Rm 11-1
Transcript of Rm 11-1
![Page 1: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/1.jpg)
Risk ManagementUniversity of Economics, Kraków, 2012
Tomasz Aleksandrowicz
![Page 2: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/2.jpg)
operational risk management
operational risktools & techniques
ORM in banking
![Page 3: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/3.jpg)
operational risk
• risk due to organisation operations• arising from execution of a company's business
functions• operational risk is the risk of loss resulting from
inadequate or failed internal processes, people and systems, or from external events (Basel II)
• it is not used to generate profit• to keep losses within limit (driven by risk appetite)
![Page 4: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/4.jpg)
operational risk management
• there is no one size fits all approach• operational risk is much harder to identify than
market and credit risk
![Page 5: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/5.jpg)
operational risk categories
• broad concept focuses on people, processes and systems and external factors
• more detailed approach under Basel II regulations:– Internal Fraud– External Fraud– Employment Practices and Workplace Safety– Clients, Products, & Business Practice– Damage to Physical Assets– Business Disruption & Systems Failures– Execution, Delivery, & Process Management
![Page 6: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/6.jpg)
operational risk categories (II)
• people - due to human error, loss of personnel and health and safety issues
• process - due to business performance processes or projects as well as capacity and reporting matters
• systems/technology - due to technical issues of systems, computers and equipment as well as data quality and security
• external events - due to external factors, regulatory environment and natural hazards
![Page 7: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/7.jpg)
ORM exercise
choose your companylist 2-3 risks with 4 categories: people, process,
systems/technology, external events
![Page 8: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/8.jpg)
people risk
• Employee collusion/fraud• Employee error• Employee misdeed /crime• Employment law• Health and safety at work• Insufficient or lack of knowledge/skills• Loss of key personnel (key personel risk)
![Page 9: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/9.jpg)
process risk
• Accounting error• Capacity risk• Contract risk• Product complexity/ product flaws• Project risk• Reporting error• Settlement/payment error• Transaction error• Valuation error
![Page 10: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/10.jpg)
technology risk
• Data quality• Programming errors• Security breach• Strategic risks complexity (platform/suppliers)• System capacity• System compatibility• System delivery• System failure• System suitability
![Page 11: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/11.jpg)
external risk
• Legal / Regulatory• Money laundering• Outsourcing• Political• Supplier/Partner risk• Tax• Fire/Natural disaster• Theft/Robbery• Physical security (terrorism, vandalism)
![Page 12: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/12.jpg)
ORM exercise 2
propose a solution for most common risks in each category
![Page 13: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/13.jpg)
ORM tools & techniques
• internal controls & audit• training & procedures• key risk indicators (KRI)• strategic diversification/outsourceing• insurance• hazard prevention - emergency management• business continuity planning (BCP)
![Page 14: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/14.jpg)
KRI - Key Risk Indicators
• metrics used to monitor identified risk exposures over time
• measure used in management to indicate how risky an activity is
• differs from a Key Performance Indicator (KPI) which is measure of how well something is being done
• give us an early warning to identify potential risky event
![Page 15: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/15.jpg)
KRI management
• effective indicator selection: relevance, measurable, predictive
• selection process approach: top-down or bottom-up• using composite or index indicators• indicator threshold and limits, escalation triggers• indicator trending and scale (green, amber, red)• reporting: level of reporting, frequency and
presentation style
![Page 16: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/16.jpg)
KRI examples
• customer complaints volume• product return ratio• volume/value of products breakage• number of caught shoplifter / value of loss due to customer
theft• staff turnover• staff sickness days• number of over-time hours utilized• number of data capture errors• number of virus or phishing attacks• number of server restart requested
![Page 17: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/17.jpg)
ORM exercise 3
propose KRI for most common risks in each category
![Page 18: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/18.jpg)
BCP - business continuity planning
• is a roadmap for continuing operations under extreme conditions
• effective prevention and recovery for the organization
• active preparation and planning for emergencies– critical (urgent) organization functions/ activities – non-critical (non-urgent) organization functions/ activities
![Page 19: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/19.jpg)
BCP life-cycle
![Page 20: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/20.jpg)
operational risk management industry example: banking
three approaches to ORM
![Page 21: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/21.jpg)
#1 Basic Indicator Approach
• simplest operational risk measurement method• banks has to hold capital reserves for operational loss• average income gross income from previous 3 years
times given percentage (alpha)• years with negative or zero income excluded• committee alpha percentage – 15% (represents
industry average operational risk)
21
![Page 22: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/22.jpg)
#2 Standardized Approach
• more complex method of operational risk measurement
• banks has to hold capital reserves for operational loss• three-year average across each of the business lines
in each year times given percentage (beta)
22
![Page 23: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/23.jpg)
Standardized Approach – beta factor
23
![Page 24: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/24.jpg)
#3 Advanced Measurement Approach
• comprehensive method based on bank’s internal operational risk measurement system
• quantitative and qualitative criteria• subject of regulatory approval• minimum five-year observation period of internal
loss data• external data could be used
24
![Page 25: Rm 11-1](https://reader033.fdocuments.us/reader033/viewer/2022061519/557cbdadd8b42a09218b45ee/html5/thumbnails/25.jpg)
Advanced Measurement Approach (II)
• bank must be able to demonstrate that its approach captures even unlikely events
• high-severity events must be subject of scenario analysis and use external data and expert advisory