Operational Risk, Scenario Analysis, and External Events: A Regulatory Perspective



Similar documents
November 2007 Recommendations for Business Continuity Management (BCM)

Risk management systems of responsible entities

Stress testing in a time of models. Peter Sondhelm, Steve Clark & James Orr

August 2013 Recommendations for Business Continuity Management (BCM)

This section outlines the Solvency II requirements for a syndicate s own risk and solvency assessment (ORSA).

Global Statement of Business Continuity

The PNC Financial Services Group, Inc. Business Continuity Program

Guidance Note: Stress Testing Class 2 Credit Unions. November, Ce document est également disponible en français

SFJCCAD2 Promote business continuity management

RISK APPETITE STATEMENT

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Bank Capital Adequacy under Basel III

ICAAP Report Q2 2015

Julian Hodge Bank Limited. Pillar 3 disclosures as at 31 October 2012

Prudential Practice Guide

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK

Technology and Cyber Resilience Benchmarking Report December 2013

Chris Moulder Director, General Insurance Prudential Regulation Authority T chris.moulder@bankofengland.co.uk.

Subject ST9 Enterprise Risk Management Syllabus

Risk Management. Trends for Insurance Companies. Jeffrey Lovern Genworth Financial VP, Enterprise Risk Management Global Mortgage Insurance

Capital Market Services UK Limited Pillar 3 Disclosure

Capital Management Standard Banco Standard de Investimentos S/A

STRESS TESTING GUIDELINE

RISK FACTORS AND RISK MANAGEMENT

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Regulatory and Economic Capital

Risk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015

LIQUIDITY RISK MANAGEMENT GUIDELINE

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

Managing Risk at Bank of America Corporation. Overview

Liquidity Stress Testing

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

Desktop Scenario Self Assessment Exercise Page 1

Capital Requirements Directive Pillar 3 Disclosure. Western Asset Management Company Limited December 2008

S t a n d a r d 4. 4 c. M a n a g e m e n t o f m a r k e t r i s k. Regulations and guidelines

OUTSOURCING INVOLVING SHARED COMPUTING SERVICES (INCLUDING CLOUD) 6 July 2015

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

Board Risk & Compliance Committee Charter

OUTSOURCING REGULATIONS IN THE BANKING AND INSURANCE INDUSTRIES IN ASIA PACIFIC

Toronto, Ontario Tuesday, June 9, 2009 CHECK AGAINST DELIVERY. For additional information contact:

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

ICAAP for Asset Managers: Risk Control Limited

Internal Loss Data A Regulator s Perspective

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Overview TECHIS Manage information security business resilience activities

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

DNB Liquidity Pillar 2 Supervision. Seminar Das neue SREP Konzept der Aufsicht Clemens Bonner (c.bonner@dnb.nl)

The PNC Financial Services Group, Inc. Business Continuity Program

An Overview of Basel II s Pillar 2

Business Continuity Planning. Presentation and. Direction

1) What kind of risk on settlements is covered by 'Herstatt Risk' for which BCBS was formed?

Information Technology

Terms of Reference - Board Risk Committee

Business Continuity Management

Airmic review of the supply chain insurance market Review of recent developments in the supply chain insurance market

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Third party assurance services

Basel Committee on Banking Supervision. Net Stable Funding Ratio disclosure standards

Operational Risk Management Table of Contents

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

Capital adequacy ratios for banks - simplified explanation and

Supervisory Statement SS18/13. Recovery planning. December (Last updated 16 January 2015)

Business Continuity Management

NOVEMBER 2010 (REVISED)

Regulatory Requirements for Disaster Recovery/Business Continuity Programs

ICAAP Required Capital Assessment, Quantification & Allocation. Anand Borawake, VP, Risk Management, TD Bank anand.borawake@td.com

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

Operational risk capital modelling. John Jarratt National Australia Bank

Business Continuity Management

Coping with a major business disruption. Some practical advice

Information Governance Management Framework

Update from the Business Continuity Working Group

CONSULTATION PAPER P October Proposed Regulatory Framework on Mortgage Insurance Business

Prudential Practice Guide

On-Site Examination Policy for Fiscal Examination Policy for Fiscal 2016" briefly reviews on-site examinations carried out in

Cyber Security Incident Response High-level Maturity Assessment Tool

Construction Dispute Resolution Services. Bringing construction industry specialists to the heart of the dispute

Solvency II Own risk and solvency assessment (ORSA)

The Role of Mortgage Insurance under the New Global Regulatory Frameworks

FCA FACTSHEET. How the FCA will supervise firms

Cyber Risk Management

Business Continuity Planning

Operational Risk Management Policy

Risk Committee Charter

The Internal Capital Adequacy Assessment Process (ICAAP) and the Supervisory Review and Evaluation Process (SREP)

ORSA for Insurers A Global Concept

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

Transcription:

Operational Risk, Scenario Analysis, and External Events: A Regulatory Perspective Cambridge Centre for Risk Studies 7-8 December 2011 Peter McCormack Risk Specialists Division, Financial Services Authority This presentation does not constitute FSA guidance and should not be relied on as such. For the authoritative explanation of the FSA position on Operational Risk, Scenario Analysis, and External Events please see the FSA Handbook or contact your relationship manager.

Introduction Section 123 of the Insolvency Act 1986 sets out two criteria for a company to be insolvent: Company cannot pay its bills as they fall due; and The company s liabilities are greater than it s assets It is the same for a bank and regulation tries to address both of these issues: The first in banking terms is known as liquidity risk, reflecting the risk in maturity transformation, and regulation requires banks to hold sufficient liquid assets The second in banking terms is known as capital adequacy and requires the bank to understand the risks in their business and hold adequate capital in respect of those risks. 2

Capital Adequacy from a capital adequacy perspective, the key risks are the Basel risks of: Credit Risk; Market Risk; and Operational Risk The key differentiating factor about operational risk is that it is not a risk that most firms take on to make a profit, but rather a cost of doing business In addition at the foundation of taking market and credit risk is operational risk 3

Interest in Operational Risk Operational risk has been the subject of much interest in the last 20 years and was a key driver of what is known as the Basel 2 Accord (requiring all banks to hold capital against operational risk) Drivers of its interest are the major operational risk failings: - BCCI - Barings - All First - Soc Gen - UBS 4

What is Operational Risk? What is Operational risk it is defined by the Basel Accord as People, Process, Systems, and external events, including legal risk Why is it so fundamental you cannot run a business without people, process, and systems All business are at risk from external events which are largely outside of their control 5

Management of Operational Risk People have always managed operational risk intuitively based on their experience Modern operational risk management allows firms to combine that intuitive management with systematic operational risk management based on a risk framework and a common language Operational risk can generally be managed on an expected loss (EL) basis (absorbed by annual profitability) and on an unexpected loss (UL) basis (large losses that may need to be absorbed by capital) 6

Management of Operational Risk - EL Expected Loss the most common form of this is the use of RCSA supported by a common language risk identification risk assessment probability / impact analysis inherent / residual risk analysis preventative, detective, and mitigative controls design and performance of controls control cluster analysis Risk appetite Key Risk Indicators Management Information 7

Risk Assessment Severe IT Systems failure (residual after identification and assessment of controls) IT Systems failure (inherent no controls) Impact on Achievement of Objectives Minor Low Probability High Note: where the residual risk position comes out depends on the risk, the performance of the existing control infrastructure and cost-benefit analysis 8

Management of Operational Risk - UL Unexpected Loss scenario analysis and stress testing use of workshops bias* availability / anchor / motivation / * Watchorn, E (2007), Applying a Structured Approach to Operational Risk Scenario Analysis in Australia, APRA Working Paper 9

External Events Individual firm scenarios FSA scenario Macro-economic scenario FSA Market Wide exercise 2005 terrorism 2006 pandemic 2009 severe weather 2011 Cyber attack and the Olympics 10

Market Wide Exercise Introduced in 2003 to give key players in the UK financial markets the opportunity to respond collectively to major operational disruption Process has attracted attention across the world and is copied by regulatory authorities by US, Canada, Singapore and Australia referred to as the gold standard of sector exercising by the SEC scenarios are designed and challenged by independent market experts web-site set up by the FSA, HMT and the Bank of England: www.financialsectorcontinuity.gov.uk 11

Market Wide Exercise 2011 testing the ability of participants to respond to a concerted cyber attack on the financial sector; and Examining the impact of transport disruption against the backdrop of the Olympics Approximately 5000 people from 87 organisations across the financial sector Over 100 FSA staff participating and playing roles in the exercise FSA tests its own Incident Management Framework 12

National Risk Register (2010) Cabinet Office 2010 13

Reverse Stress Testing Reverse stress testing requires firms to: Explicitly identify and assess the scenarios that render a business unviable Analyse the likelihood of these scenarios occurring Take mitigating actions now, or put in place triggers for actions in the future Recovery and resolution Recovery plans require firms to identify options to recover financial strength and viability should a firm come under severe stress Resolution planning requires firms to submit detailed information about their business and operational structure via a Resolution Pack 14

Integrated Approach to Stress Testing 15

Conclusions Operational risk continues to be a cause of major losses for firms. Even when the loss appears to be in another risk category the rootcause analysis often indicates that the underlying cause was an operational risk event. Although it generates less of a capital requirement than credit or market, senior management ignore operational risk at their peril. The severity of scenarios produced by firms, on an objective basis, continues to underestimate the risk suggesting that firms have not been very successful at factoring out bias. 16

Questions Dr Peter McCormack Senior Risk Specialist Risk Frameworks & Governance Risk Specialists Division Prudential Business Unit Financial Services Authority peter.mccormack@fsa.gov.uk 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information