Published on July 7, 2013
Project Proposal Modelling and Measurement of Operational Risk in Investment Bank Written By: Kaushik Pramanik (Asst. Vice President, Citigroup, London) ----------------------------------------------------------------------------- Diploma for Graduates in Finance (University of London) Abstract:
Effective and efficient Risk Management process is the key factor to get good result from the market for an Investment Bank. Although market & credit risk measurement and management process is very much clear in the market but there is still cloud around operational risk management process. However, Basel II Accord is significant step-forward to manage operational risk in the bank. The main aim of this research will be to identify unique way to measure or quantify operational risk in an investment bank, which can be acceptable to all the geographic regions.
1. Introduction Barings, National Australia Bank, Enron, Northern Rock and most recently Sub-prime mortgage are all linked with operational failure of investment bank. Operational failure at investment banks is not merely costly, it is also headline grabbing. The price is institutional embarrassment and stock price meltdown at best, total collapse at worst. The losses due to operational failure in investment banking-related activities are becoming more frequent and the price of risk higher. There is evidence to support the claim that the sub prime mortgage crisis in the US may have had its roots in operational risk problems. The deeper you delve into the causes of the US sub prime mortgage crisis - or market "correction" as some prefer to call it - the more convinced you become that operational risk problems were a central factor. Even though credit risk issues play a significant role, the fact that operational risk processes and procedures were relaxed or manipulated certainly contributed to the scale of the problem. BASEL II program is significant step-forward to handle firms' operational risk. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Definition Although the definitions of market risk and credit risk are relatively clear, the definition of operational risk has evolved rapidly over the past few years. At first, it was commonly defined as every type of unquantifiable risk faced by a bank. However, further analysis has refined the definition considerably. As reported by BCBS (September 2001), operational risk can be defined as the risk of monetary losses resulting from inadequate or failed internal processes, people, and systems or from external events. BASEL II program is significant step- forward to handle firms' operational risk. The following lists the official Basel II defined event types with some examples for each category: • Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery • External Fraud - theft of information, hacking damage, third-party theft and forgery • Employment Practices and Workplace Safety - discrimination, workers compensation, employee health and safety • Clients, Products, & Business Practice - market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning • Damage to Physical Assets - natural disasters, terrorism, vandalism • Business Disruption & Systems Failures - utility disruptions, software failures, hardware failures • Execution, Delivery, & Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets This definition includes legal risk, but excludes strategic and reputational risk. However, the Basel Committee recognizes that operational risk is a term that has a variety of meanings and
therefore, for internal purposes, banks are permitted to adopt their own definitions of operational risk, provided the minimum elements in the Committee's definition are included. Losses from external events, such as a natural disaster that damages a firm's physical assets or electrical or telecommunications failures that disrupt business, are relatively easier to define than losses from internal problems, such as employee fraud and product flaws. Because the risks from internal problems will be closely tied to a bank's specific products and business lines, they should be more firm specific than the risks due to external events. 2. Measuring Operational Risk A key component of risk management is measuring the size and scope of the firm's risk exposures. As yet, however, there is no clearly established, single way to measure operational risk on a firm-wide basis. Instead, several approaches have been developed. An example is the "matrix" approach in which losses are categorized according to the type of event and the business line in which the event occurred. In this way, a bank can hope to identify which events have the most impact across the entire firm and which business practices are most susceptible to operational risk. Once potential loss events and actual losses are defined, a bank can hope to analyze and perhaps even model their occurrence. Doing so requires constructing databases for monitoring such losses and creating risk indicators that summarize these data. Examples of such indicators are the number of failed transactions over a period of time and the frequency of staff turnover within a division. Potential losses can be categorized broadly as arising from "high frequency, low impact" (HFLI) events, such as minor accounting errors or bank teller mistakes, and "low frequency, high impact" (LFHI) events, such as terrorist attacks or major fraud. Data on losses arising from HFLI events are generally available from a bank's internal auditing systems. Hence, modeling and budgeting these expected future losses due to operational risk potentially could be done very accurately. However, LFHI events are uncommon and thus limit a single bank from having sufficient data for modeling purposes. For such events, a bank may need to supplement its data with that from other firms. Several private-sector initiatives along these lines already have been formed, such as the Global Operational Loss Database managed by the British Bankers' Association. Although quantitative analysis of operational risk is an important input to bank risk management systems, these risks cannot be reduced to pure statistical analysis. Hence, qualitative assessments, such as scenario analysis, will be an integral part of measuring a bank's operational risks. Bankers who have worked closely with the Basle Committee on Banking Supervision say it is likely to recommend three different options for banking supervisors: basic indicators (that is, a single proxy for the entire bank, such as trading volumes); a business line approach using Committee-imposed capital ratios; or thirdly, internal measurement using a bank’s own loss data within a supervisory specified framework. The implication is that further and more detailed work on the internal measurement approach may result in the development of appropriate models and a fourth regulatory option, based on internal modelling. There is growing industry agreement on a core operational risk definition, the collection and sharing of internal loss data and the importance of qualitative criteria. At present, three approaches are available to measure Operational Risk as per Basel II.
2.1 Basic Approach or Basic Indicator Approach The basic approach or basic indicator approach is a set of operational risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions.Basel II requires all banking institutions to set aside capital for operational risk. Basic indicator approach is much simpler compared to the alternative approaches (i.e. standardized approach (operational risk) and advanced measurement approach) and this has been recommended for banks without significant international operations. Based on the original Basel Accord, banks using the basic indicator approach must hold capital for operational risk equal to the average over the previous three years of a fixed percentage of positive annual gross income. Figures for any year in which annual gross income is negative or zero should be excluded from both the numerator and denominator when calculating the average. 2.2 Advanced Measurement Approach The advanced measurement approach (AMA) is a set of operational risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions. Under this approach the banks are allowed to develop their own empirical model to quantify required capital for operational risk. Banks can use this approach only subject to approval from their local regulators. Also, according to section 664 of original Basel Accord, In order to qualify for use of the AMA a bank must satisfy its supervisor that, at a minimum: • Its board of directors and senior management, as appropriate, are actively involved in the oversight of the operational risk management framework; • It has an operational risk management system that is conceptually sound and is implemented with integrity; and • It has sufficient resources in the use of the approach in the major business lines as well as the control and audit areas. 2.3 Standardized Approach In the context of operational risk, the standardised approach is a set of operational risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions. Basel II requires all banking institutions to set aside capital for operational risk. Standardized approach falls between basic indicator approach and advanced measurement approach in terms of degree of complexity. Based on the original Basel Accord, under the Standardised Approach, banks’ activities are divided into eight business lines: corporate finance, trading & sales, retail banking, commercial banking, payment & settlement, agency services, asset management, and retail brokerage. Within each business line, gross income is a broad indicator that serves as a proxy for the scale of business operations and thus the likely scale of operational risk exposure within each of these business lines. The capital charge for each business line is calculated by
multiplying gross income by a factor (denoted beta) assigned to that business line. Beta serves as a proxy for the industry-wide relationship between the operational risk loss experience for a given business line and the aggregate level of gross income for that business line. The total capital charge is calculated as the three-year average of the simple summation of the regulatory capital charges across each of the business lines in each year. In any given year, negative capital charges (resulting from negative gross income) in any business line may offset positive capital charges in other business lines without limit. In order to qualify for use of the standardised approach, a bank must satisfy its regulator that, at a minimum: • Its board of directors and senior management, as appropriate, are actively involved in the oversight of the operational risk management framework; • It has an operational risk management system that is conceptually sound and is implemented with integrity; and It has sufficient resources in the use of the approach in the major business lines as well as the control and audit areas. 3. The Ten Principles of the Basel Committee The ten principles concentrate on the high-level standards deemed necessary for the management of operational risks. In keeping with the Basel Committee’s goals, the principles are deliberately high-level to allow banks to develop approaches suitable to their organizational needs. The ten principles can be summarized as follows: • The board of directors and senior management are responsible for approving the establishment and review of a framework for managing operational risk and establishing the organization’s operational risk strategy. • Senior management is responsible for implementing the operational risk strategy consistently throughout the entire organization and developing policies, processes, and procedures for all products, activities, processes, and systems. • Information, communication, and escalation flows must be established to maintain and oversee the effectiveness of the framework and management performance. • Operational risks inherent in all current activities, processes, systems, and new products should be identified. • Processes necessary for assessing operational risk should be established. • Systems should be implemented to monitor operational risk exposures and loss events by major business lines. • Policies, processes, and procedures to control or mitigate operational risks should be in place, together with cost/benefit analyses of alternative risk limitation and control strategies.
• Supervisors should require banks to have an effective system in place to identify, measure, monitor, and control operational risks. • Supervisors should conduct (directly or indirectly) regular independent evaluations of these principles and ensure that effective reporting mechanisms are in place. • Sufficient public disclosure should be made to allow market participants to assess an organization’s operational risk exposure and the quality of its operational risk management. 4. Criticism of Basel II There are many criticisms that are made of Basel II. These include that the more sophisticated risk measures unfairly advantage the larger banks that are able to implement them and, from the same perspective, that the developing countries generally also do not have these banks and that Basel II will disadvantage the economically marginalized by restricting their access to credit or by making it more expensive. The first of these is a valid point, but it is difficult to see how this can be overcome. More risk sensitive risk measures were required for the larger, more sophisticated banks and, while the less sophisticated measures are simpler to calculate, due to their lower risk sensitivity they need to be more conservative. The second criticism has elements of truth; the better credit risks will be advantaged as banks move towards true pricing for risk. Experience with these systems in the United States and the United Kingdom, however, shows that the improved risk sensitivity means that banks are more willing to lend to higher risk borrowers, just with higher prices. Borrowers previously 'locked out' of the banking system have a chance to establish a good credit history. Sub Prime Brokerage issue in US is a good example of this criticism. A more serious criticism is that the operation of Basel II will lead to a more pronounced business cycle. This criticism arises because the credit models used for pillar 1 compliance typically use a one year time horizon. This would mean that, during a downturn in the business cycle, banks would need to reduce lending as their models forecast increased losses, increasing the magnitude of the downturn. Essentially this once again gives rise the question, whether PD and LGD (the first one an indicator for the probability of incurring loss, the second an indicator for the severity of loss) are really pairwise independent as the credit risk model, which Basel II is based on, does assume or if, as part of the available research data on long running US debt seems to show, there are significant correlation effects to be observed. Settling this matter will stay on the agenda of researchers in the field for years to come. Regulators should be aware of this risk and can be expected to include it in their assessment of the bank models used.
5. Mitigating Operational Risk In broad terms, risk management is the process of mitigating the risks faced by a bank, either by hedging financial transactions, purchasing insurance, or even avoiding specific transactions. With respect to operational risk, several steps can be taken to mitigate such losses. For example, damages due to natural disaster can be insured against. Losses arising from business disruptions due to electrical or telecommunications failures can be mitigated by establishing redundant backup facilities. Losses due to internal reasons, such as employee fraud or product flaws, are harder to identify and insure against, but they can be mitigated with strong internal auditing procedures. Since operational risk management will depend on many firm-specific factors, many managerial methods also are possible and will probably be put in place over time. However, some general principles, such as good management information systems and contingency planning, are necessary for effective operational risk management. BCBS (December 2001) laid out a framework for managing operational risk at internationally active banks; this framework also could be more broadly applied to other types of financial institutions. The framework consists of two general categories. The first includes general corporate principles for developing and maintaining a bank's operational risk management environment. For example, a bank's governing board of directors should recognize operational risk as a distinct area of concern and establish internal processes for periodically reviewing operational risk strategy. To foster an effective risk management environment, the strategy should be integral to a bank's regular activities and should involve all levels of bank personnel. The second category consists of general procedures for actual operational risk management. For example, banks should implement monitoring systems for operational risk exposures and losses for major business lines. Policies and procedures for controlling or mitigating operational risk should be in place and enforced through regular internal auditing. 6. Capital Budgeting for Operational Risk Banks hold capital to absorb possible losses from their risk exposures, and the process of capital budgeting for these exposures, including operational risk, is a key component of bank risk management. In parallel with industry developments, BCBS proposed in 2001 that an explicit capital charge for operational risk be incorporated into the new Basel Capital Accord. At first this capital charge would apply to internationally active banks. The Committee initially proposed that the operational risk charge constitute 20% of a bank's overall regulatory capital requirement, but after a period of review, the Committee lowered the percentage to 12%. To encourage banks to improve their operational risk management systems, the new Basel Accord also will set criteria for implementing more advanced approaches to operational risk. Such approaches are based on banks' internal calculations of the probabilities of operational risk events occurring and the average losses from those events. The use of these approaches will generally result in a reduction of the operational risk capital requirement, as is currently done for market risk capital requirements and is proposed for credit risk capital requirements. These criteria and the new capital regulations will require bank supervisors to conduct evaluations of operational risk management systems on a regular basis. As noted by BCBS, these supervisory evaluations would be complemented greatly by public disclosure sufficient to allow independent assessments by market participants.
Leading banks like JP Morgan also expressed concern that an operational risk capital charge was premature when the industry had not come to an agreement on how important the issue was, or how to measure it. A rule-of-thumb measurement would not accurately reflect different levels of risk in various banks and could result in overcharging some banks for risk and undercharging others. Similarly, operational risk capital charges could penalise banks competing against non- banking organisations not subject to the charge. The principal message to regulators is that larger banks with good operational risk measurement and management should achieve lower capital charges. Massachusetts-based technology and advisory service, concludes that in two to three years only one-third of financial institutions will have the technology to measure and manage their operational risks. The report examines how financial institutions measure up in a four-stage progression of addressing and implementing an operational risk management strategy. In the first stage, firms concentrate on the identification of key risk indicators and data collection. Stage two involves developing metrics and tracking for the identified risks from stage one. Stages three and four move on to using technology for the measurement and management of those risks within a firm. The report goes on to say that most firms are working in stages one and two of the operational risk management process. “Insurance and risk transfer will become an important and sophisticated component in an operational risk manager’s tool-box over the next few years. There are definitely challenges for insurance providers in offering operational risk cover, but there has been some recent headway in the last year or two. Possibly the most well-known operational risk insurance product is Swiss Re’s Financial Institutions Operational Risk Insurance (Fiori). With Fidelity Investments as the first client for the re-insurance firm’s product, it is designed for the top 400 financial institutions in the world. FIORI would have covered most of the devastating losses that have hit the headlines over the last few years – 68% of them according to the insurer’s own analysis. Lars Schmidt- Ott, head of global banking practice at Swiss Re New Markets, sees insurance as a good alternative to capital charges: “Holding capital on the balance sheet is not good for shareholder value – if you can keep it off the balance sheet at an efficient price, you only pay the downside premium. 7. Conclusion Operational risk is intrinsic to financial institutions and thus should be an important component of their firm-wide risk management systems. However, operational risk is harder to quantify and model than market and credit risks. Over the past few years, improvements in management information systems and computing technology have opened the way for improved operational risk measurement and management. Over the coming few years, financial institutions and their regulators will continue to develop their approaches for operational risk management and capital budgeting. My research on operational risk will include end-to-end study of present operational risk measurement practices done by Investment Banks, detailed analysis of all existing models used by major banks, analysis of Basel II recommendation in detail, measurement of operational risk in each and individual department (perhaps market sector) of the bank, end- to-end process flow of trade processing, operational risk measurement on the basis of cross-
border transaction, off-shoring, impact analysis on operational risk from Information Technology. Methodical approach in-conjunction with quantitative approach will be taken to built unique operational risk measurement model, which will cover all aspects of the Bank’s operational risk.
Les changements sur le marché du distressed aux Etats-Unis et en Europe
Main Sections of the Report 1) Nifty Technical View 2) 4 Large Cap Trade Ide...
This presentation consits the yearly results of Kinepolis Group
Der Terminus Basel II bezeichnet die Gesamtheit der Eigenkapitalvorschriften, die vom Basler Ausschuss für Bankenaufsicht in den letzten Jahren ...
Basel II - Die neue Baseler Eigenkapitalvereinbarung Kreditinstitute spielen in modernen Volkswirtschaften in ihrer Funktion als Finanzintermediäre eine ...
Basel II: Die seit 1988 geltende und seither mehrfach ergänzte Eigenkapitalvereinbarung („Basel I“) wurde zum 1.1.2007 durch die neue ...
Documents and latest news related to the Revised International Capital Framework, also known as Basel II.
Seit 2013 löst Basel III schrittweise die Basel II genannten Vorläuferregeln ab. Grund der Reform waren Schwächen der bisherigen Bankenregulierung, ...
Basel II - Über 3.000 Rechtsbegriffe kostenlos und verständlich erklärt! Das Rechtswörterbuch von JuraForum.de
Was Unternehmer über Basel II wissen müssen. Bild: Bernd Leitner. Von Michael J.M. Lang. Basel II steht für die Neuregelung des Bankaufsichtsrechts.
Publications and updates by the Basel Committee on Banking Supervision (BCBS), including on topics related to the Basel II Framework and its implementation.
Basel II is a second international banking regulatory accord that is based on three main pillars: minimal capital requirements, regulatory supervision and ...
Basel III Der Baseler Ausschuss für Bankenaufsicht hat am 16.12.2010 sein neues Regelwerk, "Basel III" genannt, veröffentlicht und im Laufe der Jahre ...