Operational Risk Operational risk can be defined as a risk arising from direct or indirect loss to the bank. The causes of loss can be associated with inadequate or failed internal process, people and systems. Besides internally occurring events, the people, process and systems failure could also occur due to external events. Operational risk necessarily excludes business risk and strategic risk. The components of operational risk includes transaction processing risk, information security risk, legal risk, compliance risk and risk occurring due to the functioning of human resources of the bank. People risk arises from lack of trained key personnel, tampering of records, unauthorized access to dealing rooms and nexus between front and back end offices. Process risk arises on account of faulty reporting of important market developments to the bank management may also occur due to errors in entry of data for subsequent bank computations. Nonmonitoring of exposure positions also result in process risks for the bank. Besides, banks may also supply needed funds in currencies that may lead to a loss for the bank due to the currency rate fluctuations. When the bank creates new products without proper consideration of its long term implications the bank may also encounter process risk. Systems risk involves losses due to systems failure, lack of security for the information requirements of the bank, inadequate investments made in terms of technology requirements, snags in implementation of systems, inadequate systems capacity or failure in systems developments. Risk on account of external factors arises due to legal and regulatory changes, outsourcing risk, supplier risk, political risk and Government policy risk. Banks are expected to function in a specific infrastructure setup created in the economy such as fund transfer mechanisms. The failure of such infrastructure leads to risk to the bank through external factors. Operational losses are large losses arising from operations which may be in the form of payments made to third parties on law suits, tax penalties, compliance with regulations and damage to assets. Compensation paid to customers, theft, frauds including rogue trading and late settlement or settlement to the wrong counterparty are the major types of operational loss that are incurred by the banks. Operational Risk Policy Banks should lay down clear operational risk management policies. It includes planning, identification, classification and reporting procedures. Policy of the banks lays down the business units that the bank is likely to engage in. The business lines that are to be promoted within the units and the activity groups that are planned to execute the business objectives of the units are specified in the policy statements. Illustrations of business units by different types of banks are given below.
Investment Banking Unit Commercial Banking Unit
Other Business Units Simultaneously banks should also specify their audit policy for operational risk management. This includes establishing benchmarks, recognition of high loss events, identification of measuress of risk mitigation, compliance procedures for audit and review process of internal audit systems. Technology policy of the banks should spell out procedures for procurement of systems, development of software, analysis of operational risk, data base management system to be maintained, estimates of technology investment and compilation of technology profiles for the bank. The policies framed should be specific to different authority levels in a bank. Hence there should be a functional policy at the top management level and circle level and branch level policies. Measurement of Operational Risk There are four approaches for measuring operational loss. They are the basic indicator approach that focuses on a single indicator such as income. The standard set under the basic indicator approach as per Basel norms is 30% of gross income. The standardized approach classifies business activities into several business lines and computes operational risk with reference to each. Advanced management approach is a comprehensive system of measurement covering both qualitative and quantitative factors affecting operational risk. Loss distribution approach develops a suitable distribution of historical loss events and corresponding expected losses and finally arrives at operational value at risk. On a regular basis banks need to review its daily business operations with reference to each customer and identify risk mitigation measures and execute them. Operational risk assessment involves self assessment, identification of duration of risk, efforts in assessment, cost due to assessment and analysis of risk.
Operational risk management practices controls risk, optimization of investment, identification of best practices and lays down benchmarking. The minimum capital requirement as per Basel committee norms are given below. The different types of capital requirements to manage operational risk of banks are given below.
Management of Operational Risk Basel committee has framed guidelines for managing credit risk, market risk and operational risk of banks. The committee has updated the guidelines pertaining to these risks frequently. The regulatory compliance aims at curbing money laundering practices, undesirable banking practices, regulation of product quality and cross boarder business of banks. Operational risk management aims at improving return on capital for the banks, managing volatility of returns and value optimization. While regulatory authorities come out with prudential norms and good governance practices to curb operational risk, the market response is in terms of developing innovative products such as equity futures, foreign currency futures, currency swaps and options. As part of controlling operational risk, bank management introduces a series of initiatives to control internal fraud. These include proper authorization of activities, reporting of transactions, measurement of operational risk positions, asset valuation and regulatory compliance. Customer level initiatives include generation of reliable credit reports, monitoring worthless deposits, measures to check extortion, embezzlement and asset misappropriation. As far as cross boarder business is concerned bank initiatives includes verification of accounts transfer, penalties for non compliance and willful evasion, identification of irregular movement of funds. Information security, detection of forgery and prevention of hacking are other fraud management measures that are to be taken up by banks. To prevent employees committing fraud, banks should initiate steps to provide adequate compensation and other employee benefits and formulate best promotion and termination policies, promote good employee relations, health and safety rules and seek legal support for employee related problem management. With regard to customers, banks should enforce disclosure requirements and ensure privacy and confidentially of information and avid aggressive selling. The banks have to scrutinize their exposure limits and come out with best banking products. To support its best practices, banks need to have an error free efficient systems management. Proper implementation of operational risk management practices should encompass customer permissions, proper documentation, faultless procedures and introduction of disclaimer clauses wherever necessary. Questions 1. What is operational risk? 2. What are the components of operational risk? 3. What are the factors to be considered while framing an operational risk policy for a bank? 4. What are the approaches for operational risk measurement? 5. What internal control systems should be initiated for operational risk management? 6. Explain how operational losses are computed. 7. Explain the Basel norms for operational risk measurement. 8. What are the measures to be taken by the bank to reduce operational risk?
9. How would you arrive at capital requirement of banks for the purpose of operational risk coverage? 10. What are the steps to be initiated by banks for fraud detection?