Defining Operational Risk

Similar documents
Operational risk (OR) is everywhere in the business environment. It is the

Basel Ⅱ Implementation in Korea

Regulatory Notice 08-18

Special Considerations in Auditing Complex Financial Instruments Draft International Auditing Practice Statement 1000

Risk Concentrations Principles

Illustrative disclosures for investment funds

EY IFRS Core Tools. IFRS Update. of standards and interpretations in issue at 28 February 2014

The South African Bank of Athens Limited. PILLAR 3 REGULATORY REPORT December 2016

Disclosure Prudential Disclosure Report. 12/31/2017 Derayah Financial

RS Official Gazette Nos 125/2014 and 4/2015

Glossary of Terms Ethics and auditing

Ben S Bernanke: Modern risk management and banking supervision

Rogue Trader: Nicholas Leeson How did one of the world s oldest and most distinguished investment banks allow a single man to cause its collapse?

Mizuho Bank, Ltd. Bangkok Branch As of March 31, 2014

Disclosure Prudential Disclosure Report. 12/31/2016 Derayah Financial

FRAMEWORK FOR SUPERVISORY INFORMATION

CONTENTS Page 1. Introduction 1 2. Scope of Application 1 3. Capital Capital Structure Capital Adequacy 5 4. Information Related to the

Catastrophe Reinsurance Pricing

Risk Evaluation, Treatment and Reporting

Trinity Watthana Public Company Limited and its subsidiaries Report and consolidated financial statements 31 December 2016

Presentation Notes Derek Ramm, Officer FINTRAC. April 20, 2010

Macrostability Ratings: A Preliminary Proposal

GUIDELINES FOR THE MANAGEMENT OF COUNTRY RISK

RECENT CHANGES IN STANDARDS ON AUDITING

Fathom Wealth Management Advisors Ltd Risk Management Disclosures Year Ended 31 December 2016

INCREASING INVESTIGATOR EFFICIENCY USING NETWORK ANALYTICS

A SURVEY OF REGULATIONS APPLICABLE TO INVESTMENT ADVISERS

Competitive Advantage under the Basel II New Capital Requirement Regulations

BERMUDA INSURANCE (GROUP SUPERVISION) RULES 2011 BR 76 / 2011

Common stock prices 1. New York Stock Exchange indexes (Dec. 31,1965=50)2. Transportation. Utility 3. Finance

Many fund complexes have begun to plan for

Citi Dynamic Asset Selector 5 Excess Return Index

2011 Annual Basel II Pillar 3 Information Disclosure Bank of China Limited, Bangkok Branch as of Dec 31, 2011

OECD-ADBI Roundtable on Capital Market Reform in Asia, Tokyo. Session Measures taken by supervisors or regulators short selling restrictions

Risk Management in Islamic Financial Institutions

Mitsubishi UFJ Trust and Banking Corporation

There are many definitions of risk and risk management.

Pandemics, Catastrophic Trends and Capital Issues

Operational Risk Management. By: A V Vedpuriswar

Solvency, systemic risk and moral hazard: Where does the central bank s role begin and where does it end? Lorenzo Bini Smaghi

Business Auditing - Enterprise Risk Management. October, 2018

Disclosures on Risk Based Capital (Basel-II) as on

What About p-charts?

References: Articles to , to and of the AMF General Regulation

STRATEGIC MANAGEMENT IN COMMERCIAL BANKS

EY IFRS Core Tools IFRS Update

Risk Management at Central Bank of Nepal

DRAFT GUIDANCE FOR THE FINANCIAL SOLVENCY AND MARKET CONDUCT REGULATION OF INSURERS WHO OFFER CONTINGENT DEFERRED ANNUITIES

Bank of America, N.A Bangkok Branch Basel II Pillar III Disclosures

Report on Internal Control

FAQ: Securities and Financial Markets

General BI Subjects. The Adjustments Clause

FOCUS ON PRACTICE INSPECTION

EY IFRS Core Tools. IFRS Update of standards and interpretations in issue at 31 December 2014

Community Trust Company Basel III Pillar 3 Disclosures June 30, 2018

Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers

2012 Annual Basel II Pillar 3 Information Disclosure Bank of China Limited, Bangkok Branch as of Dec 31, 2012

CDM Transactions: A Review of Options

Review of Swap Data Recordkeeping and Reporting Requirements (RIN 3038-AE12)

TERMS OF REFERENCE FOR THE FINANCE AND AUDIT COMMITTEE

Study Guide on Risk Margins for Unpaid Claims for SOA Exam GIADV G. Stolyarov II

Testimony. Submitted for the Record. American Bankers Association. Financial Institutions and Consumer Credit Subcommittee

Translation of document originally issued in Polish

GUIDELINE ON ENTERPRISE RISK MANAGEMENT

Ernst & Young IFRS Core Tools April IFRS Update. of standards and interpretations in issue at 31 March 2012

PRESS RELEASE. Securities issued by Hungarian residents and breakdown by holding sectors. October 2017

Disclosures on Risk Based Capital (BASEL II) For the year ended 31 December 2014

BMO Short Federal Bond Index ETF (ZFS/ZFS.L)

Community Trust Company Basel III Pillar 3 Disclosures December 31, 2017

SFC reprimands and fines A One Investment Company Limited $1.2 million and suspends its responsible officer for internal control failures

Ernst & Young IFRS Core Tools. IFRS Update. of standards and interpretations in issue at 28 February 2013

Financial Markets and Institutions, 8e (Mishkin) Chapter 2 Overview of the Financial System. 2.1 Multiple Choice

AN INTRODUCTION TO ANALYSIS OF FINANCIAL STATEMENT

RULE No (dated 28 th June 2000) THE BOARD OF DIRECTORS in the exercise of its legal powers, and

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Chapter 11 Current Liabilities and Contingencies

PILLAR 3 DISCLOSURES MERCER UK AUGUST 2016

In various tables, use of - indicates not meaningful or not applicable.

Pindyck and Rubinfeld, Chapter 17 Sections 17.1 and 17.2 Asymmetric information can cause a competitive equilibrium allocation to be inefficient.

VIII. This chapter discusses international aspects of. Cross-Border Supervision of Banks. Evolution of Best Practices

Analyze the Market for a Seasonal Bias. It is recommended never to buck the seasonal nature of a market. What is a Seasonal Trend?

What will be the future of LIBOR?

BSA/AML ENFORCEMENT. See 12 U.S.C (2000).

The Operational Risk Management in Banking Evolution of Concepts and Principles, Basel II Challenges

Risk Management: Assessing and Controlling Risk

Financial Markets and Institutions, 9e (Mishkin) Chapter 2 Overview of the Financial System. 2.1 Multiple Choice

New Zealand Equivalent to International Financial Reporting Standard 4 Insurance Contracts (NZ IFRS 4)

Dodd-frank implementation update: key differences between the CFTC and SEC final business conduct standards and related cross-border requirements

RISK MANAGEMENT. The Need for Risk Management Systems

Risk Management for Cattle Feedlots: Futures Buy and Sell Signals

RS Official Gazette No 103/2016

Algo Trading System RTM

FINANCIAL MARKET STATISTICS Produced by Statistics Sweden on behalf of Swedish central bank, Riksbanken.

Guideline. Earthquake Exposure Sound Practices. I. Purpose and Scope. No: B-9 Date: February 2013

THE IMPACT OF EMIR IS YOUR ORGANISATION READY?

SEC Action Brings Lessons For Quantitative Fund Managers

Scotia U.S. $ Bond Fund

Risk Management for Cattle Feedlots: Futures Buy and Sell Signals

National Bank of Romania s experience in dealing with the NPLs challenge

Sarbanes-Oxley Act. The U.S. Sarbanes-Oxley Act of 2002: 2004 Update for Non-U.S. Issuers.

Transcription:

Defining Operational Risk Jack L. King We consider operational risk in the context of the firm. An analysis of various losses in terms of their causes and the events that trigger them is presented. The analysis provides the framework for the discussion of current definitions, which are then surveyed within that context. A clear and concise definition of operational risk is proposed. Famous losses attributable to operational risk, according to this definition, are reviewed. Finally, a set of success criteria for an approach to operational risk is presented. Operational risk is emerging as the third leg of an enterprise-wide risk strategy for financial institutions. Several preliminary ideas have emerged, including actuarial-based methods, categorization of risk factors, and qualitative or subjective probability approaches. To date a well founded, clear and effective method of measuring and modeling operational risk is not available. A fundamental problem is the lack of consensus on its definition. This paper develops a definition for operational risk by first considering its general relation to the firm. A useful breakdown of causes, failures and losses is presented as a framework for discussion of current definitions. Then, a clear definition for operational risk is proposed, followed by a description of its relationship to famous historical losses. Finally, key success criteria are presented and suggestions for the direction of future efforts toward development of a consensus on an operational risk approach are made. This paper is the first of a series that develops a quantitative approach to operational risk using the existing framework for market and credit risk and which considers the purpose, feasibility and relevance of any proposed approach. The following questions are posed: What is the purpose of an operational risk management approach? Can a feasible measure be implemented that can be used to manage operational risk reliably? Will an operational risk approach be relevant to the problems that banks have faced in the past and are facing today? Operational risks and the firm All firms are susceptible to the risk of a loss in value from events such as competitive actions, economic changes and management decisions. However, financial institutions belong to a category of firms that are particularly susceptible to risks from events that occur in the normal business operations. Since financial institutions deal in a valuable commodity (money), there is a significant risk of loss in their day-to-day transaction processing activities. Industries such as nuclear processing and gold mining also have significant operational risk. High volumes of valuable inventory in process mean that processing failures can result in ALGO RESEARCH QUARTERLY 37 VOL. 1, NO. 2 DECEMBER 1998

System Error Poor Management Human Error Legal Action Natural Disaster Competitive Action Fraud Legal Judgement Market Value Change Credit Transition Valuation Error System Failure Reconciliation Error Compliance Failure Carry Fines & Payouts Book Revalue Business Market Announcement Bad Publicity Accounting Book Capital Market Capital Share Price Cause Figure 1: Example causes, events and losses to the firm Event significant loss due to causes such as errors, fraud and system failures. Financial institutions and government regulators recognize this situation and have imposed internal compliance audits, external audits and management controls to alleviate it. However, there is a growing concern that operational risk represents potentially large losses and more effective counter measures should be taken. One of the basic requirements of an operational risk approach is to assist these efforts by providing additional information and improved analytical capability. Operations may include several functional parts of the organization, but certainly include the manufacturing value chain of the firm. Operations in investment banking can be thought of as the activities that follow from the time the trader echoes Done. until the financial effects of the contract are recorded in an accurate and timely manner. For a modern investment bank, this involves several transaction-processing tasks that record and verify the detailed characteristics of a financial contract. As investment products have become more complicated, as markets have increased in volatility, and as volumes have grown over recent years, the processing of contracts through the financial firm s operations has become increasingly difficult. Before discussing definitions, it is useful to analyze operational risks in terms of their causes, events and losses. A simple breakdown of some risks, their triggers and causes, is illustrated in Figure 1. Briefly, loss is the economic loss in the value of the firm, a loss is triggered by an event, and causes are the assignable or chance causes for the event. Assignable causes are attributable ALGO RESEARCH QUARTERLY 38 DECEMBER 1998

to factors that can be eliminated. In contrast, chance causes are natural or random. Sometimes we can further classify the risk as having a cause that is either controllable (i.e., assignable), at least to a major extent, or uncontrollable (i.e., chance). Uncontrollable risks include natural disasters and economic downturns, and can, by definition, only be dealt with through mitigation techniques such as reserves or insurance. Controllable risks, on the other hand, might include causes for events such as settlement failures and pricing model errors. Controllable risks must be managed not mitigated, because insuring controllable risk may tempt those insured to engage in more risky behaviour than otherwise, thus creating a moral hazard. For example, if paying a deductible was not part of an automobile insurance policy, the insured might drive more carelessly. Another useful classification of risk is according to the type of loss the event generates. es in a firm may affect either the book value or the market value of the firm. The market value of the firm is simply the share price times the outstanding number of shares. The book value of the firm is the sum of its assets plus its equity. A simple example illustrates the difference between the two. As Figure 1 shows, the book value changes when the market value of a trade changes. For example, a valuation error leads to a book revalue loss that in turn changes the book value of the bank. The resulting publicity may cause a drop in the share value and thus a loss to the market value of the bank. Only the loss to book value is attributable to operational risk. Shareholders are concerned with market value. Regulators are concerned with the possible failure of the firm, and the book value is used as a measure of this possibility. Existing market risk and credit risk systems also measure changes in the book value of the firm, not changes in the firm s market value. In the next section we review current definitions of operational risk differentiated by considering 1) whether references to causes, events or losses are included, 2) whether or not loss events are related to transaction processing, 3) whether the events can be classified as controllable or uncontrollable and 4) whether the losses are to market value or book value. Current definitions Operational risk definitions have been broadly divided into those that say it is everything except market and credit risk and those that claim it is losses due to failures in the operational process. Some definitions extend operational risk to include all uncontrollable risks to the firm. In a recent article in Risk, Jameson (1998) reviewed operational risk definitions and indicated that the definition most frequently given in telephone interviews is Every risk source that lies outside the areas covered by market risk and credit risk. This definition evidently includes both controllable and uncontrollable causes, and all ensuing events and losses, whether or not they relate to the processing of transactions. It may stem from the fact that many banks currently define operational risk as the excess allocation of capital in the firm after market and credit risk capital have been determined. However, according to this definition, if there is no excess capital, the operational risk reduces to zero, which is clearly unrealistic and presumably not what the banks intend. Extended definitions are presented in a Coopers & Lybrand study (1997). There was a tendency among those surveyed to focus not only on failures in the banks operations, but also to extend the causes of failures broadly to include terrorist attacks, management failures, competitive actions and natural disasters. These causes are largely uncontrollable, they include non-transaction-related events and they include causes such as competitive actions that imply an impact on the market value of the firm. A study by the Group of Thirty (1993) contains recommendations regarding risk management practices for derivatives users. It describes three areas of risk: ALGO RESEARCH QUARTERLY 39 DECEMBER 1998

Market risk Uncertainty related to the change in value or liquidity of a portfolio of financial instruments resulting from changes in the financial markets. Credit risk Degree of uncertainty of counterparties ability to fulfill their legal obligations. Operational risk Uncertainty related to losses resulting from inadequate systems or controls, human error or management. This early definition of operational risk includes causes from the broad categories of human failure and competitive action, and will include events such as entering the wrong value for the notional of a contract or a change in top management that is poorly received by the markets. Note (Figure 1) that human error and competitive actions can lead to multiple event types, and thus to multiple types of loss to both the book value and the market value. Thus, definitions based strictly on causes can be ambiguous. In contrast, the Group of Thirty defines market and credit risk in terms of losses due to market- and creditrelated events that lead to losses in book value exclusively. The Risk Management Subgroup of the Basle Committee on Banking Supervision recently published a survey containing an analysis of current operational risk in banking practices (1998). It is widely believed they may develop best practices of operational risk for financial institutions. They define operational risk as follows: A definition of operational risk would include events and losses, without explicitly enumerating causes. an unethical or risky manner. Other aspects of operational risk include major failure of information technology systems or events such as major fires or other disasters. This more recent definition is much more focused and ostensibly includes non-processingrelated causes (system failures and natural disasters) only to the extent that they interrupt processing. It includes events such as compliance failures, limit violations and system failures, and implies a link to the transactions in the bank s operations. It is intuitively more appealing because it focuses on events and targets controllable risk as the most important types and yet includes provisions for uncontrollable risks that affect processing. Although there is no explicit reference to book value, one can suggest that since this is a regulatory agency document, it is consistent with other references and applies only to book value losses. Proposed definition Industrial engineering provides measures for processes that are separated from causes. In 1931 Shewhart (1980), one of the most important theorists of industrial quality control, introduced a method to prevent defects by measuring process variability, and used the measures to determine assignable causes. Whereas a predictable process is operating at its full potential, the presence of assignable causes indicates an unpredictable process and signals an opportunity for improvement. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error, fraud, or failure to perform in a timely manner or cause the interests of the bank to be compromised in some other way, for example, by its dealers, lending officers or other staff exceeding their authority or conducting business in Using this idea, a definition of measurable operational risk would include events and losses, without explicitly enumerating causes. To this end the proposed definition is Operational risk is the uncertainty of loss in the book value of the firm due to failures in the manufacturing of the firm s goods and services. ALGO RESEARCH QUARTERLY 40 DECEMBER 1998

Date Type of Firm (in USD) Brief Description of Allegation Nov -85 Bank 4 million Computer problems with Fed payment connection Feb-93 Corporate 1.04 billion Unauthorized futures trading Apr-94 Brokerage Firm 350 million False profits reported for two years Sept-95 Bank 1.1 billion 30,000 unauthorized trades over 11 years Feb-96 Bank 1.3 billion es from NIKKEI futures hidden in 88888 account Jun-96 Bank 1.8 billion Unauthorized copper trading futures, etc. Aug-96 Fund 19.3 million Deal allocations delayed for personal profit Sep96 Bank 750 million Dummy companies used to avoid compliance Mar-97a Bank 130 million Option volatilities used to inflate prices Mar-97b Bank 100 million Funds transfer to personal account Table 1: Example financial losses attributed to operational risk The causes of loss in the above definition are those that result in a failure in the manufacturing of the goods and services of the firm. In the case of an investment bank, the losses result from transaction processing, and do not include legal actions, natural disasters or competitive actions. The definition includes both controllable and uncontrollable risks, but only to the extent that they are related to events (failures) in the manufacturing operation. Given the definition stated above, the following failures are examples of operational risk related events: Failure to properly value a contract Failure to reconcile a transaction Failure to comply with relevant rules and regulations Failure of systems and supporting infrastructure Failure to heed relevant limits such as exposures Failure to report in an accurate and timely manner. This definition firmly anchors operational risk to failures in processing that cause a change in book value, which is consistent with the interests of regulators and with existing market and credit risk systems. Capital adequacy for the firm can be computed using the sum of market, credit and operational risk (all risks to book value). Capital allocation then includes capital adequacy plus all risks to market value. This definition provides for both a shareholder view as well as a regulator view, while identifying the contributions to each. Although no explicit set of causes for the failures is specified in this definition of operational risk, famous losses attributed to operational risk are encompassed by it. Famous losses Using the proposed definition of operational risk, Table 1 outlines some of the major losses in the public literature that can be attributed to operational risk. The Nov-85 Bank failure was in the clearing process of US Treasuries by a New York bank. The resulting cost-of-carry for approximately 20 billion USD for 28 hours was a 4 million USD charge to the book value of the firm. The Feb-93, Apr-94, Sep-95, Aug-96 and Sep-96 losses resulted from failures to comply with the banks rules and regulations for processing transactions. The Mar-97b failure was due to an error in the pricing model associated with derivative products. The Jun-96 loss was a breach of trading limits. ALGO RESEARCH QUARTERLY 41 DECEMBER 1998

The Feb-96 and Mar-97a losses were due to failures in the reconciliation of accounts required for integrity in the transaction processing. Techniques for detecting anomalies in transaction processing form the basis for detecting the type of fraud that occurred in the Barings case. As noted by Fay (1996) Ignorance was what allowed Leeson to play his game for thirty-two months. Had Barings purchased a system that enabled the settlements department in London to reconcile trades made in any part of the world with clients orders from any part of the world, instead of relying on branch offices like Singapore for the information, Leeson s fraudulent use of the 88888 account would have been exposed within months, if not weeks. All the above losses qualify as operational risk because they related to transaction processing, were controllable, and resulted in loss to book value. Criteria for success Using the proposed definition of operational risk, and considering the context provided by regulation for market and credit risk, the following are proposed as success criteria for an approach to operational risk: 1. Provides incentives for increased operational efficiency. 2. Supports the decision-making process for operations. 3. Assures avoidance of major losses due to operations. 4. Admits calculation of a relevant capital requirement for operations. 5. Generates a measure that is compatible with market and credit risk. 6. Can be validated through methods such as back testing. 7. Includes sufficient reporting for proper management and regulation. The first three criteria deal directly with operations and are based on the idea that avoidance of catastrophic losses requires good management of day-to-day business activities, informed decisions based on relevant information and a reliable method of detecting fraud. Criteria 4 and 5 deal with capital allocation and determining the relationship between market, credit and operational risks. The last two criteria deal with knowledge and developing an understanding of what is known, with what degree of certainty. Systems that only include qualitative or subjective methods may be misleading, and sophisticated measurement and modeling are only effective if the results are communicated to the appropriate people in an intuitive, accurate and timely manner. Recommendations for further study In subsequent papers the discussion of operational risk feasibility and relevance will be expanded and a measurement and modeling approach presented based on the definition given herein. The definition and relationship between causes, events and losses will be explored and the characteristics of measurements and approaches to measurement error models will be considered. Next, our modeling technique will be described, and a capability of combining classes of models will be presented. The series will conclude with an evaluation of the approach with respect to the success criteria based on a case study. References Derivatives: practices and principles, Washington, DC, Group of Thirty, 1993. Fay, S., 1996, The Collapse of Barings, New York: W.W. Norton. Jameson, R., 1998, Playing the name game, Risk 11(10): 38-42. 1997 Operational Risk Management Survey, London: Coopers & Lybrand and British Bankers Association, 1997. Operational Risk Management, Risk Management Sub-group of the Basle Committee on Banking Supervision, Basle, September 1998. Shewhart, W. A., 1980, Economic Control of Quality of Manufactured Product, (50th anniversary commemorative reissue), Milwaukee, WI: ASQ Quality Press. ALGO RESEARCH QUARTERLY 42 DECEMBER 1998

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback