Agenda. Agenda (cont.) Risk Management Association. Loss Data in an Organization s DNA

Similar documents
THE BERMUDA MONETARY AUTHORITY BANKS AND DEPOSIT COMPANIES ACT 1999: The Management of Operational Risk

Supervisor of Banks: Proper Conduct of Banking Business (12/12) Operational Risk Management Page Operational Risk Management

Risky Business. Jaidev Iyer Operational Risk Expert, CEO J-Risk Advisors

Operational Risk Management. By: A V Vedpuriswar

P2.T7. Operational & Integrated Risk Management

Agenda. Overview and Context. Risk Management Association. Robust Operational Risk Program

P2.T7. Operational & Integrated Risk Management

Operational risk and corporate governance

OPERATIONAL RISK. 1. Form BA Operational risk

OPERATIONAL RISK. 1. Form BA Operational risk

1. INTRODUCTION 1 2. OVERVIEW OF THE BUSINESS 1 4. CAPITAL ADEQUACY & OWN FUNDS 6 5. CAPITAL REQUIREMENTS 7 6. REMUNERATION POLICY 10

Managing operational risk. Understanding the sources and minimising the impacts

BERMUDA MONETARY AUTHORITY COMMERCIAL INSURER RISK ASSESSMENT ( CIRA ) PROCEDURES CLASS 4 INSURERS OPERATIONAL RISK CONSULTATION PAPER JUNE 18, 2008

Relevance of Operational Risk to the FCA Jill Savager Manager, Operational Risk, Financial Conduct Authority

Risk Management at Central Bank of Nepal

DRAFT GUIDANCE NOTE ON MANAGEMENT OF OPERATIONAL RISK

Using Meaningful KRI s for Basel II Operational Risk Management

Business Continuity Management and ERM

Policy Number: 040 Risk Management August 2018

Key Risk Indicators (KRI) Survey September 2011

ERM/ORSA Training Thai General Insurance Association (TGIA)

Exploding the myths Insurance under Basel II and the CRD

Operational Risk Management

Quantitative and Qualitative Disclosures about Market Risk.

Disclosure and Market Discipline Report V.2. Table of Contents

Rolling Up Operational Risk

Modelling Operational Risk

Insurance regulation and operational risk

Commercial third-party Code of Conduct NOKIA CODE OF CONDUCT

ERM in the Rating Process: A Practical Perspective

Autodesk Partner Code of Conduct

Sample Table of Contents

Guidance Note Capital Requirements Directive Operational Risk

REPORT MARKET DISCIPLINE REPORT FINANCIAL YEAR Made in accordance with the Cyprus. Securities and Exchange Commission. Directive DI

RISK COMMITTEE CHARTER THE CHARLES SCHWAB CORPORATION

CYBER REPORT CYBER REPORT 2018

Enterprise Risk Management

DMA Service Terms and Conditions

Prioritize QC with Pre-Funding. April 19, 2012 Presented By: Brady W. Meadows

Fifth Third Bancorp Dodd-Frank Act Company-Run Stress Test Disclosures June 21, 2018

EMERGO WEALTH LTD (Regulated by the Cyprus Securities & Exchange Commission, License Number 232/14)

Disclosure Prudential Disclosure Report. 12/31/2017 Derayah Financial

The PPF s Approach to Risk Management

Client Risk Solutions Going beyond insurance. Risk solutions for Retail. Start

INFORMATION AND CYBER SECURITY POLICY V1.1

CARIBBEAN DEVELOPMENT BANK STRATEGIC FRAMEWORK FOR INTEGRITY, COMPLIANCE AND ACCOUNTABILITY PILLARS I AND II INTEGRITY AND ETHICS POLICY

RISK FACTORS RISKS RELATING TO PARTICIPATION IN THE TOKEN SALE

FINANCIAL INSTITUTION GOVERNANCE AND REGULATION SERVICES EXPERTS WITH IMPACT

The OCEG Open Risk Classification using XBRL

Managing risk appetite for operational and non-financial risks

KUWAIT TURKISH PARTICIPATION BANK INC. SUMMARY OF ANTI MONEY LAUNDERING AND COMBATING FINANCE OF TERRORISM POLICY

HEALTHCARE BREACH TRIAGE

Fiduciary Risk Range of Practice - April 2012

Insurance for Libraries

Fourth Quarter 2018 Results. January 22, 2019

Leveraging an organization s current risk management to create a sustainable ERM program. Thursday, January 15, 2015

by: Stephen King, JD, AMLP

Internal Auditor s Report. April 12, The County Council and County Executive of Wicomico County, Maryland:

Challenges and Possible Solutions in Enhancing Operational Risk Measurement

Consultation Paper No. 7 of 2015 Appendix 4. Abu Dhabi Global Market Rulebook Market Infrastructure Rulebook (MIR)

THE INVESTOR FOR SECURITIES COMPANY. PILLAR III DISCLOSURE As of 31 December 2017

Post-Class Quiz: Information Security and Risk Management Domain

Agenda. Key Risk Indicators: Practical Issues. Facilitator: Ken Weinstein

2/13/2013 MANAGING A COMPLIANCE CRISIS: BE PREPARED! THE CASE FOR COMPLIANCE:

BERMUDA MONETARY AUTHORITY THE INSURANCE CODE OF CONDUCT FEBRUARY 2010

BERMUDA INSURANCE (GROUP SUPERVISION) RULES 2011 BR 76 / 2011

Preview of Observations from 2016 Inspections of Auditors of Issuers

Status of Risk Management

Alta5 Risk Disclosure Statement

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

Enterprise Risk Management Focusing on the Right Risks

RESERVE BANK OF MALAWI

INSURANCE. Forensic services. Helping to protect your business from fraud, misconduct and non-compliance ADVISORY. kpmg.com/in

Business Continuity Plan Client Disclosure Document

Operational risk management Meeting regulatory and business expectations

FIN 48. Recognition. New York May 3, Stephen C. Fox, CPA, CMA 1 (973)

Sales Sales to individual consumers in the UK are within scope. Group policies are out of scope.

Index. Managing Risks in Commercial and Retail Banking By Amalendu Ghosh Copyright 2012 John Wiley & Sons Singapore Pte. Ltd.

RISK FACTOR ACKNOWLEDGEMENT AGREEMENT

1st Capacity Building Seminar on Enterprise Risk Management

Provisions and Guidelines. for. Safe and Sound Electronic Banking

Continuing the journey

ENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017

Risk Associated with Meetings

An introduction to Operational Risk

Operational Risk Management in Small Banks

Trading/Hedging Control Environment

Third party risk management: Friend or foe?

10. OPERATIONAL RISK GROSS INCOME OPERATIONAL RISK STANDARD APPROACH

PAYMENT SYSTEM CONSULTATIVE DOCUMENT (PSCD#2012_0701) Stakeholder consultation on: The Draft Guidelines for Retail Payment Services

Internal Audit Report

1.0 Purpose. Financial Services Commission of Ontario Commission des services financiers de l Ontario. Investment Guidance Notes

fourpointcapital.com

Second Quarter 2018 Results. July 19, 2018

AML/CTF and Sanctions Policy

Disclosure Prudential Disclosure Report. 12/31/2016 Derayah Financial

RISK APPETITE OVERVIEW

IBM Financial Crimes Insight for Insurance

Guidance consultation FSA REVIEWS OF CREDIT RISK MANAGEMENT BY CCPS. Financial Services Authority. July Dear Sirs

Summary of Risk Management Policy PT Bank CIMB Niaga Tbk

Transcription:

Risk Management Association Internal Loss Events: Embedding Internal Loss Data in an Organization s DNA Agenda Overview and Context Background on Loss Data Defining the Objectives Objectives of Collecting Loss Data Aggregating Loss Data Loss Data Categories OH - 2 Agenda (cont.) Boundary Risks Process Loss Event Data Elements Uses of Internal Loss Data OH - 3 1

Overview and Context Internal Loss Data is an important Component of an Operational Risk Program In order to evolve your organization s internal loss data collection program from a mere exercise to a key management tool for your businesses, the loss data collections objective must be known and well understood, the process must be clear and simple, and the analysis must be intuitive and insightful OH - 4 Overview and Context (cont.) This Web Seminar will explore the key concepts and issues around internal loss data and its collection OH - 5 Background on Loss Data A financial loss is defined as a loss to the business due to inadequate internal processes, people or systems A sound operational risk management framework is essential to identifying risk exposure Internal loss data tracking is a critical component of the framework OH - 6 2

Background on Loss Data (cont.) Internal Loss data management does not relate only on a firm s ability to keep records of internal loss data but also to evaluate the types of losses by categories Aggregation of internal losses by specific categories is based on industry standards and firm specific taxonomy OH - 7 Defining the Objective Collecting and analyzing Internal Loss Data provides essential information to minimize or avoid losses through the following: Creating transparency in the organization by determining the root causes and developing corrective actions Rewarding employees for early detection and reporting of losses and near misses Don t shoot the Messenger Promoting a risk aware culture Developing corporate intelligence OH - 8 Defining the Objective (cont.) Communicating the importance of loss data collection and analysis Including the importance of loss data in Senior Management discussions Ensuring senior management communicates broadly and frequently OH - 9 3

Objectives of Collecting Loss Data By capturing and sharing Loss Data information, organizations are better able to: measure risk exposure, create corrective action plans for current control deficiencies, design internal control processes to minimize or avoid potential losses, identify trends and potential emerging issues, and satisfy regulatory requirements for loss data information utilized for Capital Modeling. OH - 10 Objectives of Collecting Loss Data (cont.) Robust risk management relies on a sufficient level of volume and quality of data for better analysis, more effective decision making, reduced losses, and more precise Capital Modeling. OH - 11 Aggregating Loss Data The categories of losses are defined across the Basel Categories such as: internal and external fraud, employment practices & workplace safety, client products & business practices, damage to physical assets, business disruptions & system failures, execution delivery & process management. OH - 12 4

Aggregating Loss Data (cont.) Company specific Taxonomy includes the above categories modified across a firm s Process, Risk, and Control hierarchy by Business, Product, and Support Group Consistency with the Firm s RCSA, KRI, and Scenario Analysis is key OH - 13 Loss Data Categories Internal and External Fraud: Internal Fraud (credit fraud, forgery, check kiting, intentional mis-marking of positions, unauthorized transactions, transactions not reported, embezzlement, forgery, insider id trading, bribes, kickbacks), and External Fraud ( theft/robberies, forgery, systems hacking, theft of client and/or corporate information) OH - 14 Loss Data Categories (cont.) Employment Practices & Workplace Safety: employment losses associated with Employee Relations (terminations, benefits, compensation), Safe Environment (accident liabilities, workers compensation), Diversity/Discrimination litigation OH - 15 5

Loss Data Categories (cont.) Clients, Products, & Business Practices: Fiduciary (appropriateness and suitability violations, account churning, breach of privacy, disclosure violations, KYC), Improper Business or Market Practices (insider trading, money laundering, unlicensed activities, antitrust), and Advisory (disputes over performance, exceeding client limit) OH - 16 Loss Data Categories (cont.) Damage to Physical Assets: Natural Disaster Losses, Terrorism, Vandalism Business Disruption and System Failures: losses arising from disruption of business or system failures including hardware, software, telecommunications, utility outages OH - 17 Loss Data Categories (cont.) Execution, Delivery, and Process Management: Data Entry, Accounting Errors, Model and Spreadsheet Errors, Inaccurate Disclosures, Documentation shortfalls (e.g., collateral, loan), and Client Account Management ( unauthorized access to accounts, inaccurate client records), Vendors and Suppliers ( outsourcing, vendor disputes) OH - 18 6

Boundary Risks Defining the losses between risk categories is an important aspect to understanding risk exposure Credit losses, Underwriting losses, Market Risk losses, Financial i losses, Liquidity idi losses, Operational losses, etc. are to be appropriately categorized OH - 19 Boundary Risks (cont.) Determining the Causal effect by appropriate risk category will allow a more effective set of solutions Establishing the appropriate Boundary risk will allow better accountability across the Three Lines of Defense and more effective prioritization OH - 20 Process Collection of internal loss events through: Direct Data Input System Interface or Download Accounting Staff review of Financial results OH - 21 7

Process (cont.) Sources of Data Loss Events: Legal/Litigation Compliance Business Units Service Centers (Technology, Operations, Human Resources, Call Centers, Accounting, etc.) Product Groups Risk Management Threshold amount to be set OH - 22 Loss Event Data Originating Area: Business entity, Product, Service Area Location (Geography) Loss Event Description: Occurrence Date Submission Date Type of Event Event Description Financial Impact: Accounting reference number Currency Loss Amount Recovery amount Insurance coverage, if any OH - 23 Loss Event Data (cont.) Control Categorization: Level I Control type Level II Control type Corrective Actions: Assigned to an Accountable Executive Link to business Function and Risk Control Deficiency Enhancement Corrective Action Completion Date Compensating Controls OH - 24 8

Uses of Internal Loss Data Assess effectiveness of internal controls Training, education and risk awareness Refine existing key risk indicators and developing new ones Produce management reports with valuable statistics that outline frequency and severity by category OH - 25 Uses of Internal Loss Data (cont.) Inclusion into internal data models for capital calculation, scenario analysis, stress tests and business analysis Establish priorities OH - 26 9

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback