Presentation on theme: "Operational and Technology Risks"— Presentation transcript:
1Operational and Technology Risks Presented byR 沈子喬R 陳禹君R 蔡少懷
2I n d e x Part I The Introduction to Operational Risk Part II Operational Risk in BaselⅡPart III Operational Risk Management In Practice
3Introduction to Operational Risk Step 1: An idea of operational riskStep 2: Technology and Financial ServiceStep 3: The Effect of Technology on Revenues and Costs!Step 4: Technology in Payments SystemStep 5: Managing Operational Risk
4Introduction to Operational Risk Part IIntroduction to Operational RiskDifficult to measure, yet crucial！
5An idea of Operational Risk Major risks faced by banks!Source: The New Basel Capital Accord: Basel II, Jan 2001
6An idea of Operational Risk direct and indirectWhat is Operational Risk ?Operational risk and inclusive of technological risk is the risk ofloss resulting from inadequate or failed internal processes、people、and systems or from external events.Definition by BIS,Working Paper on the Regulatory Treatment of Operational Risk, Sep, 2001Some FIs add “Reputational risk and strategic risk as part of abroader definition (e.g., due to a failed merger).
7An idea of Operational Risk What are the source of Operational Risk ?1. Technology (e.g., technological failure and deteriorating systems)2. Employees (e.g., human error and internal fraud)3. Customer relationships (e.g., contractual disputes)4. Capital assets (e.g., destruction by fire or other catastrophes)5. External (e.g., external fraud)
8Introduction to Operational Risk A summary of operational risks faced by FIsEmployee RiskExternal RiskEmployee turnoverKey personnel riskFraud riskErrorRogue tradingMoney launderingConfidentiality breachExternal fraudTaxation riskLegal riskWarCollapse of marketsReputation riskRelationship riskTable 14-8Technology RiskProgramming errorModel riskMark-to-market errorManagement informationIT systems outageTelecommunications failureTechnology provider failureContingency planningCustomer RiskCapital Asset RiskSafetySecurityOperating CostsFire / floodContractual disagreementDissatisfactionDefault
9An idea of Operational Risk The effects of operational failure! How can operational failure affect an FI?Tearful Lessons!!The effects of operational failure!楊瑞仁在國票案中吞占國票１０２.２億元國 票 案資深法務人員(劉偉杰)監守自盜３０億元理 律 案年僅28歲的高級期貨交易員Nick Lesson，以短短2年半的時間，搞倒具有232年歷史的霸菱銀行，最後落得以1英鎊象徵性的價格，被荷蘭國際銀行（ING）所收購。霸 菱 案
10Technology and Financial Service The most important factor affects the profitability and risknessof modern FIs.TechnologyThe application of computers, audio and visual communicationsystems, and other information systems to an FI’s production ofservice.1. Lower costs by combining labor and capital in a more efficient mix.Increased revenues by allowing a wider array of financial services to be produced or innovated and sold to customers.
11Technology and Financial Service How modern technology affect an FI’s profit-producing area ?Wholesale Financial ServicesTechnology improves FIs’ abilities to provide cash managementor working capital services to corporate customers, who start torecognize that:Excess cash balances result in a significant opportunity cost.Corporate need to know cash or working capital position ona real-time basis.
12Technology and Financial Service 企業金融 Wholesale Financial ServicesThe services provided to help corporate customer manage their financial position.Controlled disbursement accounts.Account reconciliation.Wholesale lockbox.Electronic lockboxFunds concentration.Electronic funds transferCheck deposit servicesElectronic initiation of letters of credit.Treasury management software.Electronic data interchangeFacilitating business-to-business e-commerceElectronic billingVerifying identitiesAssisting small business entries into e-commerce.
13Technology and Financial Service 企業金融 Wholesale Financial ServicesIn Taiwan, banks offer such service for corporate customers as follows:一般企業金融產品資本市場金融產品企業電子金融產品資金管理風險管理外匯業務OBU國際金融業務授信業務信託業務台幣資本市場金融產品外幣資本市場金融產品金融電子資料交換系統 (FEDI)企業資金管理系統企業貸款集中支付管理系統整批轉帳系統人事薪資管理系統股利代發管理系統各種轉帳代收業務
14Technology and Financial Service 個人金融 Retail Financial ServicesA typical customer transaction through a branch or phone call costs a customer about $1, while a similar online transaction costs just $0.02 !Researched by Merrill LynchSome of the most important retail payment product innovations include:Paying bills via telephoneSmart-cards (store-value cards)On-line bankingbillingAutomated teller machines (ATMs)Point-of-sale (POS)Home bankingPreauthorized debits/credits.
15Technology and Financial Service By virtue of technologyFIs no more made money only byinterest spread earningsThey are financial service provider now !
16The Effect of Technology on Revenues and Costs! Interest income - Interest expenseOther income- Noninterest expenseProvision for loan lossesEarnings or Profit before taxesProfit Function+-=Technology can improve FI’s profitability through means of:IncreaseInterest IncomeLowerInterest ExpenseIncreaseOther IncomeDecreaseNoninterest ExpenseLink to interbank lending market.b) Originate and sell commercial paper, entering lower-cost funding market.Offering innovative products and better payment systemElectronicprocessingand storagesystemCross Selling(Data Mining)
17The Effect of Technology on Revenues and Costs! Earnings and Other Data for All Insured BanksUpdate Table 14-1Source: Federal Deposit Insurance Corporation website
18The Effect of Technology on Revenues and Costs! Noninterest income ofbanks increase steadily.Underscoring the importanceof operating costs is the factthat non-interest expensesgradually exceeds interestexpense.
19The Effect of Technology on Revenues and Costs! Make or Break?Profitability V.S. Technology!Product revenue sideOperating cost sideThe effect of regulation and regulatory changescan not be ignored!
20The Effect of Technology on Revenues and Costs! Technology on product revenue side1. Cross-marketing both new and existing products to customers.2. Increase the rate of innovation of new financial products.3. Service quality and convenience.
21The Effect of Technology on Revenues and Costs! Technology on Operating cost sideIn general, technology may favorably affect anFI’s cost structure by allowing it to exploit eithereconomies of scale or economies of scope.
22The Effect of Technology on Revenues and Costs! Economies of scaleAs the output of an FI increases, its average costs of production fall.ACi = Average costs of the ith FITCi = Total costs of the ith FISi = Size of the FI measured by assets,deposits, or loans.Cost-lowering effects oftechnology on FIs of all size butwith the greatest benefitaccruing to those of the largestsize.
23The Effect of Technology on Revenues and Costs! Economies of scaleYet FIs may face diseconomies of scale and other shape of AC function!Diseconomies of scale!As the output of an FI increase, its average costs of production increase. (e.g. Excess capacity, integration problems, cost overruns, cost control problems)S* is the most efficient size for an FI to invest.
24The Effect of Technology on Revenues and Costs! Economies of scopeThe FI’s abilities to generate synergistic cost savingsthrough joint use of inputs in producing multiple products.ACA+B [X1, X2] < ACA[X1,0] + ACB[0,X2]Nevertheless, diseconomies of scope may occur instead!
25The Effect of Technology on Revenues and Costs! Testing for Economies of Scale and Economies of ScopeFIs must specify both the inputs to their production process and the cost of those inputsThe Production ApproachC = f (y, w, r)w = Wage costs of laborr = Rental costs of capitaly = Output of servicesThe Intermediation ApproachC = f (y, w, r, k)k = The cost of funds for the FI.The intermediary uses toproduce intermediated service.
26The Effect of Technology on Revenues and Costs! Can earnings always exceed expense?Investment on technology allows an FI to earn potentially higher profits, but not for sure because:NPV (Technology investment project) <０.The initial cash outlay and future costs related to these investments are unable to be offset.Io = Initial capital outlay for developing an innovation or product at time 0Ri = Expected net revenues or cash flows from product sales in future years i, i = 1…..Nd = FI’s discount rate reflecting its risk-adjusted cost of capitalAgency ConflictsA growth-oriented investment may be in consistent withstockholder’s value-maximizing objectives.
27The Effect of Technology on Revenues and Costs! Empirical FindingsOnly a small part of the cost differences among FIs in any size class can be economies of scale or scope.A majority of the studies shows the relatively low payoff from technological innovation.Large FIs tend to be more efficient in revenue generation than smaller FIs and that such efficiencies may well offset scope and scale cost inefficiencies related to size.Real benefits of technological innovation are difficult to measure through traditional studies.
28Technology in Payments System American PracticeThe two dominant wire transfer systems areFed wire operated by Federal ReservePrivately operated Clearing House Interbank Payments System (CHIPS)Table 14-5In 2000The average daily Fedwire funds value$1.5 trillionThe average daily CHIPS value$1.2 trillionThis trend can partly be attributed to thedevelopment of “sweep accounts”.Sweep accountsCustomers can automatically switch funds from high-reserve requirement checking accounts into low-reserve requirement savings accounts
29Technology in Payments System 6 major risks have arisen along with the growth of wiretransfer systems.Daylight Overdraft RiskInternational Technology Transfer RiskCrime and Fraud RiskRegulatory RiskTax AvoidanceCompetition Risk
30Technology in Payments System 1. Daylight Overdraft RiskA possibly greatest potential sources of instability in the financial markets today!Daylight OverdraftWhen a bank’s reserve account at the Fed becomes negative within the banking day.Under Federal Reserve Act, the member bank’s end-of day reserve position cannot be negative.
31Technology in Payments System 1. Daylight Overdraft RiskLarge banks seek to borrow funds in the afternoon to coverfor running daylight overdraft.Under regulation J, the Fed guarantees paymentfinality for every wire transfer message.FedwireAll within-day transfers are provisional, andbecome final only at the end of the day.CHIPSSettlement failure could result in disastrous systemic crisis.
32Technology in Payments System 1. Daylight Overdraft RiskThe efforts to alleviate daylight overdraft risk.CHIPS members contributed to a special escrow fund.2. Implementing Regulation F: Banks, thrifts, and foreign banks must develop internal procedures of benchmarks to limit their settlement to other FIs.
33Technology in Payments System 1. Daylight Overdraft RiskWhat happens in Taiwan…Negative Intervention (負數操作)存款準備金的提存期間為一個月，銀行雖然每日計算當日超額準備的變化，但並不需要每日提足至法定水準，只要至每月3日的最後期限，銀行提存的存款準備積數總額，能補足應提的法定額度即可。因此銀行於月初行性支出高峰時，市場資金水位下降，銀行實提準備低於應提準備的水準，造成負數缺口，於短期利率上揚時，擴大準備部位負數缺口，將資金投入票券等短期投資，待中旬資金寬鬆、短期利率走低之際，再從事正數操作，出脫手中票券，以填補部位缺口。
34Technology in Payments System 2. International Technology Transfer RiskThe prohibition of the use of technological innovations limitsFIs’ profitability.3. Crime and Fraud RiskWire transfers as methods of payment has resulted in newproblems regarding theft, data snooping, and white-collarcrime. (e.g. ATM card fraudulent duplication)
35Technology in Payments System 4. Regulatory RiskThe government regulation imposed in the adoption of somefinancial service limits FIs’ profitability.5. Tax AvoidanceInternal pricing mechanisms minimize firms’ tax burden, yeterode governments’ tax base. (e.g. BVI account)6. Competition RiskTechnology eposes existing FIs to the increased risk oferosion of their franchises as costs of entry fall and thecompetitive landscape changes. (e.g. 裕融企業,會計事務所介入保管業務)
36Technology in Payments System Taiwanese PracticeThe role of FISC(Financial Information Service Co. LTD. )財金資訊公司前身為「金融資訊服務中心」（簡稱金資中心）。民國七十三年十月財政部為促進金融業之資源共享、資訊互通、並提昇整體金融自動化層面，經報奉行政院核定設立金資中心，負責全國金融機構跨行資訊網路之規劃、設計、建置工作。主要業務為金融機構跨行資訊系統的規劃開發及跨行資訊網路的營運。‧ 金融機構跨行資訊系統之營運。‧ 金融機構間跨行業務之帳務清算。‧ 辦理與金融機構間業務相關之各類資訊傳輸、交換。‧ 金融機構間資訊系統災變備援之服務。‧ 金融機構間業務自動化之規劃、諮詢及顧問業務。‧ 其他經財政部指定或核准辦理之有關業務。
37Technology in Payments System Taiwanese PracticeThe business lines:自動化機器共用系統通匯系統信用卡服務系統金融XML業務FEDI服務系統代繳代發系統網際網路作業系統資訊媒體儲存服務行動銀行服務系統資訊查詢系統轉帳卡服務系統I C金融卡服務系統資訊系統災變備援服務What is FEDI ？金融電子資料交換（Financial Electronic Data Interchange，FEDI、金融EDI）係指企業或個人利用電腦作業，以特定的標準格式（採用聯合國UN/EDIFACT所制定的標準訊息），經由專線撥接與銀行直接連線，在安全無虞的環境下進行企業或個人的付款、轉帳等資金調撥作業。
38Technology in Payments System Taiwanese PracticeWho is in charge of its failure !!10 / 20/ 所有銀行的跨行轉帳全面“癱瘓”通訊控制機故障前員工及外包人員三人和偽卡集團勾結，外洩信用卡持卡的人資料，遭這個信用卡偽卡集團盜刷的金額，超過30億元信用卡內碼資料外洩
39Technology in Payments System Technological innovation serves to provide completelydifferent financial services, yet it also exposes FIs’ to therisks of a distinct category.The Operational RiskThe risk that FIs’ can ignore no more!
40Managing Operational Risk The efforts to help FIs manage losses due to operational risk.Loss PreventionTraining, development, and review of employeesPlanning, organization, back-up.(e.g., computer systems.)Loss ControlExternal insurance.(e.g., catastrophe insurance)Loss FinancingLoss InsulationFI capital.Figure 14-6Operational Risk Management EffortRME: Extent of risk management efforts
41Managing Operational Risk Regulatory Efforts to manage operational riskThe issues brought..1. Customer Protectiona. Does FI customers have the right to opt out of any private informationsharing an FI may want to pursue?依據法令規定，金控集團旗下子公司可以交叉分享包括姓名、生日、身份證字號與電話地址的基本客戶資料。子公司如果想相互分享客戶金融交易細節，必須事前向客戶得到書面同意。但若消費者買的是結合銀行、證券、保險等功能的綜合性商品，就不得不向金控集團旗下的各個子公司，透露攸關個人財富與金融交易的資訊。例如，中信金控的「萬股通」，可連結往來券商進行自動跨券商轉帳作業，並提供最高50萬元新台幣的金融卡信用額度，自動結合補差額功能。因此「萬股通」客戶的帳戶資料，將會同時透露給中信金控旗下的銀行與券商。
42Managing Operational Risk Regulatory Efforts to manage operational riskThe issues brought..1. Customer Protectionb. Do Internet transactions and electronic storage ofprivate information expose FI customer to the security risk.電腦處理個人資料保護法 但我國執法不力，以致造成花旗銀行資料外洩的情況，嚴重危害金融交易的安全性。
43Managing Operational Risk Regulatory Efforts to manage operational risk２. Operational Fisk and FI InsolvencyFIs have lost over $ 200 billion due to operational risk since 1980.Researched by Operational Research Inc.Operational risks “are sufficiently important for banks to devoteresources to quantify the level of such risks and to incorporatethem into their assessment of their overall capital adequacy.”Basel Committee on Banking Supervision in 1999 Basel Committee
44I n d e x Part II Operational Risk in BaselⅡ Part I The Introduction to Operational RiskPart II Operational Risk in BaselⅡPart III Operational Risk Management In Practice
45Operational Risk in BaselⅡ Loss Data CollectionStructure of Basel Ⅱ for “OpRisk”Pillar 1 : (MRC) Minimum Required CapitalBasic Indicator Approach (BIA)Standardized Approach (SDA)Advanced Measurement Approach (AMA)Pillar 2 : Supervisory Review ProcessPillar 3 : DisclosureOperational Risk in BaselⅡ
46Loss Data collectionBreaking loss data into “Business Lines” and “Event Types”.Operational Risk in BaselⅡ
47Business line / event types classification BUSI-NESS UNITSLevel 1 Business LinesInternal FraudExternal FraudEmployment Practice&Workplace SafetyClients, Products& Business PracticesDamage to Physical AssetsBusiness Disruption& System FailuresExecution, Delivery & Process Mgt.**Invest-ment BankingCorporateFinance*Trading & SalesBankingRetail BankingCommercialPayment &SettlementAgency Services & CustodyOthersAsset Mgt.**Retail BrokerageCommercial banking(商業金融)商業銀行e.g.貸款保證專案融資Retail banking(消費金融)消費銀行私人銀行卡片服務Agency services & Custody (代理業務)保管代理信託Sales & trading(財務交易與銷售)銷售報價部位持有財務Corprate finance(企業財務規劃)公司理財政府財務商人銀行諮詢服務Retail brokerage(消費經紀)零售經紀Asset management(資產管理)全權委託資金管理非全權委託資金管理Payment & settlement(收付清算)外部客戶服務Joint CombinationIncluding Municipal/Gov’t Finance and merchant banking ** Mgt. = managementResources: Basel Committee on Banking Supervision, “Working Paper on Regulatory Treatment of Operational Risk,” September 2001.www.bis.org
48Business line / event types classification BUSI-NESS UNITSLevel 1 Business LinesInternal FraudExternal FraudEmployment Practice&Workplace SafetyClients, Products& Business PracticesDamage to Physical AssetsBusiness Disruption& System FailuresExecution, Delivery & Process Mgt.**Invest-ment BankingCorporateFinance*Trading & SalesBankingRetail BankingCommercialPayment &SettlementAgency Services & CustodyOthersAsset Mgt.**Retail BrokerageEmployment Practice & Workplace Safety (員工作業、工作場所安全)因違反雇用、健康或安全規定及協議、支付個人損害求償或差異性/歧視事件所導致的損失。e.g. 薪資/福利/所有歧視行為Business Disruption & System Failures (營運中斷與電腦當機)因營運中斷與電腦當機所導致之損失。e.g. 硬體/軟體/通訊/水電Business Disruption & System Failures (執行運送及作業流程之管理)與交易對手或賣方交易之處理不當或過程管理疏失所導致之損失。e.g. 錯帳/不精確的外部報告/與同業交易處理不當/未經授權接觸資料Damage to Physical Assets (人員或資產損失)因天然災害或其他事件所導致之實質資產減損。Internal fraud(內部詐欺)至少有一名公司內部人員參與，意圖詐取、侵占公司財產、規避法令或公司內部規範所導致的損失。e.g. 匿報交易/挪用公款/盜取盜用資產External fraud(外部詐欺)外部人員意圖詐取、侵占公司財產、規避法令或公司內部規範所導致的損失。e.g. 偽造/駭客攻擊Clients, Products & Business Practices (客戶、產品、營運慣例)非故意或疏忽而對特定客戶未盡專業義務、或因產品特性及設計所導致之損失。e.g. 強制性行銷/產品瑕疵/未依規對客戶徵信Joint CombinationIncluding Municipal/Gov’t Finance and merchant banking ** Mgt. = managementResources: Basel Committee on Banking Supervision, “Working Paper on Regulatory Treatment of Operational Risk,” September 2001.www.bis.org
49Structure of Basel Ⅱ for “OpRisk” Pillar 1. (MRC)Minimum Required CapitalPillar 2. SupervisoryPillar 3. DisclosureThe 2001 New Basel Accord (including Operational Risk)Definition of Operational RiskData Collection & CategoryBasic Indicator Approach (BIA)Advanced MeasurementApproach (AMA)Standardized Approach(SDA)Capital charge for operational risk:-12% of MRC-17-20% of Gross incomeOperational Risk in BaselⅡ
50Structure of Basel Ⅱ for“OpRisk” 2001 Basel Ⅱ, and Implement at 2006Operational Risk in BaselⅡ
51Pillar 1. Basic Indicator Approach (BIA) Where：KBIA = the capital charge for OpRisk under the BIAEI = the level of an exposure “indicator” forthe whole institution, provisionally gross incomeα = a fixed percentage, set by the BIS,relating the industry-wide level of required capitalto the industry-wide level of the gross income.Operational Risk in BaselⅡ
52Little Discussion about “Indicator” The indicator serves as a proxy for the scale of business operations and thus the likely scale of operational risk exposure within each of these business lines.Indicator--Gross IncomeNet interest incomeNet non-interest incomeFees & CommissionNet P&L from financial operationOther incomeOperational Risk in BaselⅡ
53Little Discussion about “α” α is estimated based on industry (Banking) data.j :BankWhereMRCj : Minimum Regulatory Capital for bank jEIj : Exposure indicator(gross income) for bank jCapital charge for operational risk:-12%of MRC-17-20% of Gross incomeOperational Risk in BaselⅡ
54Pillar 1. Standardized Approach (SDA) Where：KTSA = the capital charge under the SDAEIi = the level of an exposure “indicator” for eachof the 8 business linesβi = a fixed percentage, set by the Committee,Operational Risk in BaselⅡ
55Pillar 1. Standardized Approach (SDA) Resources: Basel Committee on Banking Supervision, “Working Paper on Regulatory Treatment of Operational Risk,”September 2001.www.bis.orgOperational Risk in BaselⅡ
56Little Discussion about “β” β is estimated based on industry (Banking) data.j :Bank i : Business linesβThe beta for bank for business lineMRCThe Minimum Required Capital for bankBusiness line weightingThe weight of each business linei’s sizeover total business lines’ size.Capital charge for operational risk:-12%of MRC-17-20% of Gross incomeOperational Risk in BaselⅡ
57An estimation result of β Operational Risk in BaselⅡAnalysis of QIS* data: the Standardized Approach(Based on 12% of Minimum Regulatory Capital)*QIS: Quantitative Impact StudyResources: Basel Committee on Banking Supervision, “Working Paper on Regulatory Treatment of Operational Risk,”September 2001.www.bis.org
58Pillar 1. Advanced Measurement Approach (AMA) An internal operational risk system.Not a standard approach yet.Three broadly discussed approachesInternal Measurement Approach (IMA)Loss Distribution Approach (LDA)Scorecard Approach (SA)Operational Risk in BaselⅡ
59Qualifying criteria and the relationship between approaches Before adapting a new approach, you must fulfill some criteria.StandardizedApproach(SDA)AdvancedMeasurementApproaches(AMA)Basic Indicator(BIA)SimpleComplexWhy do banks want to upgrade to “AMA” approach?Operational Risk in BaselⅡ
60Ans: Incentive- from 12% to 8% 75% of the level of BIA and SDAIMA 75% x 12% =8%Capital charge for operational risk:-12%of MRCOperational Risk in BaselⅡ
61Internal Measurement Approach (IMA) Banks estimate operational risk capital based on measures of expected operational risk losses.IMA assumes a fixed and stable relationship between expected losses (the mean of the loss distribution) and unexpected losses (the tail of the loss distribution).Operational Risk in BaselⅡ, AMA
62Internal Measurement Approach (IMA) Industry-Wide OpRisk Loss DistributionE(L)ExpectedlossU(L)UnexpectedLossesProbabilityof lossγSection1Section2Section3γ: a factor which translatesthe expected loss (EL) into a capital charge.Operational Risk in BaselⅡ, AMA
63How to measure EL(expected loss)? 1. Joint Combination : business line / loss type combination2. PE: The probability that an loss event occurs over some future horizon3. LGE: The loss given that an event4. EI: a proxy for the size (or amount of risk) of each business line’s operational risk exposure.5. i : bank i6. K : capital charge for OpRisk in each joint combinationQuestion : Is “γ” applicable for each bank ?Operational Risk in BaselⅡ, AMA
64Risk Profile Index (RPI) -RPI captures the difference in the risk profile of an individual bank.Industry Dustribution-- RPI = 1.0Case 1: fatter tale-- RPI > 1.0Case 1: less fat tale
65Loss Distribution Approach (LDA) Under LDA, banks estimate, for each business line/loss type combination, the likely distribution of operational risk losses over future horizon (for instance, one year).The capital charge is based on the simple sum of the VaR for each business line (and loss type).Operational Risk in BaselⅡ, AMA
66Scorecard Approach (SA) An initial level of operational risk capital at the firm or business line levelModify these amounts over time on the basis of scorecards that attempt to capture the underlying risk profile and risk control environment of the various business lines.SA can reflect improvements in the risk control environment that will reduce both the frequency and severity of future operational risk losses.Operational Risk in BaselⅡ, AMA
67The “floor”The committee will limit the reduction in capital held when a bank moves from SDA approach to IMA approach by setting a floor, below which the required capital cannot fall.
68Pillar 2 : Supervisory Review Process Pillar 2 applies to all risks that a bank is facing.Four principles :Principal 1 : A bank should build systems to identify, measure, monitor and control its risks and maintain capital accordingly.Principles 2-4 : supervisors should assess the internal capital adequacy assessments and strategies in place and require remedial actions where these are inadequate.Operational Risk in BaselⅡ
69Pillar 3. Disclosure Opposition to publication of operational data. Resources: Basel Committee on Banking Supervision, “Working Paper on Regulatory Treatment of Operational Risk,”September 2001.www.bis.orgOpposition to publication of operational data.Operational Risk in BaselⅡ
70I n d e x Part III Operational Risk Management In Practice Part I The Introduction to Operational RiskPart II Operational Risk in BaselⅡPart III Operational Risk Management In Practice
71THE 10 PRINCIPLEBIS published “Sound Practices for the Management and Supervision of Operational Risk” on February 2003The documentOutlines a set of principles that provide a framework for the effective management and supervision of operational risk.For use by banks and supervisory authorities when evaluating operational risk management policies and practices.
72THE 10 PRINCIPLE Developing An Risk Management Environment Principle 1: Operational risks is a distinct risk category that should be managed.Principle 2: The bank’s operational risk management framework is subject to effective and comprehensive internal audit.Principle 3:The framework should be consistently implemented throughout the whole banking organization
73THE 10 PRINCIPLE Risk Management Principle 4: Banks should identify and assess the operational risk inherent in all material products, activities, processes and systems.Principle 5: Banks should implement a process to regularly monitor operational risk profiles and material exposures to losses.Principle 6: Banks should have policies, processes and procedures to control and/or mitigate material operational risks.Principle 7: Banks should have in place contingency and business continuity plans.
74THE 10 PRINCIPLE Role of Supervisors Principle 8: Banking supervisors should require that all banks have an effective risk management framework.Principle 9:Supervisors should conduct regular evaluation of a bank’s operational risk management.
75THE 10 PRINCIPLE Role of Disclosure Principle 10: Banks should make sufficient public disclosure to allow market participants to assess their approach to operational risk management.
76Rethink Operational Risk Currently the industry seem to be working byanalogy to market risk and credit risk,but…Market & credit risks:Are accepted knowingly as part of the business decision.Have a quantifiable size - Money lent,currency size, etc.Have a reasonable amount of homogeneityHave solid, long term historical dataExhibit statistical properties that appear to be somewhat stable across timeDoes operational risk exhibit any of these qualities?Source:Credit Suisse Group Report
77Rethink Operational Risk Operational Risks exhibit numerous difficultproperties:Risks implicitly accepted as part of being in businessRisks rarely chosen explicitlyRisks are diverse by natureIt’s an all other categoryIs there a link between customer lawsuits, rogue traders and operations fails?Risks are highly context dependent & change rapidlyAre your business, people or processing systems similar to 10 years ago?Are the threats to those systems similar to 10 years ago?How do you know when risks change (other than by judgment)Is your estimate for Op Risk the same as pre 9/11?Source:Credit Suisse Group Report
78Rethink Operational Risk Data Problem:Source:Credit Suisse Group Report
79Rethink Operational Risk Control accidents can be separated into two types:Individual, high frequency events can be better understood and controlled through more quantitative techniquesRelatively high frequency; can develop fairly robust statisticsQuantification and measurement can provide some valuable management toolsOrganizational accidents are difficult events to understand and controlOccur infrequently & are hard to predict or foreseeNormally variety of contributing factors combine to cause the lossEach has its own individual pattern of cause and effectSource:Credit Suisse Group Report
80Rethink Operational Risk Operational Risk is a different animal andhas to be treated differentlyQuantification StrategyPrevention StrategyRisk Mitigation Strategy
81Quantification Strategy Role for OpRisk Quantification• Enables measurement of capital based on historicalexperience of firm• Improves bank decision making• Provides a mechanism for better understanding “tail events,” those that may be outside a bank’s historical experience.• Provides method for measuring the effect of risk mitigation tools.
82Quantification Strategy Example:From Risk Information to Risk CapitalSource:Allianz Report
83Quantification Strategy What (Loss describing) Data to collect?Data PoolKnowledge SystemSource:Allianz Report
90Risk Mitigation Strategy Purpose of Risk MitigationReducing loss when accidents happenTools for Risk MitigationSecuritizaionInsuranceBusiness Continuity Plan
91Risk Mitigation Strategy Risk Securitizaion:exampleIn 1998 Toyota* entered into a relationship with Gramercy Place Insurance Ltd as the special purpose vehicle for this transaction.Securitized a portion of Toyota’s auto lease residual risk for 1999,2000, and 2001 to protect against high losses on vehicles returned to Toyota at the end of full-term leases.A deductible totaling up to the first 9% of residual value will be paid by Toyota on resulting losses. Losses that exceed the deductible are split 90% / 10% between investors and Toyota,respectively.Notes issued in classes rated Aa2 / AA and Ba2/BBSource:Goldman Sachs Report
92Risk Mitigation Strategy Comparison with Operational RiskSource:Goldman Sachs Report
93Risk Mitigation Strategy Insurance seems to be the feasible toolat this momentQuantification techniques can provide firms with the framework to determine appropriate insurance coverage.Related insurances include:Directors & Officers LiabilityProfessional LiabilityAssets InsuranceEtc…
94Risk Mitigation Strategy Insurance and Basel IIReduced overall level of the operational risk capital charge partly to recognize the risk-mitigating effects of insurance.If explicit recognition of “robust and comprehensive insurance” is permitted, it should be limited to AMA.There should be a limit on the overall impact of insurance risk mitigation on the final capital amount.Source :September 2001, Basel Committee on Banking Supervision, “Working Paper on the Regulatory Treatment of Operational Risk”
95Risk Mitigation Strategy Insurance for Operational Risk: ExampleA number of shareholder class action suits are brought against a large commercial bank.Complaints assert that the bank engaged in numerous unlawful practices in order to increase profits, that the bank’s earnings had been overstated and were not prepared in accordance with GAAP, and that the bank failed to disclose a number of material events.INSURANCE:Combined D&O, BPL, Pension Trust Liability, and Bond and Computer Crime policies.SOLUTION:Combined suits were settled for $45 MM (excluding defense costs). The bank contributed the first $10 MM (policy deductible). Insurance paid the remaining $39MM.Source:Marsh & McLennan Companies Report
96Risk Mitigation Strategy Business Continuity PlansWhat is “BC Plan”?Advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change.The importance of BC Plan:According to Gartner Group survey, of the businesses that suffer a disaster and do not have a BC plan in place, 40% will fail within 18 months.
97Risk Mitigation Strategy The Six Steps To Effective BC Planningperform a Business Impact Analysis (BIA)regular practice runs should be carried outat what point should the plan be invoked?strict guidelines to follow after the invocationLocation, location, locationPeople elementSource :SunGard Availability Services Report
107Risk Mitigation Strategy What is a lease residual?Residual is the dollar amount that the bank guarantees your new car will be worth at the end of the lease as long as you stay within the terms of the lease. At the end of the lease this is also the amount you would pay for the car if you wanted to purchase it, plus tax, license, doc & any other applicable fees. The residual is set by the bank and is a percentage of MSRP regardless of what the actual purchase price is. Residual is not negotiable as the bank is guaranteeing the value and therefore they set it. If at the end of the lease, you have stayed within the terms of the lease, if the car is worth more than the residual, you might want to buy it, sell it or trade it in. If however at lease end the value is less than the residual, you can give it back to the bank and not be responsible for anything (As long as you have stayed within the terms of the lease).