Operational risk management frameworks and methodologies



Similar documents
Sound Practices for the Management of Operational Risk

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management

Internal Loss Data A Regulator s Perspective

Understanding and articulating risk appetite

Operational Risk Management Table of Contents

An operational risk management framework for managing agencies

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

COMMERCIAL BANK. Moody s Analytics Solutions for the Commercial Bank

RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

Policy on the Management of Country Risk by Credit Institutions

Operational Risk Management in Insurance Companies

DATA AUDIT: Scope and Content

Principles for An. Effective Risk Appetite Framework

Building a framework for operational risk management: the FSA s observations

Supervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Basel Committee on Banking Supervision. Review of the Principles for the Sound Management of Operational Risk

OPERATIONAL RISK MANAGEMENT

Transforming risk management into a competitive advantage kpmg.com

Measurement of Banks Exposure to Interest Rate Risk and Principles for the Management of Interest Rate Risk respectively.

Cyber Security and the Board of Directors

From ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca

Principles for the supervision of financial conglomerates

Insurance management policy and guidelines. for general government sector, September 2007

This section outlines the Solvency II requirements for a syndicate s own risk and solvency assessment (ORSA).

Effective Techniques for Stress Testing and Scenario Analysis

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

A Risk Management Standard

INTERAGENCY GUIDANCE ON THE ADVANCED MEASUREMENT APPROACHES FOR OPERATIONAL RISK. Date: June 3, 2011

Solvency II Detailed guidance notes

Integrated Stress Testing

Risk appetite as a dynamic management tool

Solvency II Data audit report guidance. March 2012

Basel Committee on Banking Supervision. Progress in adopting the principles for effective risk data aggregation and risk reporting

RISK MANAGEMENT STRATEGY

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

RESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT

Capital Market Services UK Limited Pillar 3 Disclosure

Integrated Operational Risk Management Beyond Basel II

INSURANCE. Moody s Analytics Solutions for the Insurance Company

ACCELUS RISK MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS ACCELUS RISK MANAGEMENT SOLUTIONS

Subject ST9 Enterprise Risk Management Syllabus

ICAAP Required Capital Assessment, Quantification & Allocation. Anand Borawake, VP, Risk Management, TD Bank anand.borawake@td.com

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

THE USE OF KEY RISK INDICATORS BY BANKS AS AN OPERATIONAL RISK MANAGEMENT TOOL: A SOUTH AFRICAN PERSPECTIVE

ENTERPRISE RISK MANAGEMENT POLICY

Risk committee performance evaluation

Operational Risk Management Policy

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

Basel II, Pillar 3 Disclosure for Sun Life Financial Trust Inc.

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

P3M3 Portfolio Management Self-Assessment

Risk Management Programme Guidelines

STRESS TESTING GUIDELINE

Risk appetite in the financial services industry A requisite for risk management today

Guidelines on Investment in Shares, Interest-in-Shares and Collective Investment Schemes for Islamic Banks

CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS

Internal Loss Data Collection in a Global Banking Organisation

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Guidelines on Investment in Shares, Interest-in-Shares and Collective Investment Schemes

Implementing an AMA for Operational Risk

Operational Risk Management Excellence Get to Strong Survey

Attribute 1: COMMUNICATION

Commodity Price Risk Management (CPRM) - Trends and Challenges for Corporates

International Diploma in Risk Management Syllabus

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Operational Risk Management Program Version 1.0 October 2013

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.

Pictet Asset Management Ltd

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Enterprise Risk Management

NATIONAL BANK OF ROMANIA

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Risk Management Plan template <TEMPLATE> RISK MANAGEMENT PLAN FOR THE <PROJECT-NAME> PROJECT

Risk Management Framework

Risk management and the transition of projects to business as usual

Leicestershire Partnership Trust. Leadership Development Framework

Enterprise Risk Management A View. Clive Kelly CRO Zurich Insurance plc/zfs Europe (GI)

Prudential Practice Guide

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Understanding Today s Enterprise Risk Management Programs

OPERATIONAL RISK MANAGER CERTIFICATE CANDIDATE GUIDEBOOK. The Industry Standard for Operational Risk Practitioners

Risk appetite How hungry are you?

Basel Committee on Banking Supervision. Working Paper No. 17

Supervisory Policy Manual

Placing a Value on Enterprise Risk Management ADVISORY

Inland Revenue Department: Managing tax debt

How to measure your business resiliency

V1.0 - Eurojuris ISO 9001:2008 Certified

Risk Management Policy

ERM from a Small Insurance Company Perspective

Transcription:

32 nd ANNUAL GIRO CONVENTION The Imperial Hotel, Blackpool Operational risk management frameworks and methodologies Quentin Thom Risk Consulting, Financial Services Advisory qthom@deloitte.co.uk +44 (0) 207 303 8824 www.deloitte.co.uk Agenda Background & Introduction to operational risk Challenges and issues of operational risk Components of an operational risk management framework Operational risk frameworks as a basis for quantitative measurement & assessment Broader benefits of robust operational risk management 1

Background & Introduction to operational risk Definition The risk of loss resulting from inadequate or failed internal processes, people & systems, or from external events This definition includes legal risk but excludes strategic and reputational risk. (The Basel Committee in its International Convergence of Capital Measurement and Capital Standards (ICCMCS) framework definition) How does it fit with the other risk classes? Credit Risk Market Risk Insurance Risk Liquidity & Interest rate risk Challenges and issues of operational risk Management sponsorship, business case & resources Securing & maintaining Board and senior management sponsorship & buyin Building a robust business case for change Availability of appropriately skilled resource Integration with other existing initiatives e.g. process improvement projects Designing operational risk approaches Understanding the range of options available & associated costs / benefits Determining the level of change, business requirements & sophistication of solutions required Absence of standard industry practice & rapidly developing market Avoidance of gaps / overlaps in risk management approaches Challenges and issues of operational risk (cont d) Implementation of risk management approaches Diversity & availability of underlying data Automation of data collation, aggregation, transformation & reporting Embedding new / enhanced practices into wider business environment Consistent implementation of change across the entire organisation Regulation Interpreting regulatory requirements Understanding the impact of regulatory requirements on existing business practices Keeping abreast of changes in the regulatory environment 2

Components of an operational risk management framework Risk definition & language Risk definition provides a high level description of a risk class for an organisation and the scope of risks and activities included within it. Risk categorisation provides a more detailed breakdown of the risk definition and enables an organisation to understand and document the specific significant risks within its risk classes. Risk language details standard risk terms, vocabulary and abbreviations used across an organisation. Risk appetite Risk appetite describes the types & degree of operational risk an organisation is prepared to incur. As a result, risk appetite refers to an organisation s attitude towards risk taking and whether it is willing and able to tolerate either a high or a low level of exposure to operational risk. Components of an operational risk management Risk policy Outline of an organisation s operational risk management strategy and objectives. documents the roles, responsibilities, accountabilities and authorities that support the approach and processes adopted to achieve those objectives. Roles and responsibilities Clearly defined accountabilities and expectations for all relevant parties, including the roles and responsibilities of the Board, management, and employees. Components of an operational risk management Risk & control self assessment Self assessment is the process of identifying and assessing operational risk within an organisation and evaluating the effectiveness of the controls that are in place to manage these risks. Key risk indicators A key risk indicator is a measure of the status of an identified operational risk within an organisation and the current effectiveness of its control. The aim of key risk indicators is to evaluate potential exposure, by monitoring changes in operational risk between formal risk and control assessments. They are designed to provide an early warning mechanism, highlighting potential operational risk issues before they crystallise and result in loss. 3

Components of an operational risk management Internal loss events The tracking of operational risk loss events enables an organisation to: identify operational risk exposure accurately; cost justify new or improved controls and compare the effectiveness of controls; and Identify trends over time. Loss events can be categorised as Actual, Potential and near Misses. Components of an operational risk management External loss events Loss experiences of other institutions. External loss data can provide an indication of the size, frequency and sources of losses experienced by others and thus can provide a wider frame of reference when assessing potential risk exposures Management information Management information is the collection and communication of information to provide a summary of an organisation s exposure to operational risk. Stress and scenario testing Stress testing and scenario analysis, being based on an analysis of the impact of unlikely, but not impossible events, enable an organisation to gain a better understanding of the risks that it faces under extreme conditions. Operational risk frameworks as a basis for quantitative measurement & assessment Internal Loss Data Data Capture At a minimum an organisation must capture gross loss amount, date of event, any recoveries made and a description of the event drivers, or causes. This might necessitate a dedicated operational loss database rather than using the general ledger. Although reconciliations to the GL will help in validating the data set. Data Threshold The exact threshold chosen above which to capture losses will depend on the number and size of losses expected and the application of any quantitative analysis preformed. Boundary Losses Policy around the capture of losses associated with other risk classes should be put in place to avoid double counting such losses. 4

Operational risk frameworks as a basis for quantitative measurement & assessment (cont d) External Loss Data Internal loss data is sparse particularly in regard to low frequency high impact events. In the approach to measuring and assessing such events the industry has turned to external data sets to help augment internal data. Such externally available operational loss data my be sourced from either from vendors who capture events within the public sphere or from consortia where institutions subscribe and share (anonymous) records. Careful consideration the should be given to appropriateness of an external loss event before its inclusion any quantitative measurement and assessment. Operational risk frameworks as a basis for quantitative measurement & assessment (cont d) Internal and external loss experience, are by definition, historic in nature. In some instance, a forward looking operational risk assessment is desirable. For example it can provide a method by which risk management can be more reactive to the changing risk environment allowing preemptive steps to be taken to minimise financial loss. Such an approach could benefit from the use of: Key Risk Indictors (KRIs) - These variables relate to risk factors associated with people, process, systems, controls and environments. KRIs should provide a good indication of the level of underlying risk whilst being readily available, easily calculated and allow translation into a quantitative measure. Self assessment capturing the views of the business in regard to future events they might face. Answers to carefully considered questions can be used to provide an indication of possible future experience which can be related to measures identified in the analysis of historical data sets. Broader benefits of robust operational risk management Regulatory compliance / preparation Reduced economic capital allocation Reduced losses attributable to operational risk events Ability to compete better amongst peer group Better risk management leading to increased underlying P&L via higher profitability Development of operational risk culture 5

Questions? 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information