losses equal to Millions of Dollars.
2. The Basel II prescribes 3 methods to calculate charge, which is capital to be set aside for unexpected
losses:
2.1.Basic Indicator Approach
2.2.Standardized Approach
2.3.Advanced Measurement Approach
These techniques are discussed further in this project. As the bank moves to a moresophisticated technique it cannot revert back to a simpler technique. The more sophisticatedthe technique is, generally lesser is the charge to be kept aside.
3. The Basel II framework places emphasis on calculation of charge and not on corporate governance.
Though it mentions sound policies for the management, it doesnt place sufficient emphasis on
Corporate Governance. Without proper governance the calculation of charge is of no real use.
4. It is important to plan and prevent losses than to just keep aside capital for unexpected losses. Proper
planning and sound practices help mitigate risk. Regular external audits and internal checks are anintegral part of mitigating risk. It is pertinent that top management is aware of the risk involved in the
activities performed at the ground level. They should ensure that a proper framework for mitigating
risk is formulated and adopted by the staff.
8/12/2019 Lalimma Reports
7/45
7
Acknowledgement
This research paper would not have been possible without the support of many people. I would like toexpress my gratitude to Shree R.S. Negi, who offered invaluable assistance, support and guidance.I would like to thank Baral sir, our internship co-ordinator, and Sujit sir, my college project mentor fortheir constant support.
Deepest gratitude also to:
Shukla sirSME, Zonal OfficeRaghav sirDiera branchManjula maam, JP sir, Ritika & Bindu maam Operations, Dubai Office
H.K SinghNRE desk, Dubai OfficeAmrit and Veena maamTreasury, Zonal OfficeKamlesh sirTrade Finance, Zonal OfficeSunil sirDebt Syndication, Zonal OfficeKatkar sirHR departmentHardeep sirIT department
8/12/2019 Lalimma Reports
8/45
8/12/2019 Lalimma Reports
9/45
9
List of Figures
Figure No. Description PageFIGURE 1: BARTER SYSTEM .......................................................................................................................................... 13FIGURE 2: GOLDSMITH ................................................................................................................................................ 13FIGURE 3: RECEIPT FOR DEPOSIT ................................................................................................................................. 14FIGURE 4: GOLDSMITH BANKER .................................................................................................................................. 14FIGURE 5: CENTRAL BANK LOGO ................................................................................................................................. 17FIGURE 7: IMPORTANCE OF OPERATIONAL RISK ......................................................................................................... 25FIGURE 8: RISK MANAGEMENT ................................................................................................................................... 28FIGURE 9: METHODS TO CALCULATE CHARGE ............................................................................................................ 32FIGURE 10: EL, UL AND VAR AT 99.9% CI ..................................................................................................................... 36FIGURE 11: LOSS DISTRIBUTIONS ................................................................................................................................ 38FIGURE 12: SOUND PRACTICES .................................................................................................................................... 40
FIGURE 13: SOUND PRACTICES - BOD .......................................................................................................................... 41FIGURE 14:SOUND PRACTICES - SENIOR MANAGEMENT ............................................................................................ 42FIGURE 15: TECHNIQUES TO CALCULATE CHARGE ...................................................................................................... 44
8/12/2019 Lalimma Reports
10/45
10
List of Tables
Figure No. Description Page
TABLE 1: BOB FACT SHEET ........................................................................................................................................... 18TABLE 2: STRUCTURE OF BOB ...................................................................................................................................... 19TABLE 3: TYPES OF RISK ............................................................................................................................................... 20TABLE 4: TIMELINE OF OPERATIONAL FAILURE IN BANKS ........................................................................................... 22TABLE 5: CAUSES, EVENTS AND CONSEQUENCES ....................................................................................................... 26TABLE 6: CAUSES OF OPERATIONAL RISK .................................................................................................................... 27TABLE 7: 3 PILLARS OF BASEL II ................................................................................................................................... 30TABLE 8: SA- BUSINESS LINES ...................................................................................................................................... 34TABLE 9: POISSON DISTRIBUTION FOR FREQUENCY ................................................................................................... 38TABLE 10: PARETO DISTRIBUTION FOR SEVERITY ........................................................................................................ 39TABLE 11: COMBINED DISTRIBUTION .......................................................................................................................... 39
8/12/2019 Lalimma Reports
11/45
11
Abbreviations
AMAAdvanced Measurement ApproachBCBABasel Committee for Banking SupervisionBIABasic Indicator ApproachBISBank for International SettlementBOBBank of BarodaLDALoss Data AnalysisSAStandardised ApproachSLRCRRLIBOREBORETFM/MnMillionB/BnBillionVaRValue at Risk
8/12/2019 Lalimma Reports
12/45
12
Reference
Books
Basel II accords, issued by BCBS, BIS
Government Publication
Central Bank of UAE website,
http://www.centralbank.ae/en/pdf/bsed/1-1-LB%20br.%20List%2031-10-2010_english.pdf
Journal Paper
Ali Samad Khan, Assessing & Measuring Operational Risk, OpRisk Advisory
Sven Muehlenbrock, Head of Financial Risk Management, Francesca Messini, FRM, Financial RiskManagement, Bertrand Segui, Actuary, Financial Risk Management: Operational Risk BusinessDialogue, KPMG
Article in a Newspaper
Indian outsourcing business under scanner after $45-mn global ATM heist, The Indian Express, May 10 th,2013
Websites
www.bankofbaroduae.aewww.youtube.comwww.bionicturtle.comwww.wikipedia.comwww.bis.org
http://www.centralbank.ae/en/pdf/bsed/1-1-LB%20br.%20List%2031-10-2010_english.pdfhttp://www.centralbank.ae/en/pdf/bsed/1-1-LB%20br.%20List%2031-10-2010_english.pdfhttp://www.bankofbaroduae.ae/http://www.bankofbaroduae.ae/http://www.youtube.com/http://www.youtube.com/http://www.bionicturtle.com/http://www.bionicturtle.com/http://www.wikipedia.com/http://www.wikipedia.com/http://www.bis.org/http://www.bis.org/http://www.bis.org/http://www.wikipedia.com/http://www.bionicturtle.com/http://www.youtube.com/http://www.bankofbaroduae.ae/http://www.centralbank.ae/en/pdf/bsed/1-1-LB%20br.%20List%2031-10-2010_english.pdf8/12/2019 Lalimma Reports
13/45
13
CHAPTER 1: HISTORY OF BANKING:
In the medieval age there were no banks and people relied on barter system for exchange of goods and
services. This system has been used for centuries and was functional long before money was invented.People exchanged their goods and services for goods and service offered by others.
Figure 1: Barter System
Need for a common unit of exchange was realized due to:
Absence of common measure of value Need for presence of double coincidence of wants Indivisibility of certain goods Lack of standards for deferred payments
Difficulty in storing wealth
This problem was solved by using Gold and Silver bullion.
Figure 2: Goldsmith
8/12/2019 Lalimma Reports
14/45
14
At that time, disposable wealth was usually held in the form of gold or silver bullion. For safety, suchassets were kept in the safe of the local goldsmith, he usually being the only individual who had a vaulton his premises.
The goldsmith would issue a receipt for the deposit and, to undertake financial transactions, the buyerwould withdraw his gold and give it to the seller, who would then deposit it again, frequently with the
same goldsmith. As this was a time-consuming process, it became common practice for people to simplyexchange smiths' receipts when conducting financial transactions.
Figure 3: Receipt for Deposit
Meanwhile, the goldsmith had another business. He lent out his own gold charging interest. As theindustry expanded more and more people asked for a loan. This gave the goldsmith an idea. He decided,as the depositors hardly ever came to remove their gold and they never came at the same time, he couldget away with lending against the depositors gold as long as lenders repaid.For a long time the goldsmith got richer and richer, earning interest on depositorsgold and he flaunted it.
Figure 4: Goldsmith Banker
8/12/2019 Lalimma Reports
15/45
15
The depositors soon became suspicious, and threatened to withdraw their gold if the goldsmith didntcome clean, but they checked that their gold was safe with goldsmith and demanded that they be paid apart of the share of interest he earned. Thus the goldsmith became their banker.
This was the beginning of banking. The banker paid a low interest rate on deposits of other peoples
money that he then loaned out at a higher interest rate. The difference covered the banks operational costand the profit.
A bank is a financial institution that accepts deposits as source of its funds and applies these deposits forlending and investing purpose. Banks act as intermediaries providing a link between people with excessand shortage of funds. But modern day banking is not limited to this definition. Let us consider thegoldsmiths tail further.
The goldsmith banker was not satisfied with the income left after paying off interest to depositor and thedemand for credit grew fast as Europeans spread out across the world. But the gold in the vault waslimited, thats when the goldsmith got an even bolder idea, since no one except himself knew what was inthe vault. He could lend out claim cheques on gold that was not even there. As long as all the depositors
didntcome to claim their real gold at the same time no one would even find out. This scheme workedvery well, and the banker became enormously wealthy, earning interest on wealth that didnt even exist.
The idea that the banker would create money out of nothing was too outrageous for anyone to believe andthe flaw did not occur to people. But the power to invent money went to the bankers head.In time, the magnitude of bankers loan and his ostentatious wealth triggered suspicion in the mind ofpeople. Some borrowers started to demand real gold instead of paper representations. Rumors spread andsuddenly several wealthy depositors showed up to remove their gold. But the goldsmith didnt haveenough gold to pay back the claim cheques he had put in their hands (Liquidity Risk).
This phenomenon is called a run on the bank and it ruins public confidence in all bankers (ReputationalRisk).
The run on the bank and the damage of goldsmiths reputation was caused by the goldsmiths ambition ofearning higher profits, lack of system check and proper processes (Operational Risk).
Due to huge demand of credit, this practice of creating wealth out of nothing was legalized and regulated.Bankers agreed to abide by limits for the fictional money they could create. Fractional Reserve Systemwas introduced and the ratio was estimated at 9(fictional money) is to 1(real money). The central bankwas set up to regulate local banks and enforce limits by surprise inspections. In case of a run, the centralbank would support local bank with emergency infusions of gold.
Thus the concept of local bank or commercial banks supported by a Central Bank was introduced.
8/12/2019 Lalimma Reports
16/45
16
CHAPTER 2: BANKING SECTOR IN UAE
There are total 51 banks in UAE, out of which 23 are local banks incorporated in the UAE and 28 areforeign banks.
UAE is a federation of 7 emirates, namels Abu Dhabi, Dubai, Sharjah, Ajman, Ras Al Khema, Umm AlQuwain and Fujeirah. The banking sector in UAE is managed by Central Bank of the UAE. The mainresponsibility of the Central Bank is formulation and implementation of banking, credit and monetarypolicies, to ensure the growth of the national economy of the UAE in a balanced manner.
Locally incorporated Banksin the UAE
1. National Bank of Abu Dhabi2. Abu Dhabi Commercial Bank3. Al Masraf (erstwhile ARBIFT)4. Union National Bank
5. Commercial Bank of Dubai6. Dubai Islamic Bank PJSC7. Emirates NBD Bank8. Emirates Islamic Bank9. Mashreq Bank PSC10.Sharjah Islamic Bank11.Bank of Sharjah PSC12.United Arab Bank PJSC13. InvestBank PLC14.The National Bank of R.A.K or
RAKBANK15.Commercial Bank International
16.National Bank of Fujairah PSC17.National Bank of U.A.Q PSC18.First Gulf Bank19.Abu Dhabi Islamic Bank20.Dubai Bank21.Noor Islamic Bank22.Al Hilal Bank23.Ajman Bank
Foreign Banks in the UAE
1. National Bank of Bahrain2. Rafidain Bank3. Arab Bank PLC4. Banque Misr5. El Nilein Bank6. National Bank of Oman
7. Credit Agricole - Corporate andInvestment Bank
8. Bank of Baroda9. BNP Paribas10.Janata Bank11.HSBC Bank Middle East Limited12.Arab African International Bank13.Al Khaliji (France) S. A.14.Al Ahli Bank of Kuwait15.Barclays Bank PLC16.Habib Bank Ltd.17.Habib Bank A.G Zurich
18.Standard Chartered Bank19.CitiBank N.A.20.Bank Saderat Iran21.Bank Meli Iran22.Blom Bank France23.Lloyds TSB Bank PLC24.The Royal Bank of Scotland N.V.25.United Bank Ltd.26.Doha Bank27.Samba Financial Group28.National Bank of Kuwait.
8/12/2019 Lalimma Reports
17/45
17
The Central Bank is also working tomaintain a fixed exchange rate of the dirhamagainst the U.S. dollar and to ensure the freeconvertibility of the national currency intoforeign currencies, in addition to its roleas "Bank of Banks" and the Government's
bank and its financial adviser.
The largest bank in UAE is Emirates NBD,with a total of 129 branches, followed byAbu Dhabi National Bank with 119 branches.
Among the foreign banks HSBC ranks no. 1, followed by standard chartered and Bank of Baroda standsat the third position with a share market share of 7%.
Figure 6: UAE Currency
Figure 5: Central Bank Logo
8/12/2019 Lalimma Reports
18/45
18
CHAPTER 3: BANK OF BARODA
Bank of Baroda is Indias only International Bank, present in UAE for the past39years, with over 32 branches till date.
Table 1: BOB Fact Sheet
8/12/2019 Lalimma Reports
19/45
19
Structure of Bank of Baroda, Zonal office:
Table 2: Structure of BOB
Front Office
Account Opening,issue of chequebook/ATM card
NRI Desk
Account Closing
Cash deposit/withdrawal
Back Office
Debt Syndication
SME
Retail department
Trade Finance
Treasury
Risk Management
8/12/2019 Lalimma Reports
20/45
20
CHAPTER 4: TYPES OF RISK
Table 3: Types of Risk
1. Operational Risk:
Operational risk arises from the people, processes and the system through which a company
operates and risk arising due to external factors. It is the risk involved in the day to day
functioning of the bank. It involves:
Delay in services, long waiting lines, etc
Fraud, theft
Mistakes
Laws and Legal regulations/ Documentation
Environmental Risk
Concentration Risk a bank should invest in a diversified portfolio to avoid the risk of
concentration of investment in one single industry. Country Riskthe risk of entering transaction with banned countries.
Risk
Operational Market Credit Reputational
8/12/2019 Lalimma Reports
21/45
21
2. Credit Risk:
It is the risk of default by the borrower due to:
Death
Insolvency
Illness
Bankruptcy
Downturn of economy
Willful default
3. Market Risk:
Liquidity Riskthis is the risk of bank not being able to meet unexpected demand ofcash. For this purpose the bank needs to maintain adequate liquid assets and funds in the
form of SLR and CRR with the central bank.
Currency Risk it arises when more than one currency is involved and the rate of
exchange fluctuates.
Interest Rate Riskit is the risk of changing interest rates. LIBOR, EBOR, etc.
4. Reputational Risk:
It is the risk arising due to negative publicity of the bank. All failures of the bank create a
negative image in the eyes of the customer and hamper the business of the bank. All other
risks, operational risk in particular, may spoil the image of the bank and break the
stakeholders trust leading to reputational risk.
8/12/2019 Lalimma Reports
22/45
22
CHAPTER 5: INTRODUCTION TO OPERATIONAL RISK
5.1. Introduction to Operational Risk
Table 4: Timeline of Operational Failure in Banks
BARINGS BANK:
Barings bank, one of the oldest banks in UK failed due to rogue trading by Nick Leeson, thederivates manager of the bank. He was appointed the General Manager of new operation infuture markets on SIMEX (Singapore International Monetary Exchange).
Leeson made unauthorized speculative trades that at first earned large profits for the bankamounting to 10 Million, which accounted for 10% of Barings Banks annual income.Leeson earned a bonus of 130,000 on his salary of 50,000 and also the trust of his seniors andfreedom to undertake any transaction. This ultimately led to the failure of the bank.
1994
USD 1.4
BILLION
BARINGSBANK
ROGUE
TRADER - NICK
LEESON
2008
USD 7.2 BILLION
SOCGEN
ROGUE TRADER -JEROME KERVIEL
2008
BANK RUN
NORTHERN BANK
SUBPRIMEMORTAGAGE CRISIS
2011
USD 2.3 BILLION
UBS
ROGUE TRADER -
KWEKU ADOBOLI
2012
USD 45 MILLION
RAK BANK & BANK
OF MUSCAT
HACKING
8/12/2019 Lalimma Reports
23/45
23
Management at Barings allowed Leeson to remain Chief Trader along with being responsible forsettling his trades (jobs usually done by two different people). This made it very easy for Leesonto hide losses from his superiors. Leeson used one of Baring Banks error accounts to hide hislosses, and by the end of 1992, the losses exceeded 2M. By the end of 1994 ballooned to
200M by the end of 1994.
By the end of 1992, the account's losses exceeded 2 million, which ballooned to 208 millionby the end of 1994.
The beginning of the end occurred on 16 January 1995, when Leeson placed a short straddle inthe Singapore and Tokyo stock exchanges, essentially betting that the Japanese stock marketwould not move significantly overnight. However, the Kobe earthquake hit early in the morningon 17 January, sending Asian markets, and Leeson's trading positions, into a tailspin. Leesonattempted to recoup his losses by making a series of increasingly risky new trades (using a Long-Long Future Arbitrage), this time betting that the Nikkei Stock Average would make a rapid
recovery. However, the recovery failed to materialize.Leeson left a note reading "I'm Sorry" and fled Singapore on 23 February. Losses eventuallyreached 827 million (US$1.4 billion), twice the bank's available trading capital. After a failedbailout attempt, Barings was declared insolvent on 26 February.
This is a huge operational failure arising due to lack of proper supervision of employees andreporting process and this could have been avoided if anyone had checked the authenticity of thetransactions undertaken by Leeson.
SOCIATES GENERAL:
Similarly 0n January 24, 2008, Sociates General bank announced that a single futures trader,Jerome Kerviel fraudulently lost the bank 4.9 billion (equivalent to $7.2billion). He entered intoa series of bogus trades. He always closed the deal within 2-3 days, just before the banks internalcontrol system would trigger notice. Some analysts suggest that unauthorised trading of this scalemay have gone unnoticed initially due to the high volume in low-risk trades normally conductedby his department. The bank said that whenever the fake trades were questioned, Kerviel woulddescribe it as a mistake then cancel the trade, after which he would replace that trade withanother transaction using a different instrument to avoid detection.
NORTHERN ROCK BANK:
Northern Rock bank failed due to its innovative lending techniques that first led to its growth. Itfollowed a process called securitization, wherein, it extended mortgage loans to its customersand based on this funding, sold these mortgages in the International Capital Markets. Due to thesubprime mortgage crisis in the US in 2008, the demand for the mortgage fell in the market andthe bank faced liquidity problems, even though its assets were greater than its liabilities. Thebank borrowed from the Bank of England in September 2008, to replace the funds they were notable to raise from the money market.
8/12/2019 Lalimma Reports
24/45
24
This led to panic among individual depositors, who feared that their savings might not beavailable should Northern Rock go into receivership. The result was a bank runthe UK's firstin 150 years where depositors lined up outside the bank to withdraw all of their savings asquickly as possible, particularly since everyone else was doing the same.
The main cause of the bank run was Journalists like BBcs Robert Peston, who broke the news ofthe borrowing from Bank of England.
UBS BANK:
On September 15, 2011, UBS became aware of a massive loss, estimated at US$2.3 billion, dueto unauthorized trading. Adoboli is suspected to have used the fact that some ETF transactions inEurope are not issued confirmations until after settlement has taken place. The exploitation ofthis process allows a party to transaction to receive payment for a trade before the transaction hasbeen confirmed. While the cash proceeds in this scheme cannot be simply retrieved, the sellermay still show the cash on their books and possibly use it in further transactions.
RAK BANK & BANK OF MUSCAT:
More recently, a major worldwide pre-paid card heist occurred, involving RakBank in UAE andBank of Muscat in Oman. A gang of criminals stole an astounding total of $45Million in a matterof hours by hacking into the database of prepaid cards. These banks outsourced the processing ofcards to India.
The theft was a well planned attack and involved hacking the database of the bank in India andUS and compromise data of RakBank and Bank of Muscat to:
1. Copy the account data and to create access codes that was loaded on plastic cards, like,old hotel keys and expired credit cards with a magnetic stripe.
2. Eliminate the withdrawal limits on pre-paid cards.3. Increase the balance amounts of customers by using funds held by banks that back up
prepaid credit cards.
A network of operatives then fanned out to rapidly withdraw money in cities of Japan, Russia,Romania, Egypt, Colombia, Britain, Sri Lanka, Canada and many other countries. This moneywas then laundered to the ringleader through expensive purchases or shopped in wholesale.
With rapid advancement in technology, the operational system is being exposed to increasingrisk of cybercrime. A large attack like this awakens the cybercrime community and they findinnovative ways to find loopholes in the system.
8/12/2019 Lalimma Reports
25/45
25
5.2. Importance of Operational Risk:
Figure 7: Importance of Operational Risk
Operational Risk can contribute to other types of risks and is interlinked with all functions of the
bank. It is pervasive at all levels of the bank, starting from the ground level to higher level and in all
departments of the bank.
A failure by the staff to provide satisfactory service for its client may severely hamper the reputationof the bank. A fraud or theft caused due to negligence of the management will shatter the trust of the
customers and bring down the image of the bank.
A mistake while calculating the Credit Rating of a customer may lead to credit risk. If, say the actual
rating of a client is BBB and the officer gives it a rating AA, the actual risk of lending to the
customer is higher than that calculated by the banking official and a default by BBB client is more
likely.
A US report claims that 60% of all frauds and data breach are by insiders.
Rogue Traders have the potential to bring down the bank overnight. In the above cases we
have seen that banks like Barings and Northern Rock were liquidated due to operational
failure.
OperationalRisk
Credit Risk
Market Risk
Reputational
RiskStrategic Risk
Liquidity Risk
8/12/2019 Lalimma Reports
26/45
26
5.3. Operational Risk : Causes, Events & Consequences
Table 5: Causes, Events and Consequences
Inadequatesegregation of duties
Insufficeient training
Lack of managementsupervision
Inadequate securitymeasures
Inadequate auditingprocedures
Poor systems designPoor HR policies
Events Internal Fraud
External Fraud
Employment Practices& Workplace Safety
Clients, Products andBusiness Practices
Damage to PhysicalAssets
Business Distruption &
Stystem FailuresExecution, Delivery &
Process Management
C
onsequences Legal Liability
Regulatory,Compliance andTaxation Penalties
Loss or Damage toAssets
Restitution
Loss of Recourse
Write Down
Reputation
Business Interuption
EffectsMonetaLosses
OtherImpactForegoIncome
8/12/2019 Lalimma Reports
27/45
27
5.4. Operational Risk:
The definition adopted by Basel II states:
Operational risk is defined as the risk of loss resulting from inadequate or failed internal
processes, people and systems from external events. This definition includes legal risk, but
excludes strategic and reputational risk. Strategic and reputational risk is not included in this
definition for the purpose of a minimum regulatory operational capital charge.
It Includes:
Table 6: Causes of Operational Risk
Transactions
Information
People
ExecutionInadeqauateSupervision
Relationship
Rogue
Trader
Criminal Theft
Fraud
Customer
Insufficient
Training
Poor
Management
Theft
Technology
Lack ofResources Compliance
Legal
Regulations
Reputation
8/12/2019 Lalimma Reports
28/45
28
CHAPTER 6: RISK MANAGEMENT
Risk management is the identification, assessment, prioritization and mitigation of riskassociated to the business to ensure that the risk is attuned to the risk taking appetite of the
organization. The Process of Risk Management includes:
Figure 8: Risk Management
Identifying Risk includes:
1. Analysis of workflows and processes
2.
Listing all the possible risks and their causes
Assessing The Risk Involves:
1. Assesing the likelihood of risk.
2. Assessing the impact of risk
Identify Risk
Assess theRisk
Select RiskControl
Measures
ImplementRisk ControlMeasures
Monitor &Review
8/12/2019 Lalimma Reports
29/45
29
LIKELIHOOD*IMPACT = RISK
Selecting Risk Control Measure:
1. Identify control choices
2. Determine priorities
3. Make control decisions
Implementing Risk Controls:
1. Establish authority and responsibility
2. Define Structure
3. Define processes and procedures
Monitoring and Review:
1. Define Monitoring
2. Define the structure
3. Monitor processes
4. Review processes
8/12/2019 Lalimma Reports
30/45
30
CHAPTER 7: BASEL II
7.1. Intoduction
The Basel Committee on Banking Supervision (BCBS) was established to issue the banking
supervision accords that deal with banking laws and recommendations, called BASEL Accords
and it has issued 3 accords till date. The Basel II deals with operational risk, credit risk and
market risk.
The Basel I I has 3 pill ars
Table 7: 3 Pillars of Basel II
1. The Fir st pillarThe first pillar deals with maintenance of regulatory capital calculated for
three major components of risk that a bank faces: credit risk, operational risk and market risk.
Other risks are not considered fully quantifiable at this stage.
8/12/2019 Lalimma Reports
31/45
31
2. The Second Pill ar It provides better tools and guidelines to the management for regulating
and mitigating risk. Banks can review their risk management system and develop a supervisory
review policy.
3. The Thir d Pill ar This pillar aims to complement the minimum capital requirements and
supervisory review process by developing a set of disclosure requirements which will allow the
market participants to gauge the capital adequacy of an institution.
8/12/2019 Lalimma Reports
32/45
32
7.2. BASEL II : First Pillar
Regulatory Capital Called Operational Risk charge is to be calculated. The charge represents the amount
of capital that a bank should maintain as a cushion against losses arising from operational risk.
The Basel II suggests 3 methods to calculate charge:
Figure 9: Methods to Calculate Charge
Bank of Baroda follows the Basic Indicator approach to calculate Capital Requirements. I have
used Excel to calculate charge using Basic Indicator Approach and Standardized approach on
banks actual data provided to me. I have calculated VaR using Palisade software @risk
through Loss Data Approach under Advanced Measurement Approach.
8/12/2019 Lalimma Reports
33/45
33
1. Basic Indicator Approach (BIA)
Banks using the basic indicator approach must hold capital for operational risk equal to the average over
the previous three years of a fixed percentage of positive annual gross income multiplied by a fixed factor
called alpha.
3
(GI*Alpha)/3i=1
Figures for any year, in which, annual gross income is negative or zero should be excluded from both the
numerator and denominator when calculating the average.
The fixed percentage alpha is typically 15 percent of annual gross income.
I calculated the charge to be 88912.45(all figures in 1000AED) or AED 88.912 Million through BIA, as
seen in the table below
This technique is simple to use and easy to understand. Most banks use this technique for calculation of
charge.
But the charge calculated is not accurate, as the risk is not always directly proportional to the income.
This technique fails to take into account the system and processes in place in the bank. For an efficientbank, were risk mitigation and control systems are followed the risk is likely to be less.
Basic Approach
Gross Income Alpha Factor GI*Alpha
March, 2011 520005 15% 78000.75
March, 2012 624254 15% 93638.1
March, 2013 633990 15% 95098.5
88912.45
8/12/2019 Lalimma Reports
34/45
34
2. STANDARDISED APPROACH (SA)
Banks activities are divided into eight business lines. Within each business line, gross income is a broad
indicator that serves as a proxy for the scale of business operations and thus the likely scale of operational
risk exposure within each of these business lines.
The capital charge for each business line is calculated by multiplying gross income by a factor (denoted
beta) assigned to that business line. Beta serves as a proxy for the industry-wide relationship between the
operational risk loss experience for a given business line and the aggregate level of gross income for that
business line.
Business Line Beta Factor
Corporatefinance 18%
Trading and sales 18%
Retail banking 12%
Commercial banking 15%
Payment and settlement 18%
Agency services 15%
Asset Management 12%
Retail Brokerage 12%
Table 8: SA- Business lines
8/12/2019 Lalimma Reports
35/45
8/12/2019 Lalimma Reports
36/45
36
3. AMA
Under AMA the banks are allowed to develop their own empirical model to quantify required capital for
operational risk. Banks can use this approach only subject to approval from their local regulators. Once a
bank has been approved to adopt AMA, it cannot revert to a simpler approach without supervisory
approval.
Also, according to section 664 of original Basel Accord, in order to qualify for use of the AMA a bank
must satisfy its supervisor that, at a minimum:
Its board of directors and senior management, as appropriate, are actively involved in the oversight of
the operational risk management framework;
It has an operational risk management system that is conceptually sound and is implemented with
integrity; and
It has sufficient resources in the use of the approach in the major business lines as well as the control
and audit areas.
The most common approach under AMA is the Loss Distribution Approach to calculate Value at Risk and
Economic Loss.
Value at Risk is the potential loss a bank can suffer through its people, process, system and external
events.
Economic Capital is the amount a bank should keep aside to cover unexpected losses for operational risk.
Unexpected loss is the difference between VAR and expected loss, as figure below shows. This is the
amount of capital that the institution should establish to cover unexpected losses for operational risk
corresponding to the desired confidence level.
Expected loss is equal to mean of the loss distribution.
Confidence level (CI) is a type of interval estimate of a population parameter and is used to indicate the
reliability of an estimate.
Figure 10: EL, UL and VaR at 99.9% CI
8/12/2019 Lalimma Reports
37/45
37
For calculation of VaR, data of operational losses occurring internally in the bank are recorded andclubbed with external loss data.
Frequency and Severity components of the loss distribution are taken into account separately and thencombined through convolution.
Frequency refers to how often a loss event happens, and is measured in terms of number of events pertime units. It is described by a discrete distribution.
Severity depends on the monetary impact of the event, and is described by a continuous distribution. Inoperational risk both components have to be considered separately
To establish the appropriate level of capital to cover unexpected losses due to operational risk one firsthas to establish an adequate confidence level. Obviously, one would like to establish confidence levelsclose to 100 %. In practice, however, this is not possible since loss distributions are never perfectlyidentified using (usually incomplete) historical data, and even if we could perfectly identify these lossdistributions, the level of capital required would be too high (and costly). Nevertheless, the confidencelevels used in risk management usually lie in the range from 95 % to 99 % and higher
Once we have defined the confidence level at which we would like to cover unexpected losses, thecalculation of the corresponding amount of capital involves the following steps:
i) Frequency and severity distributions are identified from the data;ii) Both distributions are combined to obtain an aggregate loss distribution;iii) Operational Value at Risk (VAR) is obtained by taking the percentile of the aggregate loss distributionat the desired confidence level.
The main difficulty of the procedure described above, however, lies in step in the combination or
aggregation of the frequency and severity distributions obtained from the data.
As mentioned above, both distributions consist of a completely different nature, since the first is a discrete
distribution, expressed in terms of number of events per time units (eg. number of frauds per month),
while the second is a continuous distribution, expressed in monetary units (eg. dollars). Hence both
distributions are not directly additive or multiplicative.
To combine both types of distributions closed form solutions involve solving analytical formulas. For theproblem at hand the most straightforward closed form solution is to combine distributions by means of a(mostly theoretical) mathematical operation, called convolution, represented by the * (star) symbol.Thisoperation usually involves solving complicated integrals.I used the software @risk by palisade for the purpose of calculating Value at Risk (VAR) through
convolution.
8/12/2019 Lalimma Reports
38/45
38
Figure 11: Loss Distributions
I used the loss data of bank combined with operational loss data of other banks in UAE, available in news
clippings on google for calculating VAR through Palisade Software. I fixed the confidence interval at
99% and then calculated the Poisson distribution for frequency, followed by Pareto distribution for
severity of loss.
I combined these two through Monte Carlo simulation to arrive at Value at Risk.
I got the following results (All figures are in Lakhs of Rupess).
Table 9: Poisson Distribution for frequency
8/12/2019 Lalimma Reports
39/45
39
Table 10: Pareto Distribution for Severity
Table 11: Combined DistributionAs per the results of simulation using @risk, the VAR=Rs149600 (AED 9973), Expected Loss=Rs110195
(AED7346), Economic Charge=VAR-EL=39405 (AED2627)
It is a very small fraction of charge calculated through either BIA or SA. Though it is a complex
technique to implement, it is a scientific technique to calculate charge and is accurate for all banks as it
takes into view the actual risk faced by the bank in the past. The past may not always correspond with the
future findings. But the capital tied down is the least through this technique.
8/12/2019 Lalimma Reports
40/45
40
7.3. BASEL II : Second and Third Pillar
RISK MANAGEMENTSOUND PRACTICES & DISCLOSURE
The Basel II identifies 4 level of concern by identifying role of Board of Directors, Senior Management,
Supervisors and Staff:
Figure 12: Sound Practices
SoundPractices
Role of Boardof Directors
Role of SeniorManagement
Role of
Advisors
Role ofDisclosure
8/12/2019 Lalimma Reports
41/45
8/12/2019 Lalimma Reports
42/45
42
2. Senior Management:
Senior Management should develop a clear, effective and robust governance structure well defined,
transparent and consistent lines of responsibility. Senior Management is also responsible for implementing
Operational risk management framework and develop activities, policy, procedure, process, system andmaterials for managing operational risk in all of banks activities, products, policy, process, systems to make
sure the inherent risks and incentives are well understood. This is an ongoing process in a bank taking place
for all activities at all levels on daily basis.
Figure 14:Sound Practices - Senior Management
2.1. Identifying and Assessing Operational Risk senior management should
ensure the identification and assessment of the operational risk inherent in all
material products, activities, processes and systems to make sure the inherent
risks and incentives are well understood.2.2. Monitoring and Reporting Operational RiskThey should implement a process
to regularly monitor risk profiles and material exposures to losses. Appropriate
reporting mechanisms should be in place at the board, senior management and
business line levels that support proactive management of operational risk.
2.3. Controlling and Mitigating Operational Risk Banks should have a strong
control environment that utilises policies, processes and systems; appropriate
internal controls; and appropriate risk mitigation and transfer strategies.
RiskManagement
Activies bySenior
Management
Identifying andAssessing
OperationalRisk
Monitoring andReporting
OperationalRisk
Controlling and
MitigatingOperational
Risk
Contingencyand Business
Continuity Plan
8/12/2019 Lalimma Reports
43/45
43
2.4. Contingency and Business Continuity Plan Banks should have business
resiliency and continuity plans in place to ensure an ability to operate on an
ongoing basis and limit losses in the event of severe business disruption.
3. Role of Supervisor:
3.1. Supervisory Review Framework Banking supervisor should ensure that all
banks have an effective system to identify and assess, monitor, control and
mitigate all operational risk.
3.2. Independent Evaluation Supervisor must conduct regular and independent
evaluation of the bank policies, procedures and practices related to operation risk.
4. Role of Advisors
4.1. Public Disclosure (Pillar III) bank should make sufficient public disclosure
to allow its stakeholders to assess its approach to operational risk management.
8/12/2019 Lalimma Reports
44/45
44
CHAPTER 8: CONCLUSION AND RECOMMENDATIONS:
1. As the business of the bank and risk sensitivity increases, the bank can move to a more sophisticated
approach. As the sophistication of the technique increases, the capital set aside and tied down for
unexpected losses decreases. As we see in the above example that using AMA the charge is equal to
AED2627, as compare to charge calculated through BIA 88912 and SA 96914.The bank would benefit greatly by moving to Advanced Measurement Approach.
Figure 15: Techniques to calculate charge
2. More importantly these methods to calculate charge only help keep aside capital for future unexpected
losses, but they dont do anything to control these losses. Mitigating risk is the most important part of
Risk Management and it requires Corporate Governance.Bank of Baroda is Indias first public sector bank to be rated for Corporate Governance. It has an ICRA
rating of GR2.
CORPORATEGOVERNANCE
INDEPENDENTFUNCTIONING OF RISKMANAGEMENT AND
AUDIT DEPARTMENTS
TRAINING FOR SENIORMANAGEMENT AND
BOARD OF DIRECTORS
TRANSPARENTCOMMUNICATION AND
FULL DISCLOSURES
AWARENESS AND
IMPLEMENTATION OFLATEST AND SCIENTIFIC
FRAMEWORKS FORMANAGEMENT OF RISK
8/12/2019 Lalimma Reports
45/45
3. The departments like risk management, compliance and inspection & audit should have an
independent structure and not come under the Chief Managing Director of the branch, but should
be independent and should report directly to head office.
4. Management teams have a duty to understand fully the businesses they manage. Responsibility
for each business activity must be clearly established. Clear segregation of duties is fundamental
to any effective risk control system. Effective, independent and regular audits to ensure
compliance and effectiveness of framework are necessary to ensure that the framework designedand implemented for management of risk is suitable and sufficient for the organisation.
BOARD OFDIRECTORS
SUB COMMITTEE OFASSET LIABILITY
MANAGEMENT ANDRISK MANAGEMENT
INSPECTION ANDAUDIT
RISK MANAGEMENT COMPLIANCE