Operational Risk Management Table of Contents



Similar documents
OPERATIONAL RISK MANAGEMENT

Operational Risk Management Policy

THE REQUIRED ELEMENTS OF AN EFFECTIVE OPERATIONAL RISK FRAMEWORK TO MEET THE GLOBAL REGULATORY REQUIREMENTS OF BASEL II PHILIPPA GIRLING

Pillar 3. Disclosure. Succession Advisory Services Ltd

Pillar 3. Disclosure. Succession Advisory Services Ltd

REGULATION 9 ON OPERATIONAL RISK MANAGEMENT. Article 1 Purpose and Scope

Bank Capital Adequacy under Basel III

Subject ST9 Enterprise Risk Management Syllabus

1. Introduction Process for determining the solvency need Definitions of main risk types... 9

Sample Financial institution Risk Management Policy 2011

Close Brothers Group plc

Risk Management Programme Guidelines

ZAG BANK BASEL II & III PILLAR 3 DISCLOSURES. December 31, 2014

Separately managed accounts

RIT Capital Partners plc Shareholder Disclosure Document January 2015

REINSURANCE RISK MANAGEMENT GUIDELINE

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

Operational risk management frameworks and methodologies

Sound Practices for the Management of Operational Risk

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

INTERNAL CAPITAL ADEQUACY ASSESSMENT

ICAAP Report Q2 2015

RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

ICAAP Required Capital Assessment, Quantification & Allocation. Anand Borawake, VP, Risk Management, TD Bank anand.borawake@td.com

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Understanding Today s Enterprise Risk Management Programs

DNB Liquidity Pillar 2 Supervision. Seminar Das neue SREP Konzept der Aufsicht Clemens Bonner (c.bonner@dnb.nl)

Basel Committee on Banking Supervision. Consultative Document. Net Stable Funding Ratio disclosure standards. Issued for comment by 6 March 2015

ERM from a Small Insurance Company Perspective

CITIGROUP INC. BASEL II.5 MARKET RISK DISCLOSURES AS OF AND FOR THE PERIOD ENDED MARCH 31, 2013

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Operational Risk Management

1) What kind of risk on settlements is covered by 'Herstatt Risk' for which BCBS was formed?

RISK MANAGEMENT. Risk governance. Risk management framework MANAGEMENT S DISCUSSION AND ANALYSIS RISK MANAGEMENT

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

LIQUIDITY RISK MANAGEMENT GUIDELINE

Portfolio Management for Banks

DEVELOPING A KRI PROGRAM: GUIDANCE FOR THE OPERATIONAL RISK MANAGER SEPTEMBER Mayowa BabatolaMayowa BabatolaBITS 2004 September 2

RATING METHODOLOGY FOR STOCK BROKING FIRMS

Key learning points I

Operational Risk. Operational Risk Policy

Pictet Asset Management Ltd

Foreign Exchange. Prime Brokerage. Product Overview and Best Practice Recommendations

ORSA Implementation Challenges

MANAGING OPERATIONAL RISK IN BANKS

EASY FOREX TRADING LTD DISCLOSURE AND MARKET DISCIPLINE IN ACCORDANCE WITH CAPITAL ADEQUACY AND THE REQUIREMENTS ON RISK MANAGEMENT

Risk Management. Did you know? What is Risk Management?

Basel Committee on Banking Supervision. Net Stable Funding Ratio disclosure standards

Huntington Bancshares Incorporated & Huntington National Bank Company Run Capital Stress Test Results Disclosure

The Northern Trust Company, Canada Basel III Pillar lll Disclosure as at December 31, 2015

Capital Policy and Safeguards Statement for Merchant Acquirer Limited Purpose Banks

Capital Market Services UK Limited Pillar 3 Disclosure

Operational Risk An Enterprise Risk Management Presentation

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

This section outlines the Solvency II requirements for a syndicate s own risk and solvency assessment (ORSA).

Risk Management at a Leading Canadian Bank An Actuarial Science Graduate's View

6/8/2016 OVERVIEW. Page 1 of 9

Implementing an AMA for Operational Risk

ENTERPRISE RISK MANAGEMENT BENCHMARK REVIEW: 2013 UPDATE

Financial Risk Management Courses

Operational Risk Management in Insurance Companies

Preparing for ORSA - Some practical issues Speaker:

HOCH CAPITAL LTD PILLAR 3 DISCLOSURES As at 1 February 2015

Credit Risk Management: Trends and Opportunities

ICAAP for Asset Managers: Risk Control Limited

An operational risk management framework for managing agencies

RISK MANAGEMENT. Risk management framework. Risk governance

Market Risk Capital Disclosures Report. For the Quarter Ended March 31, 2013

Publication of financial information pursuant to the Capital Adequacy Regulation (Pillar 3)

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

Zurich s approach to Enterprise Risk Management. John Scott Chief Risk Officer Zurich Global Corporate

Principles for An. Effective Risk Appetite Framework

Operational Risk Management Excellence Get to Strong Survey

Impact assessment of the new liquidity rules on Luxembourg banks

Best Practices for Credit Risk Management. Rules Notice Guidance Notice Dealer Member Rules

Guideline. Category: Sound Business and Financial Practices. No: E-18 Date: December 2009

Equita SIM SpA publishes this Public Disclosure on its website

Capital G Bank Limited. Interim Pillar 3 Disclosures 30th June, 2012

Guidance Note: Stress Testing Class 2 Credit Unions. November, Ce document est également disponible en français

(Part.1) FOUNDATIONS OF RISK MANAGEMENT

Risk Management for Fixed Income Portfolios

Prof Kevin Davis Melbourne Centre for Financial Studies. Managing Liquidity Risks. Session 5.1. Training Program ~ 8 12 December 2008 SHANGHAI, CHINA

Basel 3: A new perspective on portfolio risk management. Tamar JOULIA-PARIS October 2011

Improving Financial Performance, Governance and Compliance

Part II Prudential regulatory requirements

Admission Criteria Minimum GPA of 3.0 in a Bachelor s degree (or equivalent from an overseas institution) in a quantitative discipline.

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Jupiter Asset Management Ltd Pillar 3 Disclosures as at 31 December 2014

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

Attachment. OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

Supervisory Policy Manual

BASEL III PILLAR 3 DISCLOSURES. March 31, 2014

Commodity Price Risk Management (CPRM) - Trends and Challenges for Corporates

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.

FINANCIAL SERVICES FLASH REPORT

Transcription:

Operational Management Table of Contents SECTION 1 Operational The Definition of Operational Drivers of Operational Management Governance Culture and Awareness Policies and Procedures SECTION 2 Operational : Loss Data and and Control Self Assessments Internal Loss Data or Operational Events External Loss Data and Control Self Assessments SECTION 3 Operational : Scenario Analysis, Key Indicators, Reporting and Best Practices Scenario Analysis Key Indicators Reporting Operational Capital Modeling Appetite Governance, and Compliance (GRC) Other Operational Best Practices Conclusions 1

Chapter 1: Operational This section on operational risk explores operational risk and how it is effectively managed and measured in financial institutions. Chapters 1,2 and 3 will explore the regulatory and business drivers for operational risk frameworks, and will identify opportunities to add value to an organization through operational risk management. The various elements of an operational risk framework will be considered and evaluated, with a particular emphasis on the practical steps that can be taken to ensure their successful adoption within a firm. In addition, this section will explore the cultural challenges that can face the deployment of an operational risk function, and will address the reporting challenges that can arise. Measurement of capital for operational risk requires a blend of qualitative and quantitative skills and tools, and these will be explored in some depth. Operational risk plays a key role in the development of integrated risk management programs that include compliance, business continuity planning, information security and other operational risk related data. These programs are referred to as governance, risk and compliance (GRC) or convergence. The role of operational risk in these programs will be considered and discussed. Towards the end of the section, examples will be given of the many types of operational risk events that can, and have occurred, along with the controls that can be implemented to mitigate these risks. On completion of this section the candidate will have an improved understanding of: The place of operational risk management in the context of risk management The difference between operational risk management and operational risk measurement The role of operational risk in Governance, and Compliance and Enterprise Management frameworks Good practice for operational risk management The role of Basel II and other regulations in the rise of operational risk management as a discipline The practical application and cultural impact of operational risk on the effective governance of an organization The policies and procedures needed to support operational risk management The array of operational risk management tools available to implement an effective operational risk management framework, including: Loss data collection and control self assessments Scenario analysis Key risk indicators The benefits and challenges of different governance structures for operational risk management Designing and selecting reporting that can drive decision making and risk behavior Modeling techniques for the calculation of economic capital for operational risk Best practices in managing: New product approval Vendors and third party risks Legal risk Regulatory risk People risk Fraud risk Technology risk Weather risk Pandemic risk Strategic risk Reputational risk 1.1 THE DEFINITION OF OPERATIONAL RISK Operational risk management had been defined in the past as all risk that is not captured in market and credit risk management programs. Early operational risk programs, therefore, took the view that if it was not market risk, and it was not credit risk, then it was operational risk. However, today a more concrete definition is used, for example the Basel II definition of operational risk is: Operational risk is defined as the risk of loss resulting from inadequate or failed processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk. 2

Chapter 1: Operational The Basel II definition of operational risk has been adopted or adapted by many firms, but it is just one of many possible definitions that can be used. Basel II is the common name used to refer to the International Convergence of Capital Measurement and Capital Standards: A Revised Framework, which was published by the Bank for International Settlements in Europe in 2004. The Basel II framework set out new risk rules for internationally active financial institutions that wished to continue to do business in Europe. These rules related to the management and capital measurement of market and credit risk, and introduced a new capital requirement for operational risk. In addition to the capital requirement for operational risk, Basel II laid out qualitative requirements for operational risk management, and so a new era of operational risk management development was born. JPMorgan Chase, a firm subjected to Basel II rules, has adapted the definition as follows: Operational risk is the risk of loss resulting from inadequate or failed processes or systems, human factors or external events. There are four main causes of operational risk that are identified in standard operational risk definitions. Operational risk events can occur when there are inadequacies or failures due to: people (human factors) processes systems, or external events While the language is a little awkward (what exactly are failed people for example), the meaning is clear. There are four main causes of operational risk events: the person doing the activity makes an error, the process that supports the activity is flawed, the system that facilitated the activity is broken, or an external event occurs that disrupts the activity. Under the Basel II definition, legal events are specifically included in the definition of operational risk and a footnote is added to further clarify this. Legal risk includes, but is not limited to, exposure to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements. This is a helpful clarification, as there is often some initial tension with the legal department when the operational risk function first requests information on legally related events. This is something that will be considered in more detail later in the section on loss data collection. The Basel II definition also specifically excludes several items from operational risk: This definition includes legal risk, but excludes strategic and reputational risk. These nuances in the Basel II definition are often reflected in the definition adopted by a firm, whether or not they are governed by that regulation. However, these exclusions are not always applied in operational risk frameworks, as will be explained below. 1.1.1 Operational Management and Operational Measurement There are two sides to operational risk operational risk management and operational risk measurement. There is often a tension between these two activities, as well as frequent overlap. Basel II requires capital to be held for operational risk, and offers several possible calculation methods for that capital, which will be discussed later in this chapter. This capital requirement is the heart of the operational risk measurement activities, and requires quantitative approaches. In contrast, firms must also demonstrate that they are effectively managing their operational risk, and this often requires qualitative approaches. A successful operational risk program combines qualitative and quantitative approaches to ensure operational risk is both appropriately measured and effectively managed. 3

Chapter 1: Operational 1.1.2 Operational Management Helpful guidelines for appropriate operational risk management activities in a firm can be found in Pillar 2 of Basel II: 736. Operational risk: The Committee believes that similar rigor should be applied to the management of operational risk, as is done for the management of other significant banking risks. 737. A bank should develop a framework for managing operational risk and evaluate the adequacy of capital given this framework. The framework should cover the bank s appetite and tolerance for operational risk, as specified through the policies for managing this risk, including the extent and manner in which operational risk is transferred outside the bank. It should also include policies outlining the bank s approach to identifying, assessing, monitoring and controlling/mitigating the risk. To be successful, an operational risk framework must be designed to meet these four criteria for all operational risk exposures, and it takes a toolbox of activities to achieve this. In the operational risk management toolbox are loss data collection programs, risk and controls self-assessments, scenario analysis activities, key risk indicators and powerful reporting. Each of these elements will be considered in turn in this chapter. 1.1.3 Operational Measurement Operational risk measurement focuses on the calculation of capital for operational risk, and Basel II provides for three possible methods for calculating operational risk capital which will be discussed later in the chapter. Some firms choose to calculate operational risk capital without being subject to a regulatory requirement, as they wish to include the operational risk capital in their strategic planning and capital allocation for strategic and business reasons. There are several important things to note in these sections. First, operational risk should be managed with the same rigor as market and credit risk. This is an important concept, and has many implications when considering how to embed an operational risk management culture in a firm, as will be explored later in this chapter. Second, policies regarding risk appetite are required. This is no easy task as articulating a risk appetite for operational risk can be very challenging. Most firms would prefer to have no operational risk, and yet these risks are inherent in their day to day activities and cannot be completely avoided. Recently, regulators have been very interested in how firms are responding to this challenge and there is much debate about how to express operational risk appetite or tolerance, and how to manage against it. This will be explored further in each of the framework sections later in the chapter. Finally, policies must be written that outline the bank s approach to identifying, assessing, monitoring and controlling/mitigating operational risk. This is the heart of the definition of operational risk management, and the elements of an operational risk framework need to address these challenges. Does each element contribute to the identification of operational risks, the assessment of those risks, the monitoring of those risks and the control or mitigation of those risks? 1.1.4 The Relationship between Operational Management and Other Types Operational risk often arises in the presence of other risk types, and the size of an operational risk event may be dramatically impacted by market or credit risk forces. EXAMPLE One of Gamma Bank s business lines offers retail customers the ability to trade bonds. One of the customers calls the broker at Gamma Bank and instructs the broker to buy Andromeda Corporation bonds for the customer s account. The trade is executed, but it is mistakenly booked as a sell, instead of a buy; this will result in a significantly larger loss if the market moves up. The cost of making the customer whole will now be much higher than if the market had remained stable. In fact, there could be a gain if the market drops. It is clear then that market risk can magnify operational risk. 4

Chapter 1: Operational There are also events which include both credit and operational risk elements. If a counterparty fails, and there was an operational error in securing adequate collateral, then the credit risk event is magnified by operational risk. While market risk, credit risk and operational risk functions are usually run separately, there are benefits in integrating these functions where possible. The overall risk profile of a firm depends not on the individual market, credit and operational risks, but also on those elusive strategic and reputational risks (or impacts) and the relationships between all of these risk categories. Strategic and reputational risk will be considered at the end of this chapter. Additional risk categories also exist: for example geopolitical risks and liquidity risk. For these reasons, some firms adopt an enterprise risk management (ERM) view of their risk exposure. The relationship between these risks can be illustrated in the ERM Wheel. Interest Rate Insurance Pension Obligation Business Foreign- Exchange Stategic Execution, Delivery and Process Management Internal Fraud Equity Price External Fraud Commodity Price Spread Market ERM Reputational Geopolitical Operational Employment Practices and Workplace Safety Clients, Products and Business Practices Damage to Physical Assets Model Event Liquidity Credit Business Disruption and Systems Failures Financing Legal and Compliance Concentration Counterparty Transaction Figure 1: ERM Wheel This ERM wheel illustrates that all risk types are interrelated and that some central risk types can impact those on the outer spokes of the wheel. For example a geopolitical risk event might result in risks arising in market risk, credit risk, strategic risk, liquidity risk and operational risk. 5

Operational The Definition of Operational Operational Management and Operational Measurement Operational Management Operational Measurement The Relationship between Operational Management and Other Types The benefits and challenges of different governance structures for operational risk management Designing and selecting reporting that can drive decision making and risk behavior Modeling techniques for the calculation of economic capital for operational risk Drivers of Operational Management THE DEFINITION OF OPERATIONAL RISK Operational Framework Overview Governance Who should own the operational risk function? Operational risk is owned by the Chief Officer Operational risk is owned by the Chief Operating Officer, or the Chief Financial Officer Operational risk is owned by the Chief Compliance Officer What should the operational risk function own? Culture and Awareness Marketing and Communication Planning Training Policies and Procedures Basel II defines operational risk Operational risk is defined as the risk of loss resulting from inadequate or failed processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk. Legal risk includes, but is not limited to, exposure to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements JPMorgan Chase defines operational risk Operational risk is the risk of loss resulting from inadequate or failed processes or systems, human factors or external events OPERATIONAL RISK MANAGEMENT AND OPERATIONAL RISK MEASUREMENT CHAPTER FOCUS Operational Management Qualitative assessment of operational risk The place of operational risk management in the context of risk management The difference between operational risk management and operational risk measurement The role of operational risk in Governance, and Compliance and Enterprise Management Good practice for operational risk management The role of Basel II and other regulations The policies and procedures needed to support operational risk management The array of operational risk management tools available to implement Operational Measurement Quantitative assessment of operational risk Similar rigor should be applied to the management of operational risk, as is done for the management of other significant banking risks. Basel Committee 6

Operational Management Operational risk management is as important as credit and market risk THE RELATIONSHIP BETWEEN OPERATIONAL RISK MANAGEMENT AND OTHER RISK TYPES Appetite Developing risk appetite for operational risk can be challenging Bank has to understand the level of exposure Policies Should outline the bank s approach to identifying, assessing, monitoring and controlling/mitigating operational risk OPERATIONAL RISK MANAGEMENT TOOLBOX Operational risk is often present with other risk types Credit and operational risk events can overlap EXAMPLE One of Gamma Bank s business lines offers retail customers the ability to trade bonds. One of the customers calls the broker at Gamma Bank and instructs the broker to buy Andromeda Corporation bonds for the customer s account. The trade is executed, but it is mistakenly booked as a sell, instead of a buy, this will result in a significantly larger loss if the market moves up. In the operational risk management toolbox are loss data collection programs, risk and controls self-assessments, scenario analysis activities, key risk indicators and powerful reporting The cost of making the customer whole will now be much higher than if the market had remained stable. In fact, there could be a gain if the market drops. It is clear then that market risk can magnify operational risk. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information