Operational Risk

Sa-Dhan

S.Ramesh

Risk categories and their importance for MFI

Risk categories Rating

Credit Loan portfolio risk XXXXX

Interbank risk XX

Market Interest rate risk XXXX

Currency risk

Liquidity Liquidity risk XXXXX

Other risk Performance risk XXXXX

Compliance risk XXXXX

Reputation risk XXXX

Country risk

Operational risk Operational risk XXXXX

Operational risk is every MFI's greatest fear.

Staff

Control Failures

Compliance

Rapid Expansion Legal

Multiple Financing

FraudInformation Technology

Management System Failures

Disbursements / Re payments

Human Error

PremisesBusiness Continuity

Credit Risk

Market Risk

• Circumstances that have been identified and if left unattended may lead to a loss in the future, example : technology

• Happening or occurrences that are indicative of the underlying risk, they might have resulted in an economic loss, but did not, example : large cash balances; no monetary loss yet

• Incidents that resulted in a monetary loss Example: Small frauds

Operational Risk

Internal and external fraud

Failure to comply with laws or meet workplace safety standards

Policy breaches

Failure to meet regulatory requirements

Personnel risks

Damage to physical assets

Business disruptions

Transaction processing failures (execution, errors)

Failure of internal controls and corporate governance

OR can arise from:

But how do you define, analyze and solve a potential problem before it has even arisen?

“ Operational Risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”

People Process Technology Reputation Operating Environment

But how do you define, analyze and solve a potential problem before it has even arisen?

Systems Legal External Events Includes legal risk but excludes strategic risk

OR is more than people and technology risk. It encompasses all the hidden

dangers that do not come under the umbrella of market or credit risk.

People: Positing of Staff in Key Areas

Competency of Staff

Insufficient training,

negligence, integrity, etc.

Work Environment

Employee Motivation

HR initiatives

Frequency and impact of staff turnover/rotation

Operational risk (OR) – People Risk

Transaction risk:

Operational Manual to execute Transaction Frequency of execution of errors in transactions Business volume fluctuation/ concentration Organizational complexity Product complexity, and major changes

Operational Control risk

Frequency of Violation of operational controls ( exceeding limits, powers) Efficiency of information flows Frequency of operational disruption Operational Control: inadequate segregation of duties lack of management supervision inadequate procedures. Risk due to loose security at operational points ( overnight cash)

Operational risk (OR) – Process Risk

Technology: Poor technology and Partial /disconnect computerization

Obsolete applications

lack of full automation for consolidation and /or accounts and Operations

MIS complexity, poor design, development and testing.

Systems failure

Volume of transaction Vis-a- Vis level of system development and capacity

Level of Manual intervention required to process transactions

Validity of IT systems

IT related frauds

Operational risk (OR) – Technology Risk

Reputation risk Customer perception of the Company/MFI

Mostly dependent of Field officer

Individual is recognized than the institution by the customer

Public /Politicians perception of MFIs

Operating Environment Unanticipated changes in external environment

Multiple lending

Macro Economic Factors like loan waiver, low fund flow to MFIs leading to

failure to keep up commitments to customers

Operational risk (OR) –

Operational Risk - 7 OP Risk types

Internal Fraud

External Fraud

Employment Practices

Professional Practices

Loss/Damage to assets

Business disruption & system failures

Transaction processing risk

Change

Complacency

Complexity Sources

Operational Risk

Categories

People Process

Technology

Internal External

Interconnection of Operational Risks

Dependencies

Connectivity of

Operational Risk

Exposure

Likely driversof Operational

Risk associated with each

Operational RiskCategory

Risk types contd…

Internal fraud: intended to defraud, misappropriate property,

employee theft

External fraud: robbery, forgery, Collusion.

Employment practices and workplace safety: workers

compensation claims, organized labor activities likely

Business disruptions and system failures: hw. and sw. failure.

Execution, delivery and process management: data entry errors,

incomplete legal documentation, unapproved access given to client

accounts.

How can we addressing Operational Risk?

Transfer the risk to another party (e.g. through

insurance)

Accept and manage the risk through effective

management monitoring and control

Put appropriate fall-back plans in place to reduce the

impact in case of an operational failure.

Least- Avoid the risk by withdrawing from a business

activity

OR Management

Risk Management systems-adequacy, demarcation of responsibilities, day-to-day supervision

Areas- Cash management, internal control & housekeeping, AML controls

Robust internal control- Effective internal Inspection/Audit KYC & AML measures-emphasis

ORM Practices should be based on policy duly approved at the board level that describes the

processes involved in controlling OR. Clear strategies and oversight by the Board: Board of Directors

should approve and review the MFIs ORM framework.

Internal Control System: ORM framework is subject to effective

internal audit by operationally independent and competent staff.

Strong Operational Risk Culture: ORF should be implemented

throughout the whole organization, all levels of staff should understand

their responsibilities.

Contingency Planning: MFIs should have contingency and business

continuity plans to operate on an ongoing basis and limit losses.

Effective internal reporting: Senior management have responsibility

for developing policies, processes and procedures for managing OR.

Risk Monitoring and Control Practices should be implemented.

Collection of Operational Risk Data (incident reporting framework)

Regular monitoring and feedback mechanism in place for monitoring any deterioration in OR profile.

Collation of incident reporting data to assess frequency and probability of occurrence of OR events.

Monitoring and control of management of large exposures to states/areas/branches. The modalities to be prescribed in the Loan Policy.

Issues in ORM

Qualitative vs Quantitative approach Mapping of existing business lines to the standard

business lines Data collection

Proper identification of key risk indicators Monitoring of databases Gathering loss data Estimating frequency/severity of loss

Quality of data Cost/technology implications Overlap with Credit and Market Risk

Distribution of Operational Losses

Magnitude of loss

Like-lihood

of Loss

Expected Loss-Loss Prov.

Absorbed

Unexpected Loss -Op. Risk

Capital

Catastrophic Loss -Risk financing using

Core Capital

Expected Loss

Expected Loss (EL) - likelihood of failure and likely loss

severity given that a failure occurs

Exposure Indicator (EI) - proxy for the size of a particular

business line’s OR exposure Probability of loss Event (PE) - probability of occurrence of loss event Loss Given that event (LGE) - proportion of transaction or exposure that would be expressed as loss, given the default

EL = EI X PE X LGE

The integrated operational risk management framework

5. Op risk management

Action plans by business and risk management, including business continuity plans and insurance programmes

4. Op risk capital

Risk based Operational economic and regulatory capital is attributed to every business

3. Op risk analysis and monitoring and reporting

Operational risk limit

1. Op risk identificationAssessment of risks

Business activity

Exposure to risk types

Business environment

Control environment

2. Op risk measurement Internal loss experience

Scenario analysis

Stress Scenarios

All businesses

All new products

All new initiatives

Measurement should not be ignored rather focus should be shifted to internal controls.

The internal control measures & measurements given by Pilar II are not close to adequate, regulatory capital would be an incentive for banks to develop own internal measurement techniques.

Accurate measurement of OR cannot be the main focus of regulators given the current constraints in data collection and availability, a thought process has been definitely put in place across the banking industry.

Conclusion

CONCLUSION-ISSUES IN OR MANAGEMENT DEFINE MONITOR MEASURE MITIGATE

Thanks!!!