Operational Risk: A Multi-Layered Problem Presented to the London Chapter of The Professional Risk Managers’ International Association and International.

Operational Risk:

A Multi-Layered ProblemPresented to the

London Chapter of

The Professional Risk Managers’

International Association

and International Swaps and Derivatives Association

London, EnglandMarch 7, 2005

Presented by

David M. Rowe, Ph.D.Executive Vice President for Risk Management

SunGard

Basel Capital Accord – Brief History

0.0%

2.0%

4.0%

6.0%

8.0%

10.0%

12.0%

14.0%

1935 1945 1955 1965 1975 1985 1995

Tota

l E

qu

ity

Cap

ital

to

To

tal A

sset

sU.S. Bank Capital Ratios – 1935 - 1988

Depression thru WWII

Post-War Recovery thru early 1960s

Mid-60s thru Mid-70’s

Mid-70s thru Late-80’s


Basel 1

Proposed: 1986Effective: 1988

CreditRisk

Overview of risk weights

The Basel I Approach

Claim

Sovereigns

Assessment

Corporates

Comm. Banks

OECD Non-OECD

0% 100%

20%

20%

100%

100%

OECD Non-OECD All

50%

Multi-National Development Banks

All

Secured ResidentialMortgages

Required data could largely be from financial reporting systems.


0.0%

2.0%

4.0%

6.0%

8.0%

10.0%

12.0%

14.0%

1935 1945 1955 1965 1975 1985 1995

Tota

l E

qu

ity

Cap

ital

to

To

tal A

sset

sBank Capital Ratios – 1935 - 1988






0.0%

2.0%

4.0%

6.0%

8.0%

10.0%

12.0%

14.0%

1935 1945 1955 1965 1975 1985 1995

Tota

l E

qu

ity

Cap

ital

to

To

tal A

sset

sBank Capital Ratios – 1935 - 1998





Late-80s forward


Basel 1.5


CreditRisk

+

MarketRisk

Basel 1


CreditRisk


April, 1993 – Initial “prescriptive” proposal.

April, 1995 – Proposed allowing use of internal market risk models for calculation of regulatory capital (subject to supervisory review and approval.)

Jan 1, 1998 - Market risk amendment took effect with internal VaR models as a major source of risk estimates.

Basel I

Market Risk Amendment


Basel 1.5


CreditRisk

+

MarketRisk

Basel 1


CreditRisk

Basel 2


CreditRisk

(Enhanced)

+

MarketRisk

(No change)

+

Op Risk(New)

Key sources of required work for affected banks. Op Risk

(New)

Men of Influence

Jack WelchLong-time CEO of GE

W. Edwards Deming1902 - 1993

Operational Processes1.

Control & RiskSelf-Assessment

2.

Key Risk Indicators3.

Loss Data Collection

4.

Analytics5.

The Operational Risk Pyramid



2.



4.

Analytics5.

Operational Processes

Money Transfer,ATMs, Deposit

Processing

Statement Preparation

Trade Processing

Market VaR Calculation

Credit Decisions

P&L Calculation

FrontePI

Collateral Manager Adaptiv Reech



2.



4.

Analytics5.

Control & Risk Self-Assessment

The Deming Perspective

• Special Causes - these are often easily assignable: changes of operator, shift, or procedure, for example. They can often be identified, and sometimes solved by local operators.

• Common Causes - remain after special causes have been eliminated. They are due to the design, or the operation of the process or system. They may be identified by the operators, but only management authority can eliminate them.

Self-Assessment – One Model

Define Process Quality Objectives

(Elective or Mandated)

Define Threats to Achievement

Document Control Portfolio

Evaluate Risk Transfer/Insurance

Estimate Residual Risk of Loss

Acceptable? Optimal?Yes

No

Re-examine objectives and/or control design & risk transfer: develop action plan

Yes Monitor and Review Periodically

No

Based on the CARDdecisions, Inc. Model



2.



4.

Analytics5.

Key Risk Indicators

Commensurable - capable of being

measured by a common standard.

Appropriate - suitable for a particular

condition, occasion or place.

An important challenge of risk management

is balancing the conflicting needs for both

commensurable and appropriate risk

measures.

Commensurable Versus Appropriate Measures

Commensurable Versus Appropriate Measures

The trade-off between commensurable and

appropriate risk measures is quite severe.

0

1

2

3

4

5

6

7

8

9

10

0 1 2 3 4 5 6 7 8 9 10

Commensurability

Ap

pro

pri

aten

ess

Unexpected

Loss



2.



4.

Analytics5.

Key Risk Indicators (Appropriate Metrics)

Staff Turnover

Settlement Failures

¥

?€

Computer Breakdowns

Customer Complaints

Electronic Security Breaches

Internal Limit Violations

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

Process is Under Control

68.2% 27.2% 4.3% 0.3%

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

Any One Point in the Red Zone

68.2% 27.2% 4.3% 0.3%

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

Two Out of Three Points in the Orange Zone

68.2% 27.2% 4.3% 0.3%

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

Four Out of Five Points Beyond the Green Zone

68.2% 27.2% 4.3% 0.3%

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

Eight or More Points on One Side of Zero

68.2% 27.2% 4.3% 0.3%

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

Six or More Points With a Common Trend

68.2% 27.2% 4.3% 0.3%

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

14 or More Points That Oscillate Up and Down

68.2% 27.2% 4.3% 0.3%

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

Eight or More Points Outside the Green Zone

68.2% 27.2% 4.3% 0.3%

-4

-3

-2

-1

0

1

2

3

4

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Time

Per

form

ance

15 or More Points Inside the Green Zone

68.2% 27.2% 4.3% 0.3%

Key Risk Indicators (Appropriate Metrics)

Define relevant Key Risk Indicators www.KRIeX.org (Risk Management Association)

Map these to broad OpRisk causesCompare performance across similar operations

Monitor KRIs over time using Statictical Process Control techniques as an early warning system.



2.



4.

Analytics5.



• Loss data are not the only, or even the most important, source of early warning signals.

• Such data are necessary for evaluating the aggregate potential losses from operational failures.

• They need to be collected using a carefully controlled process to:

– Assure reconciliation to financial statements.– Enrich the loss amounts with control failure

details.

Reports

0

102030

405060

7080

90

1st Qtr 2nd Q tr 3rd Qtr 4th Qtr……..

Controls

……..……..……..

ComplianceManager

Controls

……..……..……..

Op RiskManager

FinancialAccounting

Execution Desk

Asset Manager

Payment Dept.

Credit Dept.

LOSS DATABASE

INCIDENTPart

CONTROLLING Part

Archiving

…

Reports

0

102030

405060

7080

90

1st Qtr 2nd Qtr 3rd Qtr 4th Qtr…

Send e-mail [email protected]

Recordingcompleted X

……..……..……..

Incidents

Actions

GroupManagement

Front Departments Front Management Group Management

1

2

3

4 5 6Reports

0

102030

405060

7080

90


Reports

0

102030

405060

7080

90


Controls

……..……..……..

ComplianceManager

Controls

……..……..……..

ComplianceManager

Controls

……..……..……..

Op RiskManager

Controls

……..……..……..

Op RiskManager

FinancialAccounting

Execution Desk

Asset Manager

Payment Dept.

Credit Dept.

LOSS DATABASE

INCIDENTPart

CONTROLLING Part

Archiving

…

Reports

0

102030

405060

7080

90


LOSS DATABASE

INCIDENTPart

CONTROLLING Part

Archiving

…

Archiving

…

Reports

0

102030

405060

7080

90


Reports

0

102030

405060

7080

90




……..……..……..

Incidents





……..……..……..

Incidents

Actions

GroupManagement

Front Departments Front Management Group Management

1

2

3

4 5 6

Loss Database - Workflow Process

1 Line employee (problem owner) accesses via Intranet

1

2 Loss Events are written to the DB.

2

3 Immediate notice to dept. management; triggers action

3

4 Reconciliation with Accounting (Compliance Officer)

4

5 Op Risk Manager does analysis, categorization and events control5

6 Op Risk Reports are periodically distributed to management

6

Dept. Management



2.


4.

Analytics5.

Analytics




2.



4.

Analytics5.

Analytics

Expected loss

Unexpected loss

Stress loss

Loss Distribution Approach

EXTERNAL LOSSES



2.



4.

Analytics5.

The Operational Risk Pyramid

Principle 10 - Banks should make…… sufficient public disclosure to allow market participants to assess ... (the banks’) operational risk exposure and the quality of … (the banks’) operational risk management ...

Basel Committee - Sound Practices

Principle 3 - Information flows

... reporting flows should enable senior management to monitor the effectiveness of the risk management system for operational risk …

Principle 6 - Banks should implement…

… a system to monitor, on an on-going basis, operational risk exposures and loss events by major business lines …

Level 2 - Control and Risk Self-Assessment

Level 3 - Key Risk Indicators Level 4 - Loss Data Collection

Three Approaches

One Aggregate Indicator(Aggr. Gross Revenue)

Basic Indicator Approach

RCOp 12%

Multiple Indicators(Gross Revenue by Bus. Unit)

Standardised Approach

RCOp < 12%

RCOp << 12% Banks‘ Internal Data and ModelsAdvanced

Measurement Approaches

Operational Risk Capital Requirement

Advanced Measurement Approaches

Internal MeasurementApproach

Scorecard Approach

• All AMA‘s include: • Controlled collection of loss data• Meeting of qualitative regulatory requirements• Regulatory review and approval of the capital model

• Quantitative requirements: multi-year loss data series.

• Qualitative requirements: periodic review of data quality and a disciplined approach to process quality control.

Expected loss

Unexpected loss

Stress loss

Loss Distribution Approach

Comply and minimize the regulatory burden/cost:

– Minimize and justify minimum economic/regulatory capital

– Don’t want to stand out vs. what everybody else is doing

– Avoiding regulatory criticism / regulatory pressure is key

These banks tend to use:

– LDA (single most important number in terms of bank cost)

– Internal LDB (you need to know where you’ve been)

– Scenarios (in order to complement analysis where the LDA stops)

What Motivation Is Driving ORM Development?


Genuine commitment to change the op risk profile of the organization:

– avoid “Wall Street Journal events”

– belief that ORM will lead to substantial performance improvement

– strong internal conviction how things should be done

– Desire and will to make a fundamental cultural change


– C&RSA (beginning of a cultural change)

– Scorecard Appr. (incentives drive desired behaviour)

– KRI / KPI

We are where we are - but what measures can warn of potential future events?


– KRI (as an early warning system)

– Formal statistical process control methods

– Scenario analysis

– Stress-testing

– Attempt to correlate losses with early warning indicators.


ScorecardApproach

LDA ScenarioAnalysis

LDCExt. losses

Control & Risk SA

KRI & Loss Correlation

Influence Behaviour

Assess Future Potential Risk

Comply &

Minimize Cost

Motivation

Data, systems, organizational requirements

Business Continuity / DR

Motivations and Strategies

Fu

nctio

nal L

ayers

Identification

Assessment

ReportsEvolution of ApproachesExecution

Recovery

Senior Mgt. Engagement

ORM Heatmap

Conclusions

• The operational risk capital charge began as a means of preventing lower aggregate capital requirements despite lower credit risk capital.

• Regulators quickly came to see it as a means of forcing improved process control on banks (most of which badly need it.)

• The OpRisk capital charge is likely to look rather like Pillar II with the teeth of Pillar I.

• That is, the actual charge is likely to reflect substantial supervisory discretion based on demonstrable improvements in process controls and disciplined execution.

Operational Risk: A Multi-Layered Problem Presented to the London Chapter of The Professional Risk Managers’ International Association and International.

Documents

credit risk basel

credit risk slide

s slide

risk amendment slide

basel capital

s mid

market risk amendment

operational risk pyramid