Operational Risk Sa-Dhan S.Ramesh. Risk categories and their importance for MFI Risk categories...
-
Upload
chad-mccormick -
Category
Documents
-
view
215 -
download
0
Transcript of Operational Risk Sa-Dhan S.Ramesh. Risk categories and their importance for MFI Risk categories...
Operational Risk
Sa-Dhan
S.Ramesh
Risk categories and their importance for MFI
Risk categories Rating
Credit Loan portfolio risk XXXXX
Interbank risk XX
Market Interest rate risk XXXX
Currency risk
Liquidity Liquidity risk XXXXX
Other risk Performance risk XXXXX
Compliance risk XXXXX
Reputation risk XXXX
Country risk
Operational risk Operational risk XXXXX
Operational risk is every MFI's greatest fear.
Staff
Control Failures
Compliance
Rapid Expansion Legal
Multiple Financing
FraudInformation Technology
Management System Failures
Disbursements / Re payments
Human Error
PremisesBusiness Continuity
Credit Risk
Market Risk
• Circumstances that have been identified and if left unattended may lead to a loss in the future, example : technology
• Happening or occurrences that are indicative of the underlying risk, they might have resulted in an economic loss, but did not, example : large cash balances; no monetary loss yet
• Incidents that resulted in a monetary loss Example: Small frauds
Operational Risk
Internal and external fraud
Failure to comply with laws or meet workplace safety standards
Policy breaches
Failure to meet regulatory requirements
Personnel risks
Damage to physical assets
Business disruptions
Transaction processing failures (execution, errors)
Failure of internal controls and corporate governance
OR can arise from:
But how do you define, analyze and solve a potential problem before it has even arisen?
“ Operational Risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”
People Process Technology Reputation Operating Environment
But how do you define, analyze and solve a potential problem before it has even arisen?
Systems Legal External Events Includes legal risk but excludes strategic risk
OR is more than people and technology risk. It encompasses all the hidden
dangers that do not come under the umbrella of market or credit risk.
People: Positing of Staff in Key Areas
Competency of Staff
Insufficient training,
negligence, integrity, etc.
Work Environment
Employee Motivation
HR initiatives
Frequency and impact of staff turnover/rotation
Operational risk (OR) – People Risk
Transaction risk:
Operational Manual to execute Transaction Frequency of execution of errors in transactions Business volume fluctuation/ concentration Organizational complexity Product complexity, and major changes
Operational Control risk
Frequency of Violation of operational controls ( exceeding limits, powers) Efficiency of information flows Frequency of operational disruption Operational Control: inadequate segregation of duties lack of management supervision inadequate procedures. Risk due to loose security at operational points ( overnight cash)
Operational risk (OR) – Process Risk
Technology: Poor technology and Partial /disconnect computerization
Obsolete applications
lack of full automation for consolidation and /or accounts and Operations
MIS complexity, poor design, development and testing.
Systems failure
Volume of transaction Vis-a- Vis level of system development and capacity
Level of Manual intervention required to process transactions
Validity of IT systems
IT related frauds
Operational risk (OR) – Technology Risk
Reputation risk Customer perception of the Company/MFI
Mostly dependent of Field officer
Individual is recognized than the institution by the customer
Public /Politicians perception of MFIs
Operating Environment Unanticipated changes in external environment
Multiple lending
Macro Economic Factors like loan waiver, low fund flow to MFIs leading to
failure to keep up commitments to customers
Operational risk (OR) –
Operational Risk - 7 OP Risk types
Internal Fraud
External Fraud
Employment Practices
Professional Practices
Loss/Damage to assets
Business disruption & system failures
Transaction processing risk
Change
Complacency
Complexity Sources
Operational Risk
Categories
People Process
Technology
Internal External
Interconnection of Operational Risks
Dependencies
Connectivity of
Operational Risk
Exposure
Likely driversof Operational
Risk associated with each
Operational RiskCategory
Risk types contd…
Internal fraud: intended to defraud, misappropriate property,
employee theft
External fraud: robbery, forgery, Collusion.
Employment practices and workplace safety: workers
compensation claims, organized labor activities likely
Business disruptions and system failures: hw. and sw. failure.
Execution, delivery and process management: data entry errors,
incomplete legal documentation, unapproved access given to client
accounts.
How can we addressing Operational Risk?
Transfer the risk to another party (e.g. through
insurance)
Accept and manage the risk through effective
management monitoring and control
Put appropriate fall-back plans in place to reduce the
impact in case of an operational failure.
Least- Avoid the risk by withdrawing from a business
activity
OR Management
Risk Management systems-adequacy, demarcation of responsibilities, day-to-day supervision
Areas- Cash management, internal control & housekeeping, AML controls
Robust internal control- Effective internal Inspection/Audit KYC & AML measures-emphasis
ORM Practices should be based on policy duly approved at the board level that describes the
processes involved in controlling OR. Clear strategies and oversight by the Board: Board of Directors
should approve and review the MFIs ORM framework.
Internal Control System: ORM framework is subject to effective
internal audit by operationally independent and competent staff.
Strong Operational Risk Culture: ORF should be implemented
throughout the whole organization, all levels of staff should understand
their responsibilities.
Contingency Planning: MFIs should have contingency and business
continuity plans to operate on an ongoing basis and limit losses.
Effective internal reporting: Senior management have responsibility
for developing policies, processes and procedures for managing OR.
Risk Monitoring and Control Practices should be implemented.
Collection of Operational Risk Data (incident reporting framework)
Regular monitoring and feedback mechanism in place for monitoring any deterioration in OR profile.
Collation of incident reporting data to assess frequency and probability of occurrence of OR events.
Monitoring and control of management of large exposures to states/areas/branches. The modalities to be prescribed in the Loan Policy.
Issues in ORM
Qualitative vs Quantitative approach Mapping of existing business lines to the standard
business lines Data collection
Proper identification of key risk indicators Monitoring of databases Gathering loss data Estimating frequency/severity of loss
Quality of data Cost/technology implications Overlap with Credit and Market Risk
Distribution of Operational Losses
Magnitude of loss
Like-lihood
of Loss
Expected Loss-Loss Prov.
Absorbed
Unexpected Loss -Op. Risk
Capital
Catastrophic Loss -Risk financing using
Core Capital
Expected Loss
Expected Loss (EL) - likelihood of failure and likely loss
severity given that a failure occurs
Exposure Indicator (EI) - proxy for the size of a particular
business line’s OR exposure Probability of loss Event (PE) - probability of occurrence of loss event Loss Given that event (LGE) - proportion of transaction or exposure that would be expressed as loss, given the default
EL = EI X PE X LGE
The integrated operational risk management framework
5. Op risk management
Action plans by business and risk management, including business continuity plans and insurance programmes
4. Op risk capital
Risk based Operational economic and regulatory capital is attributed to every business
3. Op risk analysis and monitoring and reporting
Operational risk limit
1. Op risk identificationAssessment of risks
Business activity
Exposure to risk types
Business environment
Control environment
2. Op risk measurement Internal loss experience
Scenario analysis
Stress Scenarios
All businesses
All new products
All new initiatives
Measurement should not be ignored rather focus should be shifted to internal controls.
The internal control measures & measurements given by Pilar II are not close to adequate, regulatory capital would be an incentive for banks to develop own internal measurement techniques.
Accurate measurement of OR cannot be the main focus of regulators given the current constraints in data collection and availability, a thought process has been definitely put in place across the banking industry.
Conclusion
CONCLUSION-ISSUES IN OR MANAGEMENT DEFINE MONITOR MEASURE MITIGATE
Thanks!!!