Operational
Risk
Adopt principles for sound management of operational risk
Overview
As per Basel Operational Risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Some of the types of operational risk are internal and external fraud, damage to physical assets, business disruption and system failures, execution and process management etc.
Operational Risk is a coin with two sides as Operational Risk Measurement and Operational Risk Management. Operational Risk Measurement is basically concerned with the capital calculation based upon the various methods as per Basel. Effectively managing operational risk is somewhat a qualitative task which comes under operational risk management. The blend of this quantitative and qualitative approaches is what constitutes as successful Operational Risk program.
Offerings
Risk Appetite - Operational Risk program starts with identifying the risk appetite and tolerance in operational risk of the firm, creating policies about how to identify, measure, monitor and control operational risk. Policies regarding operational risk and risk appetite statement are not an easy task and can be very challenging. The policies should be aligned with Basel and local regulatory requirements and should be made in keeping current and future requirements in mind.
Organization - The next step comprises of setting up an operational risk organization which identifies the risk entities within the bank, the roles and responsibilities of different entities such as risk coordinator, Operational risk manager etc. Also, the reporting standards with respect to operational should be diligently checked so that they may be aligned with local regulator or Basel requirement. Frequency, timeliness and roles of the reports should be discussed among the experts and with all the stakeholders.
Operational Risk Policies – We help our clients by developing operational risk policies and procedures such as RCSA Policy, KRI Policy, Loss Data Management Policy & overarching Operational Risk Policy
One of the major step in the operational risk program is Risk Control & Self-Assessment (RCSA), wherein the business units within the organization identify and evaluate the risks incurred, their specific level of control over these risk and action points for improvement. The starting point for self-assessment is a comprehensive set of risk definitions, usually a set of major categories and detailed subcategories. The next step, identification and assessment of the risks, typically takes the form of a risk heat map that shows risks by business area and their relative frequency and severity.
After RCSA Key Risk Indicator (KRI) framework is established, wherein key operational risks are identified in the identified risk entities of the organization. There are different types of KRI, such as:
- KRIs to be identified with the operational risk management group
- KRIs which are process specific indicators
Threshold levels for the identified KRIs are established in conjunction with the monitoring, reporting and escalation processes.
To measure operational risk Loss data is required. Loss data being scarce in operational risk, firms generally pool their data so that it can be used by all of them for measurement purposes. Specifying what constitutes the loss and defining various components required for capturing loss data such as risk category level, cash recovery, loss type, business line etc. is one of the most important step while compiling loss data. This can be done by creating a loss data template which captures the details of all loss events in an organization including near misses.
We support our clients to establish ‘Operational Risk Data Mart’ to collect the loss data in systematic way. We have developed our own set of meta data that need to be captured for modelling operational risk capital in line with Advanced Measurement Approach’ as stipulated by Basel.
The Basel II framework requires banks to hold capital charge for operational risk under Pillar I. It prescribes three methods for calculating operational risk capital charges in a continuum of increasing sophistication and risk sensitivity. Banks are encouraged to move along the spectrum of available approaches as they develop more sophisticated operational risk measurement systems and practices.
The Advanced Measurement Approach (AMA) is the most sophisticated approach. This approach does not use Gross Income, but loss data to model the losses. The Loss Distribution Approach (LDA) is one of the most accepted methods currently available within the AMA. Under the LDA approach, we help our clients to assess the frequency and severity distributions of operational risk losses of operational risk event class are estimated. These distributions are used to model the aggregated loss distribution by using Monte Carlo simulation.
Key benefits of adoption of AMA is
- Expected to reduce capital charge for operational risk as compared to Basic Indicator or Standardized Approach.
- It will enable the bank to measure and manage the operational risk in more advanced manner.
- Computation of capital under AMA would indicate a more realistic operational risk profile of the bank, which would help it in improving capital budgeting and internal capital management exercise.
To calculate the operational risk, Operational risk VaR methodology, in line with Advanced Measurement Approach (AMA) of Basel II is developed. Some of the methodologies that can be used are:
- Loss Distribution approach
- Scenario Analysis Approach
- Hybrid Approach