Internal Loss Data A Regulator s Perspective

Similar documents
Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Supervisory Guidance on Operational Risk Advanced Measurement Approaches for Regulatory Capital

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Sound Practices for the Management of Operational Risk

Basel Committee on Banking Supervision. Results from the 2008 Loss Data Collection Exercise for Operational Risk

Operational risk management frameworks and methodologies

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management

Operational Risk Modeling *

Prudential Practice Guide

Operational risk capital modelling. John Jarratt National Australia Bank

Bank of Queensland Limited

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Measurement of Banks Exposure to Interest Rate Risk and Principles for the Management of Interest Rate Risk respectively.

An operational risk management framework for managing agencies

INTERAGENCY GUIDANCE ON THE ADVANCED MEASUREMENT APPROACHES FOR OPERATIONAL RISK. Date: June 3, 2011

Information Paper A Review of Correction Techniques for Inherent Biases in External Operational Risk Loss Data

RESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT

ICAAP Required Capital Assessment, Quantification & Allocation. Anand Borawake, VP, Risk Management, TD Bank anand.borawake@td.com

Risk Management Framework

Risk Committee Charter

2 COMMENCEMENT DATE 5 3 DEFINITIONS 5 4 MATERIALITY 8. 5 DOCUMENTATION Requirement for a Report Content of a Report 9

Bank of America NA Dublin Branch Market Discipline. Basel II - Disclosures

Policy on the Management of Country Risk by Credit Institutions

Operational Risk Management in Insurance Companies

Final report. Guidelines on the minimum list of qualitative and quantitative recovery plan indicators EBA-GL May 2015

18,343 18,308 3 Accumulated other comprehensive income (and other reserves)

APS 120 Funds Management & Securitisation

ICAAP for Asset Managers: Risk Control Limited

Guidance Note: Stress Testing Class 2 Credit Unions. November, Ce document est également disponible en français

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

Operational Risk Management Program Version 1.0 October 2013

RISK FACTORS AND RISK MANAGEMENT

Prudential Practice Guide

Advances in Loss Data Analytics: What We Have Learned at ORX

Portfolio Management for Banks

The Role of Mortgage Insurance under the New Global Regulatory Frameworks

Building a framework for operational risk management: the FSA s observations

The validation of internal rating systems for capital adequacy purposes

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

Objective and key requirements of this Prudential Standard

OECD PROJECT ON CYBER RISK INSURANCE

1. This Prudential Standard is made under paragraph 230A(1)(a) of the Life Insurance Act 1995 (the Act).

Operational Risk. Operational Risk Policy

Internal Audit Landscape 2014

Supervisory Policy Manual

RISK MANAGEMENT REPORT (for the Financial Year Ended 31 March 2012)

PRINCIPLES FOR THE MANAGEMENT OF CONCENTRATION RISK

Risk Management. Trends for Insurance Companies. Jeffrey Lovern Genworth Financial VP, Enterprise Risk Management Global Mortgage Insurance

Capital Market Services UK Limited Pillar 3 Disclosure

The Internal Capital Adequacy Assessment Process (ICAAP) and the Supervisory Review and Evaluation Process (SREP)

Operational Risk An Enterprise Risk Management Presentation

THE USE OF KEY RISK INDICATORS BY BANKS AS AN OPERATIONAL RISK MANAGEMENT TOOL: A SOUTH AFRICAN PERSPECTIVE

Implementing an AMA for Operational Risk

Regulatory and Economic Capital

Operational Risk Management Policy

Risk Management Programme Guidelines

Internal Loss Data Collection in a Global Banking Organisation

An Internal Model for Operational Risk Computation

ACCELUS RISK MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS ACCELUS RISK MANAGEMENT SOLUTIONS

GE Capital Finance Australia APS 330: Public Disclosure of Prudential Information December 2013 (AUD $ million)

Pillar 3. Disclosure. Succession Advisory Services Ltd

Operational Risk Management Table of Contents

Business Continuity Management

CIIA South West Analytics in Internal Audit - Tackling Fraud

REGULATION 9 ON OPERATIONAL RISK MANAGEMENT. Article 1 Purpose and Scope

Pillar 3. Disclosure. Succession Advisory Services Ltd

Checklist for Credit Risk Management

Guidelines on the implementation, validation and assessment of Advanced Measurement (AMA) and Internal Ratings Based (IRB) Approaches

Operational risk in Basel II and Solvency II

Supervisory Policy Manual

Who should submit the application

Checklist for Operational Risk Management

Internal Ratings-based Approach to Credit Risk: Purchased Receivables

Basel Committee on Banking Supervision. Review of the Principles for the Sound Management of Operational Risk

Business Continuity Management

D. E. Shaw & Co. (London), LLP Pillar 3 Disclosure

Capital Adequacy: Internal Ratings-based Approach to Credit Risk

Risk Management. Credit Risk Management

Close Brothers Group plc

OPERATIONAL RISK MANAGEMENT & MODELLING FROM WYNYARD GROUP & EVMTECH

Practice Note. 23Revised. October 2009 AUDITING COMPLEX FINANCIAL INSTRUMENTS INTERIM GUIDANCE

Operational Risk Management in a Debt Management Office

Basel Committee on Banking Supervision

Loi M Bakani: Effective compliance, risk mitigation and control

EBA discussion paper and call for evidence on SMEs and SME supporting factor (EBA in EBA/DP/2015/02)

STRESS TESTING GUIDELINE

Implementation of Operational Risk Management Framework Issued under BPRD circular # 04 dated May 20, 2014

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

Transcription:

Internal Loss Data A Regulator s Perspective AON Operational Risk Symposium Harvey Crapp Australian Prudential Regulation Authority 17 April 2008 1

Agenda 1. Why Collect ILD 1. Tailored Insurance 2. Risk Management 3. Capital Management 2. Collection Techniques 1. Policies and Procedures 2. How ILD is Collected 3. Challenges 1. Scope 2. Thresholds 3. Validation 4. Allocation to Business lines 4. Key Issues 2

Why Collect ILD? As a result of Basel II, complex banks wishing to implement the Advanced Measurement Approach (AMA) for operational risk capital have embedded the collection of Internal Loss Data (ILD) into their risk management practices. ILD is a valuable resource because it is the closest data representation of an institutions internal loss profile and provides insight into the risk appetite of the bank and the effectiveness of any controls in place. Institutions who calculate operational risk regulatory capital (ORRC) using APRA s Standardised Approach (SA) are not required to collect ILD for the purposes of capital calculation, however many other benefits can be obtained from the collection of internal data, such as: Tailored insurance policies Improved risk management practices Help in the development of capital management 3

Tailored Insurance INSURANCE POLICY BANK Operational risk insurance policies tend to cover a wide range of loss categories that may not be relevant to all institutions (e.g. Bankers Blanket Bond). Using ILD, institutions are in a better position to tailor insurance contracts to meet their individual risk profiles. Collecting ILD enables both complex and simple institutions to demonstrate their key risk areas to insurance providers. By using observed losses to back up their claims, institutions may be able to obtain a more relevant and comprehensive insurance policy tailored to the major risks of the institution. 4

Emerging Risk Mitigation Products As a direct result of the AMA process, new products have entered the market to cater for the increased demand for operational risk mitigation. There are essentially three classes of products available: Modified Insurance Policies Existing insurance policies have been modified to include fewer exclusions, dispute resolution procedures and arbitration timescales to reduce the uncertainty of claim payment. Third Party Wrappers Provides access to another parties capital to provide liquidity in case of a loss, which is repayable on insurance payout. Capital Market Products- Risk mitigation is achieved by replacing traditional insurance policies with bond products (e.g. catastrophe bonds). For a bank to obtain reductions in their regulatory capital requirements, the risk transfer arising from the use of risk mitigation products must be approved by APRA. 5

Risk Management Many institutions still rely heavily on qualitative measures and judgements to monitor and control their operational risk exposure. Over the recent past, the number of large scale unexpected operational risk losses has created some unease about the soundness of traditional operational risk management practices. As such, ILD can help improve the risk management practices of an institution as it allows for the identification, measurement and analysis of historical data, to assist in the identification of emerging trends in an institutions loss profile. Trends, benchmarks and budgets feed into Key Risk Indicators (KRIs) and other Business Environment and Internal Control Factors (BEICFs) to allow for the identification of emerging risks and the proactive management of an institution s risk profile. An embedded risk management culture ensures staff are on the lookout for loss events which helps contribute to the prevention and reduction of potential future losses. 6

Example - Event Type Analysis Impact $10,000,000 $1,000,000 $100,000 $10,000 $1,000 DPA Int BD&SF EP&WS CP&BP ED&PM Ext 100 1,000 10,000 100,000 No. of Losses Int Internal Fraud Ext External Fraud DPA Damage to Physical Assets EP&WS Employment Practices and Workplace Safety BD&SF Business Disruption and System Failure ED&PM Execution Delivery and Process Management CP&BP Clients Products and Business Practices This is an example of a type of loss data analysis that can assist institutions to identify major risks. The size of the bubble represents the total impact of losses from that Business Line. The position of the bubble on the impact axis represents the average impact of each loss. The position of the bubble on the frequency axis represents how many data points have been collected for that business line. 7

Capital Management $ $ $ $ $ Just as AMA accredited banks use ILD in the determination of their operational risk regulatory capital, ILD may be a useful reference in the development of the Internal Capital Adequacy Assessment Process (ICAAP). APS110 Capital Management stipulates that an institution must have adequate systems and procedures to identify, measure, monitor and manage the risks arising from the ADI s activities on a continuous basis to ensure that capital is held at a level consistent with the ADI s risk profile. 1 The collection of operational risk losses may help in the identification of major risks areas and aid in the transparency of the capital management plan. 1 APS110 Section 6a 8

Example - Risky Business Impact $10,000,000 $1,000,000 $100,000 CF T&S AS AM P&S O CB AS Agency Services AM Asset Management CB Commercial Banking CF Corporate Finance RB Retail Banking P&S Payments and Settlement T&S Trading and Sales O -Other This is an example of a type of loss data analysis that can assist institutions identify which areas of their business are prone to losses, and consequently require more capital and focussed risk management. The size of the bubble represents the total impact of losses from that Business Line. The position of the bubble on the impact axis represents the average impact of each loss. The position of the bubble on the frequency axis represents how many data points have been collected for that business line. RB $10,000 100 1,000 10,000 100,000 No. of Losses 9

Collection Techniques When establishing loss collection policies and procedures, the complexity of the data collection system should be commensurate with the demands of the data. Additionally, data collection systems should be flexible enough that they are able to adapt to the changing needs of the institution. For data collection to be effective, comprehensive policies and procedures need to be embedded into the culture of the organisation. These policies become a reference point for staff when recording a loss to ensure consistency, accuracy and completeness. ILD Policies generally provide guidance on all matters concerning the recording of loss events; including the definition of an operational risk loss event, loss amount, and event type allocation guidance etc. 10

How ILD is Collected AMA Institutions have generally collected ILD for both internal purposes and the calculation of regulatory capital. In APS115, APRA has defined what information is required to be recorded for the calculation of regulatory capital. Institutions recording data for internal purposes are able to tailor their data collection to suit their own needs. Institutions generally record the following characteristics for each Operational Risk Loss: Gross Loss amount- The loss amount before any recoveries from insurance. Date of event- Institutions have recorded one or a combination of the date the loss occurred, the discovery date or the accounting date. Descriptive information- Manual enrichment by business units adds valuable qualitative information, such as the cause of the loss and the failed controls. The Classification of the loss- Once the data is collected institutions have had to classify the loss into one (or more) of the Basel BU/Risk type combinations. The Nature of the Loss- Credit Risk and Market Risk related losses should be flagged to ensure correct treatment in capital calculation. 11

Challenges in Collecting ILD The nature and quality of operational risk data collected by institutions directly affects the outcome of any quantification or risk management decisions. During the accreditation process it was evident that AMA applicants were experiencing similar problems in regard to the treatment of losses in their operational risk loss databases. Issues were generally related to the characteristics of the data, i.e how it is collected and used. Institutions developing data capture systems face decisions regarding the scope of data, thresholds used, allocation mechanisms and validation techniques. 12

Scope of Internal Data Institutions developing and implementing their operational risk loss policies and procedures must set clear rules around the scope of the ILD the institution wishes to collect. Given the general scarcity of operational risk data, institutions may choose to collect near miss and rapid recovery data as a useful input into risk management and measurement procedures, particularly input into KRIs and scenario analysis. A precise definition of what constitutes as a near miss and rapid recovery is required to ensure consistency, especially if no actual loss is incurred. 13

Loss Collection Thresholds A loss collection threshold is the level above which all operational risk data must be collected and recorded in the internal loss database. When setting the threshold level, institutions should first consider the purpose of the data and how different thresholds will affect its overall usability. Institutions should be aware of the trade-off between the added benefits of collecting smaller losses and the cost of collecting such information. Generally thresholds should be set using robust empirical methods rather than subjective means. However, given the initial lack of data available to conduct empirical analysis, a well reasoned threshold is acceptable in the short term. 14

Allocation to Business Lines A single operational risk event may result in losses occurring in multiple business lines and event types. Inconsistencies may arise when losses are entered into the system and there is no single business unit/risk type combination to assign to the loss. Institutions must develop specific criteria for allocating losses arising from an operational risk loss event that spans more than one business line 1. To maintain consistency, most AMA institutions have generally allocated the full loss amount to the business line/risk type with the largest exposure. It is important for institutions who do allocate single event losses to multiple business lines to identify such losses in the database for risk measurement and management purposes. 1 APS115 Attachment B Paragraph 25 15

Validation of ILD Validation of ILD encompasses both the review and assessment of data integrity and comprehensiveness. An annual review of the data is essential to ensure reliability of the data and effectiveness of internal controls 1. To maintain consistency, some institutions have made use of a centralised function to input the general data information, then relying on business units to assist with the details (such as control failures etc). Institutions have generally relied upon manual validation techniques such as general ledger reconciliation and audit reviews. Institutions should incorporate automatic data verification into the data input facility, limiting the amount of manual validation required. 1 APS 115 Attachment B Paragraph 14 16

Key Issues Collecting internal operational risk data creates many benefits for institutions including; Tailored insurance policies Improved risk management practices Capital management The sophistication of the data capture system should be commensurate with the use of the data. Sound policies and procedures need to be embedded into the risk management culture of the organisation to ensure consistent and accurate reporting of losses. Key challenges in collecting ILD include; Scope of data thresholds chosen Allocation of losses Validation 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information